[Bug 2087780] [NEW] heap-buffer overflow in midicsv.c:352

Sun, 10 Nov 2024 04:20:41 -0800 

*** This bug is a security vulnerability ***

Public security bug reported:

$ uname -a
Linux 6176901723ae 5.15.0-122-generic #132-Ubuntu SMP Thu Aug 29 13:45:52 UTC 
2024 x86_64 x86_64 x86_64 GNU/Linux

build setting
$ git clone https://git.launchpad.net/ubuntu/+source/midicsv
( also possible https://www.fourmilab.ch/webtools/midicsv/#Download )
$ head Makefile

CC = clang
CFLAGS = -g -Wall -fsanitize=address

INSTALL_DEST = /usr/local

# You shouldn't need to change anything after this line

VERSION = 1.1
PROGRAMS = midicsv csvmidi
( edit Makefile for address sanitizer )

When I run the attached poc file, a heap buffer overflow error occurs as 
follows.
The following is the ASAN crash log that occurred when I ran the poc.


$ ./midicsv /tmp/poc/poc4
...
=================================================================
==49848==ERROR: AddressSanitizer: heap-buffer-overflow on address 
0x621000003b09 at pc 0x0000004edb4a bp 0x7ffd1383d6f0 sp 0x7ffd1383d6e8
READ of size 1 at 0x621000003b09 thread T0
    #0 0x4edb49 in trackcsv /tmp/midicsv/midicsv.c:352:53
    #1 0x4ebd26 in main /tmp/midicsv/midicsv.c:505:2
error: failed to decompress '.debug_aranges', zlib is not available
error: failed to decompress '.debug_info', zlib is not available
error: failed to decompress '.debug_abbrev', zlib is not available
error: failed to decompress '.debug_line', zlib is not available
error: failed to decompress '.debug_str', zlib is not available
error: failed to decompress '.debug_loc', zlib is not available
error: failed to decompress '.debug_ranges', zlib is not available
    #2 0x7f87cca85082 in __libc_start_main 
(/lib/x86_64-linux-gnu/libc.so.6+0x24082)
    #3 0x41c2ed in _start (/tmp/midicsv/midicsv+0x41c2ed)

** Affects: midicsv (Ubuntu)
     Importance: Undecided
         Status: New

** Attachment added: "poc4"
   https://bugs.launchpad.net/bugs/2087780/+attachment/5836121/+files/poc4

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2087780

Title:
  heap-buffer overflow in midicsv.c:352

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/midicsv/+bug/2087780/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to