*** This bug is a security vulnerability *** Public security bug reported:
$ uname -a Linux 6176901723ae 5.15.0-122-generic #132-Ubuntu SMP Thu Aug 29 13:45:52 UTC 2024 x86_64 x86_64 x86_64 GNU/Linux build setting $ git clone https://git.launchpad.net/ubuntu/+source/midicsv ( also possible https://www.fourmilab.ch/webtools/midicsv/#Download ) $ head Makefile CC = clang CFLAGS = -g -Wall -fsanitize=address INSTALL_DEST = /usr/local # You shouldn't need to change anything after this line VERSION = 1.1 PROGRAMS = midicsv csvmidi ( edit Makefile for address sanitizer ) When I run the attached poc file, a heap buffer overflow error occurs as follows. The following is the ASAN crash log that occurred when I ran the poc. $ ./midicsv /tmp/poc/poc22 0, 0, Header, 1, 13, 384 1, 0, Start_track 1, 0, Time_signature, 4, 2, 24, 18 1, 33, Unknown_event, 00x 1, 33, MIDI_port, 0 ================================================================= ==51616==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x603000000029 at pc 0x0000004ee018 bp 0x7ffdcb443e90 sp 0x7ffdcb443e88 READ of size 1 at 0x603000000029 thread T0 #0 0x4ee017 in textcsv /tmp/midicsv/midicsv.c:78:10 #1 0x4ed278 in trackcsv /tmp/midicsv/midicsv.c:285:4 #2 0x4ebd26 in main /tmp/midicsv/midicsv.c:505:2 error: failed to decompress '.debug_aranges', zlib is not available error: failed to decompress '.debug_info', zlib is not available error: failed to decompress '.debug_abbrev', zlib is not available error: failed to decompress '.debug_line', zlib is not available error: failed to decompress '.debug_str', zlib is not available error: failed to decompress '.debug_loc', zlib is not available error: failed to decompress '.debug_ranges', zlib is not available #3 0x7ff01451b082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) #4 0x41c2ed in _start (/tmp/midicsv/midicsv+0x41c2ed) ** Affects: midicsv (Ubuntu) Importance: Undecided Status: New ** Attachment added: "poc22" https://bugs.launchpad.net/bugs/2087782/+attachment/5836123/+files/poc22 ** Information type changed from Public to Public Security -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2087782 Title: heap-buffer overflow in midicsv.c:78 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/midicsv/+bug/2087782/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
