You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We found a read-out-of-bounds parsing a malformed object file using the last version of libgit2. To reproduce, first compile libgit2 and its examples with AddressSanitizer support. Then:
=9796==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6020000342b4 at pc 0x7f36f24005cf bp 0x7ffd9bc2cb60 sp 0x7ffd9bc2cb50
READ of size 1 at 0x6020000342b4 thread T0
#0 0x7f36f24005ce in git_oid_nfmt /home/g/Work/Code/libgit2-master/src/oid.c:82
#1 0x7f36f2400901 in git_oid_tostr /home/g/Work/Code/libgit2-master/src/oid.c:127
#2 0x402f22 in show_tree /home/g/Work/Code/libgit2-master/examples/cat-file.c:58
#3 0x403735 in main /home/g/Work/Code/libgit2-master/examples/cat-file.c:178
#4 0x7f36f1d03290 in __libc_start_main (/usr/lib/libc.so.6+0x20290)
#5 0x401919 in _start (/home/g/Work/Code/libgit2-master/examples/cat-file+0x401919)
0x6020000342b4 is located 0 bytes to the right of 4-byte region [0x6020000342b0,0x6020000342b4)
allocated by thread T0 here:
#0 0x7f36f2868e60 in __interceptor_malloc /build/gcc-multilib/src/gcc/libsanitizer/asan/asan_malloc_linux.cc:62
#1 0x7f36f23f4af7 in git__malloc /home/g/Work/Code/libgit2-master/src/util.h:162
#2 0x7f36f23f5d1e in inflate_tail /home/g/Work/Code/libgit2-master/src/odb_loose.c:275
#3 0x7f36f23f64a4 in inflate_disk_obj /home/g/Work/Code/libgit2-master/src/odb_loose.c:377
#4 0x7f36f23f687f in read_loose /home/g/Work/Code/libgit2-master/src/odb_loose.c:417
#5 0x7f36f23f7b2e in loose_backend__read /home/g/Work/Code/libgit2-master/src/odb_loose.c:642
#6 0x7f36f23f26f1 in odb_read_1 /home/g/Work/Code/libgit2-master/src/odb.c:996
#7 0x7f36f23f293b in git_odb_read /home/g/Work/Code/libgit2-master/src/odb.c:1028
#8 0x7f36f23ec5ca in git_object_lookup_prefix /home/g/Work/Code/libgit2-master/src/object.c:167
#9 0x7f36f24708f9 in maybe_sha_or_abbrev /home/g/Work/Code/libgit2-master/src/revparse.c:24
#10 0x7f36f2470994 in maybe_sha /home/g/Work/Code/libgit2-master/src/revparse.c:34
#11 0x7f36f2470cf6 in revparse_lookup_object /home/g/Work/Code/libgit2-master/src/revparse.c:96
#12 0x7f36f2473b1c in ensure_base_rev_loaded /home/g/Work/Code/libgit2-master/src/revparse.c:625
#13 0x7f36f24744f6 in revparse__ext /home/g/Work/Code/libgit2-master/src/revparse.c:802
#14 0x7f36f2474854 in git_revparse_ext /home/g/Work/Code/libgit2-master/src/revparse.c:840
#15 0x7f36f2474a8b in git_revparse_single /home/g/Work/Code/libgit2-master/src/revparse.c:863
#16 0x40356c in main /home/g/Work/Code/libgit2-master/examples/cat-file.c:136
#17 0x7f36f1d03290 in __libc_start_main (/usr/lib/libc.so.6+0x20290)
This issues was found using QuickFuzz.
Regards,
The text was updated successfully, but these errors were encountered:
Hi,
We found a read-out-of-bounds parsing a malformed object file using the last version of libgit2. To reproduce, first compile libgit2 and its examples with AddressSanitizer support. Then:
Finally, you can trigger the bug using cat-file:
The AddressSanitizer report is here:
This issues was found using QuickFuzz.
Regards,
The text was updated successfully, but these errors were encountered: