Fix vtuner frontend detection #10
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Thanks Skaman
|
Why is this required? |
eriksl
added a commit
that referenced
this pull request
Aug 5, 2016
…18v voltage - thx adenin" Notes to the commit: "correction of the sequence of voltages if scr was changed" This fixes the SEC protocol used for sending JESS commands. Cherry-picked from: Huevos/enigma2@24b1036
athoik
added a commit
that referenced
this pull request
Apr 5, 2020
This commit fixes a heap-buffer-overflow found using ASAN.
Same issue also seens to occur on readyErrRead, so fix it there as well.
In order to verify that console is not breaking after this commit
a random file was written to stdout using cat.
The file was written to another file and hashes where same on input
file and on output file. That seems enough as a test schenario.
Input file can be created using command: dd if=/dev/urandom of=/tmp/in.dat bs=1 count=1024
def yellow(self):
self.container = eConsoleAppContainer()
self.container.appClosed.append(self.finish)
self.container.stdoutAvail.append(self.write)
self.container.setBufferSize(1024)
catargs = ['/bin/cat', '/tmp/in.dat']
self.container.execute('/bin/cat', *catargs)
def finish(self, retval=None):
self.container.kill()
def write(self, data):
file = open('/tmp/out.dat', 'ab')
file.write(data)
file.close()
The full error from ASAN follows:
=================================================================
==1014==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x9e176400 at pc 0x00093b98 bp 0xbe9ca384 sp 0xbe9ca37c
WRITE of size 1 at 0x9e176400 thread T0
#0 0x93b94 in eConsoleAppContainer::readyRead(int) ../../git/lib/base/console.cpp:242
#1 0x9d1f8 in sigc::bound_mem_functor1<void, eConsoleAppContainer, int>::operator()(int const&) const /usr/include/sigc++-2.0/sigc++/functors/mem_fun.h:2066
#2 0x9bafc in sigc::adaptor_functor<sigc::bound_mem_functor1<void, eConsoleAppContainer, int> >::deduce_result_type<int const&, void, void, void, void, void, void>::type sigc::adaptor_functor<sigc::bound_mem_functor1<void, eConsoleAppContainer, int> >::operator()<int const&>(int const&) const /usr/include/sigc++-2.0/sigc++/adaptors/adaptor_trait.h:89
#3 0x99878 in sigc::internal::slot_call<sigc::bound_mem_functor1<void, eConsoleAppContainer, int>, void, int>::call_it(sigc::internal::slot_rep*, int const&) /usr/include/sigc++-2.0/sigc++/functors/slot.h:451
#4 0x9ae0c in sigc::internal::signal_emit1<void, int, sigc::nil>::emit(sigc::internal::signal_impl*, int const&) /usr/include/sigc++-2.0/sigc++/signal.h:1041
#5 0x98f68 in sigc::signal1<void, int, sigc::nil>::emit(int const&) const /usr/include/sigc++-2.0/sigc++/signal.h:2951
#6 0x97854 in sigc::signal1<void, int, sigc::nil>::operator()(int const&) const /usr/include/sigc++-2.0/sigc++/signal.h:2967
#7 0x95cac in PSignal1<void, int>::operator()(int) ../../git/lib/python/connections.h:67
#8 0xaaef4 in eSocketNotifier::activate(int) ../../git/lib/base/ebase.h:157
#9 0xaf070 in eMainloop::processOneEvent(long, _object**, ePyObject) ../../git/lib/base/ebase.cpp:273
#10 0xafeb8 in eMainloop::iterate(unsigned int, _object**, ePyObject) ../../git/lib/base/ebase.cpp:352
#11 0xb0400 in eMainloop::poll(ePyObject, ePyObject) ../../git/lib/base/ebase.cpp:379
#12 0x7446d4 in _wrap_eMainloop_poll python/enigma_python.cpp:5964
0x9e176400 is located 0 bytes to the right of 32768-byte region [0x9e16e400,0x9e176400)
allocated by thread T0 here:
#0 0xb6a290a0 in operator new(unsigned int) (/usr/lib/libasan.so.5+0x1030a0)
#1 0x63560 in __gnu_cxx::new_allocator<char>::allocate(unsigned int, void const*) /usr/include/c++/9.2.0/ext/new_allocator.h:114
#2 0x624c0 in std::allocator_traits<std::allocator<char> >::allocate(std::allocator<char>&, unsigned int) /usr/include/c++/9.2.0/bits/alloc_traits.h:444
#3 0x63ce4 in std::_Vector_base<char, std::allocator<char> >::_M_allocate(unsigned int) /usr/include/c++/9.2.0/bits/stl_vector.h:343
#4 0x62d38 in std::vector<char, std::allocator<char> >::_M_default_append(unsigned int) /usr/include/c++/9.2.0/bits/vector.tcc:635
#5 0x619e8 in std::vector<char, std::allocator<char> >::resize(unsigned int) /usr/include/c++/9.2.0/bits/stl_vector.h:937
#6 0x91bbc in eConsoleAppContainer::setBufferSize(int) ../../git/lib/base/console.cpp:90
#7 0x73d040 in eConsolePy_setBufferSize python/enigma_python.cpp:4913
#8 0xb603b728 in PyEval_EvalFrameEx (/usr/lib/libpython2.7.so.1.0+0xd9728)
SUMMARY: AddressSanitizer: heap-buffer-overflow ../../git/lib/base/console.cpp:242 in eConsoleAppContainer::readyRead(int)
Shadow bytes around the buggy address:
0x33c2ec30: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x33c2ec40: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x33c2ec50: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x33c2ec60: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x33c2ec70: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x33c2ec80:[fa]fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x33c2ec90: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x33c2eca0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x33c2ecb0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x33c2ecc0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x33c2ecd0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
==1014==ABORTING
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Thanks Skaman