Skip to content

out of bounds read in DecompressRTF #34

Closed
@hannob

Description

@hannob

The attached file causes an out of bounds read detectable with asan in the function DecompressRTF.
ytnef-DecompressRTF.zip

Here's the address sanitizer error:

==8156==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x61900000042b at pc 0x000000519cdc bp 0x7ffe04710870 sp 0x7ffe04710868
READ of size 1 at 0x61900000042b thread T0
    #0 0x519cdb in DecompressRTF /mnt/ram/ytnef/lib/ytnef.c:1548:31
    #1 0x51184b in MAPIPrint /mnt/ram/ytnef/lib/ytnef.c:1417:39
    #2 0x50a2cb in PrintTNEF /mnt/ram/ytnef/ytnefprint/main.c:169:5
    #3 0x509693 in main /mnt/ram/ytnef/ytnefprint/main.c:84:5
    #4 0x7f0b10c8c1e0 in __libc_start_main /var/tmp/portage/sys-libs/glibc-2.24-r1/work/glibc-2.24/csu/../csu/libc-start.c:289
    #5 0x419979 in _start (/mnt/ram/ytnef/ytnefprint/ytnefprint+0x419979)

0x61900000042b is located 0 bytes to the right of 939-byte region [0x619000000080,0x61900000042b)
allocated by thread T0 here:
    #0 0x4d05c0 in calloc (/mnt/ram/ytnef/ytnefprint/ytnefprint+0x4d05c0)
    #1 0x50f11d in TNEFFillMapi /mnt/ram/ytnef/lib/ytnef.c:513:26
    #2 0x50cb60 in TNEFMapiProperties /mnt/ram/ytnef/lib/ytnef.c:396:7
    #3 0x5161f4 in TNEFParseFile /mnt/ram/ytnef/lib/ytnef.c:1042:10
    #4 0x50965d in main /mnt/ram/ytnef/ytnefprint/main.c:80:9

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions