New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
heap-buffer-overflow (/home/lin/fribidi/bin/fribidi+0x108fe) in fribidi_cap_rtl_to_unicode #182
Comments
tagoh
added a commit
to tagoh/fribidi
that referenced
this issue
Feb 17, 2022
CapRTL charset is represented in ASCII range 1-127. but an input to caprtl_to_unicode may be possibly more than that. AddressSanitizer reports this like: ================================================================= ==1223446==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6150000002fc at pc 0x7fb94f3409fc bp 0x7ffca618 7190 sp 0x7ffca6187188 READ of size 4 at 0x6150000002fc thread T0 #0 0x7fb94f3409fb in fribidi_cap_rtl_to_unicode ../lib/fribidi-char-sets-cap-rtl.c:235 fribidi#1 0x402bda in main ../bin/fribidi-main.c:403 fribidi#2 0x7fb94f15d58f in __libc_start_call_main (/lib64/libc.so.6+0x2d58f) fribidi#3 0x7fb94f15d648 in __libc_start_main_impl (/lib64/libc.so.6+0x2d648) fribidi#4 0x403714 in _start (/tmp/fribidi/build/bin/fribidi+0x403714) 0x6150000002fc is located 4 bytes to the left of 512-byte region [0x615000000300,0x615000000500) allocated by thread T0 here: #0 0x7fb94f41d81f in __interceptor_malloc (/lib64/libasan.so.8+0xba81f) fribidi#1 0x7fb94f340025 in init_cap_rtl ../lib/fribidi-char-sets-cap-rtl.c:87 fribidi#2 0x7fb94f3409e0 in fribidi_cap_rtl_to_unicode ../lib/fribidi-char-sets-cap-rtl.c:180 fribidi#3 0x402bda in main ../bin/fribidi-main.c:403 fribidi#4 0x7fb94f15d58f in __libc_start_call_main (/lib64/libc.so.6+0x2d58f) So such input needs to be ignored. This fixes fribidi#182
CVE-2022-25309 seems to have been assigned for this issue. |
This seems to be fixed by f22593b |
Yes, this has been fixed. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi, I found a bug, heap-buffer-overflow.
SUMMARY:
SUMMARY: AddressSanitizer: heap-buffer-overflow (/home/lin/fribidi/bin/fribidi+0x108fe) in fribidi_cap_rtl_to_unicode
Version
At branch 859aa1b
poc: poc.zip
Thanks !!!
The text was updated successfully, but these errors were encountered: