Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

stack-buffer-overflow music.c:5085 in delayed_output(float indent) #16

Closed
c1208828 opened this issue Apr 13, 2018 · 1 comment
Closed

Comments

@c1208828
Copy link

https://drive.google.com/open?id=1DvBEh5D-eW4UkvX3947UQh62i7hUIFN1

(gdb) set args POC
(gdb) r
abcm2ps-8.13.20 (2018-02-21)
File POC
POC:3:2: error: Bad character
3 |2ÿÿdÿ&e,d_d&ddªB-ÿ2ÿ
^
POC:3:3: error: Bad character
3 |2ÿÿdÿ&e,d_d&ddªB-ÿ2ÿ
.
.
.
POC:3:15: error: Wrong duration in voice overlay
POC:4:0: error: Bad character 'k'
POC:4:0: error: Note too much dotted
POC:5:0: error: Bad character 'N'
POC:5:0: error: Bad character 'N'
POC:6:1: error: Wrong duration in voice overlay
POC:6:3: error: No note in voice overlay
POC:6:3: error: Bad character 'K'
POC:6:3: error: Bad character 't'
POC:6:3: error: Wrong duration in voice overlay
POC:6:6: error: !slide! must be on a note or a rest
POC:6:27: warning: Line underfull (256pt of 682pt)

Program received signal SIGSEGV, Segmentation fault.
GI_getenv (name=0x7ffff6a14b8e "BC_FATAL_STDERR", name@entry=0x7ffff6a14b8c "LIBC_FATAL_STDERR")
at getenv.c:84
84 getenv.c: No such file or directory.
(gdb) bt
#0 0x00007ffff68c081d in GI_getenv (name=0x7ffff6a14b8e "BC_FATAL_STDERR",
name@entry=0x7ffff6a14b8c "LIBC_FATAL_STDERR
") at getenv.c:84
#1 0x00007ffff68c0f02 in _GI___libc_secure_getenv (name=name@entry=0x7ffff6a14b8c "LIBC_FATAL_STDERR")
at secure-getenv.c:29
#2 0x00007ffff68fe55a in __libc_message (do_abort=do_abort@entry=1, fmt=fmt@entry=0x7ffff6a1649f "*** %s ***: %s terminated\n") at ../sysdeps/posix/libc_fatal.c:80
#3 0x00007ffff69a015c in __GI___fortify_fail (msg=,
msg@entry=0x7ffff6a16481 "stack smashing detected") at fortify_fail.c:37
#4 0x00007ffff69a0100 in __stack_chk_fail () at stack_chk_fail.c:28
#5 0x0000000000507f45 in delayed_output (indent=) at music.c:5085

moinejf added a commit that referenced this issue Apr 13, 2018
The size of the temporary buffer used for delayed output was not correct.
Now, this buffer is allocated from the heap with the same size as the
output normal buffer.

Issue #16.
@carnil
Copy link

carnil commented May 5, 2018

CVE-2018-10753

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants