Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

epub: Fix an incorrect sizeof call detected by AddressSanitizer #635

Merged
merged 1 commit into from
Jan 31, 2024
Merged

epub: Fix an incorrect sizeof call detected by AddressSanitizer #635

merged 1 commit into from
Jan 31, 2024

Conversation

correctmost
Copy link
Contributor

This commit also fixes a build directory typo in INSTALL.md.

Testing

Prior to this fix, I would see memory errors when loading the EPUB from mate-desktop/atril#599:

==131935==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x602000657b78 at pc 0x7fffd95aada0 bp 0x7fffda8dec00 sp 0x7fffda8debf0
WRITE of size 8 at 0x602000657b78 thread T43
    #0 0x7fffd95aad9f in setup_document_content_list ../backend/epub/epub-document.c:1091
    #1 0x7fffd95ae153 in epub_document_load ../backend/epub/epub-document.c:1801
    #2 0x7ffff7f33434 in ev_document_load ../libdocument/ev-document.c:251
    #3 0x7ffff7f3a1aa in ev_document_factory_get_document ../libdocument/ev-document-factory.c:237
    #4 0x7ffff775c264 in ev_job_load_run ../libview/ev-jobs.c:1124
    #5 0x7ffff77579b2 in ev_job_run ../libview/ev-jobs.c:219
    #6 0x7ffff775fd9e in ev_job_thread ../libview/ev-job-scheduler.c:184
    #7 0x7ffff775ff8c in ev_job_thread_proxy ../libview/ev-job-scheduler.c:217
    #8 0x7ffff7657a04  (/usr/lib/libglib-2.0.so.0+0x8ba04)
    #9 0x7ffff66839ea  (/usr/lib/libc.so.6+0x8c9ea)
    #10 0x7ffff67077cb  (/usr/lib/libc.so.6+0x1107cb)

0x602000657b78 is located 0 bytes after 8-byte region [0x602000657b70,0x602000657b78)
allocated by thread T43 here:
    #0 0x7ffff78e0cc1 in __interceptor_calloc /usr/src/debug/gcc/gcc/libsanitizer/asan/asan_malloc_linux.cpp:77
    #1 0x7ffff76302ba in g_malloc0 (/usr/lib/libglib-2.0.so.0+0x642ba)
    #2 0x7fffd95ae153 in epub_document_load ../backend/epub/epub-document.c:1801
    #3 0x7ffff7f33434 in ev_document_load ../libdocument/ev-document.c:251
    #4 0x7ffff7f3a1aa in ev_document_factory_get_document ../libdocument/ev-document-factory.c:237
    #5 0x7ffff775c264 in ev_job_load_run ../libview/ev-jobs.c:1124
    #6 0x7ffff77579b2 in ev_job_run ../libview/ev-jobs.c:219
    #7 0x7ffff775fd9e in ev_job_thread ../libview/ev-job-scheduler.c:184
    #8 0x7ffff775ff8c in ev_job_thread_proxy ../libview/ev-job-scheduler.c:217
    #9 0x7ffff7657a04  (/usr/lib/libglib-2.0.so.0+0x8ba04)

Thread T43 created by T0 here:
    #0 0x7ffff784a497 in __interceptor_pthread_create /usr/src/debug/gcc/gcc/libsanitizer/asan/asan_interceptors.cpp:208
    #1 0x7ffff7658fb3  (/usr/lib/libglib-2.0.so.0+0x8cfb3)

SUMMARY: AddressSanitizer: heap-buffer-overflow ../backend/epub/epub-document.c:1091 in setup_document_content_list

@correctmost
epub: Fix an incorrect sizeof call detected by AddressSanitizer
2ae7ac3 
This commit also fixes a build directory typo in INSTALL.md.
@mtwebster mtwebster merged commit 1cde192 into linuxmint:master Jan 31, 2024
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@correctmost @mtwebster