[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ncurses-bug
Subject:    Re: Bug: heap-buffer-overflow in captoinfo.c:321
From:       Thomas Dickey <dickey () his ! com>
Date:       2020-05-25 21:13:24
Message-ID: 20200525211324.37ubgkdv7jpaoe22 () prl-debianold-64 ! jexium-island ! net
[Download RAW message or body]


On Tue, May 26, 2020 at 12:45:28AM +0800, puppet@zju.edu.cn wrote:
> Version:  ncurses 6.2.20200212OS: Ubuntu 16.04 LTSPOC: \
> https://github.com/puppet-meteor/NLP_POC/blob/master/infotocap/POC_13_000511cmd: \
> ./infotocap POC ASAN \
> log:================================================================= \
> ==35739==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x62100001c900 at \
> pc 0x000000438979 bp 0x7fffffffbc10 sp 0x7fffffffbc00 READ of size 1 at \
> 0x62100001c900 thread T0

This one's the easy one to reproduce.  As you can see by the "READ",
it's not a "heap-buffer-overflow" but what someone referred to as
an over-read (read past the end of the buffer).

-- 
Thomas E. Dickey <dickey@invisible-island.net>
https://invisible-island.net
ftp://ftp.invisible-island.net


["signature.asc" (application/pgp-signature)]

[prev in list] [next in list] [prev in thread] [next in thread]