Vulnerability Development mailing list archives

Re: Buffer overflow in awk

From: "Elan Hasson" <elan () daryl org>
Date: Sun, 24 Mar 2002 15:59:33 -0500

awk -f `perl -e 'print "A" x 8205'`

crashes with
GNU Awk 3.0.6
running on FreeBSD 4.5-STABLE
----- Original Message -----
From: "Hani Mustafa" <hani.mustafa () silksys com>
To: "Kosh Naranek" <kosh () cloud s2engine com>; "Charles-Edouard Ruault"
<cruault () 724 com>; "Walter Jr." <walterjr () pr gov br>
Cc: <vuln-dev () securityfocus com>
Sent: Sunday, March 24, 2002 12:26 PM
Subject: RE: Buffer overflow in awk

Try 8025

euclid#awk -f `perl -e 'print "A" x 8205'`
awk: fatal error: internal error
Aborted (core dumped)

8204 gives an output similar to what you have pasted.


At 06:07 AM 3/17/2002 +1000, Kosh Naranek wrote:

On debian 2.2r3 unstable
squall:~# awk -f `perl -e 'print "A" x 1022'`
awk: cannot open
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAA (File name too long)

Same for 8177 and 65535


-----Original Message-----
From: Charles-Edouard Ruault [mailto:cruault () 724 com]
Sent: Saturday, 16 March 2002 03:06
To: Walter Jr.
Cc: vuln-dev () securityfocus com
Subject: Re: Buffer overflow in awk


same behaviour on GNU Awk 3.1.0, on redhat 7.2

Walter Jr. wrote:

So does conectiva  2.2.13-9cl , awk 3.0.3

From: "Max" <flux9 () 101freeway net>

I can reproduce this on Slackware 8.0, but it takes 8177 char's to
segfault.

From: keoki [mailto:keoki () techie com]

A buffer overflow exist in awk(named awk on most
systems, but actualy is gawk/GNU awk) when calling

the -f option, to include an awk script, and supplying a
filename with a buffer length of 1022 and up.
[root@neural keoki]# awk -f `perl -e 'print "A" x 1022'`
awk: fatal error: internal error
Abort (core dumped



--
Charles-Edouard Ruault

Current thread:

Re: Buffer overflow in awk, (continued)
- - - Re: Buffer overflow in awk Jeff Fields (Mar 19)
    - Re: Buffer overflow in awk Jirka Kosina (Mar 20)
    - Re: Buffer overflow in awk nilton . gs . sc (Mar 15)
    - Re: Buffer overflow in awk Rui Miguel Silva Seabra (Mar 15)
- RE: Buffer overflow in awk dong-h0un U (Mar 15)
- Re: Buffer overflow in awk zero (Mar 16)
  - Re: Buffer overflow in awk Crist J. Clark (Mar 17)
  - Re: Buffer overflow in awk Jose Nazario (Mar 18)
- RE: Buffer overflow in awk Kosh Naranek (Mar 17)
  - RE: Buffer overflow in awk Hani Mustafa (Mar 24)
    - Re: Buffer overflow in awk Elan Hasson (Mar 24)
    - Re: Buffer overflow in awk Tim Gerritsen (Mar 24)
    - Re: Buffer overflow in awk Replugge [ROD] (Mar 25)