oss-sec mailing list archives
CVE request: an invalid pointer read in mini-xml 2.7
From: Gustavo Grieco <gustavo.grieco () gmail com>
Date: Fri, 6 May 2016 17:07:01 +0200
Hi, An invalid pointer read located in a vsnprintf call in mini-xml 2.7 ( https://www.msweet.org/projects.php?Z3) was found: $ gdb --args ./testmxml jezrijgasv.xml.-5377691366552468283 ... Program received signal SIGSEGV, Segmentation fault. 0x00007ffff48b3a03 in _IO_vfprintf_internal (s=s@entry=0x7fffffff9970, format=<optimized out>, format@entry=0x40d900 "<%s> cannot be a second root node after <%s>", ap=ap@entry=0x7fffffff9b10) at vfprintf.c:1661 1661 vfprintf.c: No such file or directory. (gdb) bt #0 0x00007ffff48b3a03 in _IO_vfprintf_internal (s=s@entry=0x7fffffff9970, format=<optimized out>, format@entry=0x40d900 "<%s> cannot be a second root node after <%s>", ap=ap@entry=0x7fffffff9b10) at vfprintf.c:1661 #1 0x00007ffff4971235 in ___vsnprintf_chk (s=s@entry=0x7fffffff9b50 "<b> cannot be a second root node after <\002", maxlen=<optimized out>, maxlen@entry=1024, flags=flags@entry=1, slen=slen@entry=1024, format=format@entry=0x40d900 "<%s> cannot be a second root node after <%s>", args=args@entry=0x7fffffff9b10) at vsnprintf_chk.c:63 #2 0x000000000040a3c0 in vsnprintf (__ap=0x7fffffff9b10, __fmt=0x40d900 "<%s> cannot be a second root node after <%s>", __n=1024, __s=0x7fffffff9b50 "<b> cannot be a second root node after <\002") at /usr/include/x86_64-linux-gnu/bits/stdio2.h:77 #3 mxml_error (format=0x40d900 "<%s> cannot be a second root node after <%s>") at mxml-private.c:86 #4 0x0000000000405a74 in mxml_load_data (top=top@entry=0x0, p=p@entry=0x60360000fd80, cb=cb@entry=0x402863 <type_cb>, getc_cb=getc_cb@entry=0x404c78 <mxml_file_getc>, sax_cb=sax_cb@entry=0x0, sax_data=sax_data@entry=0x0) at mxml-file.c:1662 #5 0x00000000004079d0 in mxmlLoadFile (top=top@entry=0x0, fp=fp@entry=0x60360000fd80, cb=cb@entry=0x402863 <type_cb>) at mxml-file.c:199 #6 0x0000000000402166 in main (argc=<optimized out>, argv=0x7fffffffe4f8) at testmxml.c:473 Fortunately, this issue is fixed in mini-xml 2.9. A reproducer is available upon request. Please assign a CVE if necesary. Regards, Gustavo.
Current thread:
- CVE request: an invalid pointer read in mini-xml 2.7 Gustavo Grieco (May 06)