oss-sec mailing list archives
Out of bounds heap bugs in glib, heap buffer overflow in gnome-session
From: Hanno Böck <hanno () hboeck de>
Date: Fri, 16 Sep 2016 15:00:53 +0200
https://blog.fuzzing-project.org/53-Out-of-bounds-heap-bugs-in-glib,-heap-buffer-overflow-in-gnome-session.html By testing GNOME-related packages with Address Sanitizer I recently discovered several trivial to find bugs. Two out of bounds bugs in the glib library were uncovered by running the test suite with Address Sanitizer enabled. One heap buffer overflow in the parameter parsing of gnome-session was uncovered by trying to start GNOME. Given that these bugs weren't discovered earlier means that most likely nobody ever used Address Sanitizer to test GNOME components. I strongly recommend to GNOME and to other software communities to use Address Sanitizer testing in order to improve the quality of their software. Out of bounds read in g_unichar_iswide_bsearch() / glib https://bugzilla.gnome.org/show_bug.cgi?id=766211 Upstream bug report (again reported here) https://git.gnome.org/browse/glib/commit/?id=bcbd8d7 Commit / fix Fixed in 2.48.2. Out of bounds read in token_stream_prepare() / glib https://bugzilla.gnome.org/show_bug.cgi?id=762417 Upstream bug report https://git.gnome.org/browse/glib/commit/glib/gvariant-parser.c?id=aead1c046dd39748cca449b55ec300ba5f025365 Commit / fix Fixed in 2.48.0. Heap buffer overflow in gnome-session https://bugzilla.gnome.org/show_bug.cgi?id=768441 Upstream bug report https://git.gnome.org/browse/gnome-session/commit/?h=gnome-3-20&id=634ab70d9f03b1650be4b8259091ca3036f0fbf9 Commit / fix Fixed in 3.20.2. -- Hanno Böck https://hboeck.de/ mail/jabber: hanno () hboeck de GPG: FE73757FA60E4E21B937579FA5880072BBB51E42
Attachment:
_bin
Description: OpenPGP digital signature
Current thread:
- Out of bounds heap bugs in glib, heap buffer overflow in gnome-session Hanno Böck (Sep 16)