Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 582532 - <dev-libs/mini-xml-2.9: invalid pointer read
Summary: <dev-libs/mini-xml-2.9: invalid pointer read
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL: http://www.openwall.com/lists/oss-sec...
Whiteboard: B3 [noglsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2016-05-09 09:47 UTC by Agostino Sarubbo
Modified: 2017-01-16 03:36 UTC (History)
2 users (show)

See Also:
Package list:
=dev-libs/mini-xml-2.10
Runtime testing required: ---
stable-bot: sanity-check+

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2016-05-09 09:47:01 UTC 
From ${URL} :

An invalid pointer read located in a vsnprintf call in mini-xml 2.7 (
https://www.msweet.org/projects.php?Z3) was found:

$ gdb --args ./testmxml jezrijgasv.xml.-5377691366552468283
...
Program received signal SIGSEGV, Segmentation fault.
0x00007ffff48b3a03 in _IO_vfprintf_internal (s=s@...ry=0x7fffffff9970,
format=<optimized out>,
    format@...ry=0x40d900 "<%s> cannot be a second root node after <%s>",
ap=ap@...ry=0x7fffffff9b10) at vfprintf.c:1661
1661    vfprintf.c: No such file or directory.
(gdb) bt
#0  0x00007ffff48b3a03 in _IO_vfprintf_internal (s=s@...ry=0x7fffffff9970,
format=<optimized out>,
    format@...ry=0x40d900 "<%s> cannot be a second root node after <%s>",
ap=ap@...ry=0x7fffffff9b10) at vfprintf.c:1661
#1  0x00007ffff4971235 in ___vsnprintf_chk (s=s@...ry=0x7fffffff9b50 "<b>
cannot be a second root node after <\002", maxlen=<optimized out>,
    maxlen@...ry=1024, flags=flags@...ry=1, slen=slen@...ry=1024,
format=format@...ry=0x40d900 "<%s> cannot be a second root node after
<%s>",
    args=args@...ry=0x7fffffff9b10) at vsnprintf_chk.c:63
#2  0x000000000040a3c0 in vsnprintf (__ap=0x7fffffff9b10, __fmt=0x40d900
"<%s> cannot be a second root node after <%s>", __n=1024,
    __s=0x7fffffff9b50 "<b> cannot be a second root node after <\002") at
/usr/include/x86_64-linux-gnu/bits/stdio2.h:77
#3  mxml_error (format=0x40d900 "<%s> cannot be a second root node after
<%s>") at mxml-private.c:86
#4  0x0000000000405a74 in mxml_load_data (top=top@...ry=0x0,
p=p@...ry=0x60360000fd80,
cb=cb@...ry=0x402863 <type_cb>,
    getc_cb=getc_cb@...ry=0x404c78 <mxml_file_getc>, sax_cb=sax_cb@...ry=0x0,
sax_data=sax_data@...ry=0x0) at mxml-file.c:1662
#5  0x00000000004079d0 in mxmlLoadFile (top=top@...ry=0x0,
fp=fp@...ry=0x60360000fd80,
cb=cb@...ry=0x402863 <type_cb>) at mxml-file.c:199
#6  0x0000000000402166 in main (argc=<optimized out>, argv=0x7fffffffe4f8)
at testmxml.c:473

Fortunately, this issue is fixed in mini-xml 2.9


@maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Comment 1 Thomas Deutschmann (RETIRED) gentoo-dev 2016-11-25 02:02:28 UTC 
@ Arches,

please test and mark stable: =dev-libs/mini-xml-2.10
Comment 2 Agostino Sarubbo gentoo-dev 2016-11-25 18:30:10 UTC 
amd64 stable
Comment 3 Agostino Sarubbo gentoo-dev 2016-11-25 18:56:58 UTC 
x86 stable
Comment 4 Agostino Sarubbo gentoo-dev 2017-01-15 15:53:23 UTC 
ppc stable.

Maintainer(s), please cleanup.
Security, please vote.
Comment 5 Thomas Deutschmann (RETIRED) gentoo-dev 2017-01-15 18:59:45 UTC 
GLSA Vote: No
Comment 6 Thomas Deutschmann (RETIRED) gentoo-dev 2017-01-15 19:03:33 UTC 
Cleanup PR: https://github.com/gentoo/gentoo/pull/3492

@ Proxy-Maintainer: Please ack.