search

dankamongmen / growlight

notcurses block device manager / system installation tool
https://nick-black.com/dankwiki/index.php/Growlight
GNU General Public License v3.0
85 stars 12 forks source link

buffer overflow detected in growlight-readline #62

Closed dankamongmen closed 4 years ago

dankamongmen commented 4 years ago

In growlight-readline, on schwarzgerat, using the same USB key referenced in #61 , I can get buffer overflow messages in two ways:

[growlight](0)> blockdev detail sdo
sdo        JD FIREFLY       1100   1.00G  512B RO... gpt   n/a              PATA
Unused sectors 0:2047 (1023.50Ki)
*** buffer overflow detected ***: ./growlight-readline terminated
Aborted
[schwarzgerat](134) $

and (this does not require the USB device seen above at sdo)

[growlight](0)> blockdev
Device     Model             Rev   Bytes PSect Flags Table WWN              PHY 
sdf        ST12000NM0007-2A SN02  12.00T 4096B ✔OW⚠. gpt   5000c500b5685ea4 SAT3
sdg        ST12000NM0007-2A SN02  12.00T 4096B ✔OW⚠. gpt   5000c500b56a29d4 SAT3
sdh        ST12000NM0007-2A SN02  12.00T 4096B ✔OW⚠. gpt   5000c500b1c2c393 SAT3
sdi        ST12000NM0007-2A SN02  12.00T 4096B ✔OW⚠. gpt   5000c500b56936d2 SAT3
sdd        ST12000NM0007-2A SN02  12.00T 4096B ✔OW⚠. gpt   5000c500b49867e5 SAT3
sdb        ST12000NM0007-2A SN02  12.00T 4096B ✔OW⚠. gpt   5000c500b3f4afb4 SAT3
sda        ST12000NM0007-2A SN02  12.00T 4096B ✔OW⚠. gpt   5000c500b4104bf5 SAT3
sdc        ST12000NM0007-2A SN02  12.00T 4096B ✔OW⚠. gpt   5000c500b4984eca SAT3
sde        ST12000NM0007-2A SN03  12.00T 4096B ✔OW⚠. gpt   5000c500a5c0e61d SAT3
sr0        iHBS112   2      CL0F   1.07G  512B UO... none  n/a              PATA
nvme0n1    WDS100T3X0C-00SJ  n/a   1.00T  512B ✔.... gpt   1908E1805012     NVMe
nvme1n1    WDS100T3X0C-00SJ  n/a   1.00T  512B ✔.... gpt   1908E1801188     NVMe
*** buffer overflow detected ***: ./growlight-readline terminated
Aborted
[schwarzgerat](134) $
dankamongmen commented 4 years ago

This is from the snprintf() conversion in outcurses breaking the many, many bprefix() operations working with PREFIXSTRLEN + 1 buffers. Replacing them with BPREFIXSTRLEN + 1 "works" but all the UI was clearly designed for one fewer character, hrmmm....

dankamongmen commented 4 years ago

There's a fix we need to pick up from outcurses 0.0.5, updated configure.ac and README.md.

dankamongmen commented 4 years ago

I've cut a new Arch release (1.1.3-3) which has this fix, but I need to put up new Debian binaries.