Open asarubbo opened 10 months ago
Our Gentoo Tinderbox reported a test failure at bug 914094
Looking at test-suite.log I can see that it fails because of a stack-buffer-overflow:
FAIL: ical-012.sh ================= ================================================================= ==679==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7efd3d8125df at pc 0x5654ab7a5229 bp 0x7ffff80873e0 sp 0x7ffff80873d0 READ of size 1 at 0x7efd3d8125df thread T0 #0 0x5654ab7a5228 in ical_readline /var/tmp/portage/app-office/calcurse-4.8.1/work/calcurse-4.8.1/src/ical.c:693 #1 0x5654ab7a7c61 in ical_chk_header /var/tmp/portage/app-office/calcurse-4.8.1/work/calcurse-4.8.1/src/ical.c:723 #2 0x5654ab7a7c61 in ical_import_data /var/tmp/portage/app-office/calcurse-4.8.1/work/calcurse-4.8.1/src/ical.c:1878 #3 0x5654ab7b742d in io_import_data /var/tmp/portage/app-office/calcurse-4.8.1/work/calcurse-4.8.1/src/io.c:1303 #4 0x5654ab78cfad in parse_args /var/tmp/portage/app-office/calcurse-4.8.1/work/calcurse-4.8.1/src/args.c:966 #5 0x5654ab675c8e in main /var/tmp/portage/app-office/calcurse-4.8.1/work/calcurse-4.8.1/src/calcurse.c:709 #6 0x7efd3ee23c89 (/lib64/libc.so.6+0x23c89) #7 0x7efd3ee23d44 in __libc_start_main (/lib64/libc.so.6+0x23d44) #8 0x5654ab677340 in _start (/var/tmp/portage/app-office/calcurse-4.8.1/work/calcurse-4.8.1/src/calcurse+0x2c340) Address 0x7efd3d8125df is located in stack of thread T0 at offset 9695 in frame #0 0x5654ab7a764f in ical_import_data /var/tmp/portage/app-office/calcurse-4.8.1/work/calcurse-4.8.1/src/ical.c:1873 This frame has 39 object(s): [48, 49) 'c' (line 875) [64, 68) 'major' (line 1875) [80, 84) 'minor' (line 1875) [96, 100) 'bytes_read' (line 876) [112, 116) 'week' (line 877) [128, 132) 'day' (line 877) [144, 148) 'mon' (line 927) [160, 164) 'n' (line 928) [176, 180) 'mday' (line 948) [192, 196) 'n' (line 949) [208, 212) 'order' (line 970) [224, 228) 'n' (line 970) [240, 248) 'fmt' (line 472) [272, 280) 'p' (line 1358) [304, 312) 'dtstart' (line 1359) [336, 344) 'dtend' (line 1359) [368, 376) 'duration' (line 1359) [400, 408) 'rrule' (line 1359) [432, 440) 'until' (line 1553) [464, 472) 'msg' (line 1555) [496, 504) 'freqstr' (line 1066) [528, 536) 'note' (line 1868) [560, 568) 'note' (line 1868) [592, 600) 'p' (line 1723) [624, 632) 'note' (line 1868) [656, 668) 'vparam' (line 761) [688, 700) 'vparam' (line 761) [720, 732) 'vparam' (line 761) [752, 768) 's' (line 1360) [784, 800) 'exdate' (line 1360) [816, 832) 's' (line 1724) [848, 865) 'datestr' (line 1066) [912, 960) 'vtodo' (line 1729) [992, 1072) 'tmp' (line 552) [1104, 1216) 'vevent' (line 1369) [1248, 9440) 'buf' (line 1874) [9696, 17888) 'lstore' (line 1874) <== Memory access at offset 9695 underflows this variable [18144, 26336) 'msg' (line 581) [26592, 34784) 'msg' (line 525) HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork (longjmp and C++ exceptions *are* supported) SUMMARY: AddressSanitizer: stack-buffer-overflow /var/tmp/portage/app-office/calcurse-4.8.1/work/calcurse-4.8.1/src/ical.c:693 in ical_readline Shadow bytes around the buggy address: 0x7efd3d812300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x7efd3d812380: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x7efd3d812400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x7efd3d812480: 00 00 00 00 00 00 00 00 00 00 00 00 f2 f2 f2 f2 0x7efd3d812500: f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 =>0x7efd3d812580: f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2[f2]00 00 00 00 0x7efd3d812600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x7efd3d812680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x7efd3d812700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x7efd3d812780: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x7efd3d812800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb ==679==ABORTING
If I can do more, please let me know.
Our Gentoo Tinderbox reported a test failure at bug 914094
Looking at test-suite.log I can see that it fails because of a stack-buffer-overflow:
If I can do more, please let me know.