Bug#994405: libgmp10:i386: buffer overflow due to integer overflow in mpz/inp_raw.c on 32-bit machines
Anton Gladky
gladk at debian.org
Sun Nov 14 17:45:45 GMT 2021
Thanks, Vincent,
now I am able to reproduce the issue!
I will request CVE.
Regards
Anton
Am So., 14. Nov. 2021 um 15:44 Uhr schrieb Vincent Lefevre <vincent at vinc17.net>:
>
> On 2021-11-14 14:15:25 +0100, Anton Gladky wrote:
> > well, I was thinking that upstream should request a CVE. Neverheless
> > I could not reproduce the issue with the modern GCC-versions.
> > Even on 32bit-systems.
>
> I can still reproduce the segmentation fault under Debian/unstable.
> Simplified testcase:
>
> #include <stdio.h>
> #include <gmp.h>
>
> int main (void)
> {
> mpz_t s;
> mpz_init (s);
> mpz_inp_raw (s, stdin);
> return 0;
> }
>
> Compile with gcc -m32 and execute:
>
> printf 12345 | ./testcase
>
> Note that even if you don't get a segmentation fault, there may be
> other erratic behaviors, such as silent memory corruption (which may
> be even worse).
>
> --
> Vincent Lefèvre <vincent at vinc17.net> - Web: <https://www.vinc17.net/>
> 100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/>
> Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)
>
More information about the debian-science-maintainers
mailing list