Bug#748210: Missing parameter to cause stack underflow

Michael Tautschnig mt at debian.org
Thu May 15 10:25:46 UTC 2014


Package: libconvert-uulib-perl
Version: 1:1.4~dfsg-1
Usertags: goto-cc

During an analysis of all packages using our research compiler tool-chain (using
tools from the cbmc package) the following error was found:

The declaration of UUEncodePartial here

http://sources.debian.net/src/libconvert-uulib-perl/1:1.4~dfsg-1/UUlib.xs?hl=409#L409

lacks the final argument (it takes only 9 arguments), as can be seen by
comparing to its definition:

http://sources.debian.net/src/libconvert-uulib-perl/1:1.4~dfsg-1/uulib/uuencode.c?hl=788#L788

Thus the generated perl-to-native wrapper only converts and passes 9 arguments,
which necessarily results in a stack underflow (the argument is used). The
resulting undefined behaviour will likely show up as seemingly random failures
in testing the CRC values.

Best,
Michael

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 859 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-perl-maintainers/attachments/20140515/63bc0d37/attachment.sig>


More information about the pkg-perl-maintainers mailing list