GNU bug report logs - #20998
Out of bounds global read in shred / genpattern()

Previous Next

Package: coreutils;

Reported by: Hanno Böck <hanno <at> hboeck.de>

Date: Mon, 6 Jul 2015 23:43:02 UTC

Severity: normal

Done: Pádraig Brady <P <at> draigBrady.com>

Bug is archived. No further changes may be made.

Full log

Message #13 received at 20998-done <at> debbugs.gnu.org (full text, mbox):

From: Pádraig Brady <P <at> draigBrady.com>
To: Hanno Böck <hanno <at> hboeck.de>, 20998-done <at> debbugs.gnu.org
Subject: Re: bug#20998: Out of bounds global read in shred / genpattern()
Date: Tue, 07 Jul 2015 03:28:32 +0100

[Message part 1 (text/plain, inline)]
On 07/07/15 01:45, Pádraig Brady wrote:
> On 07/07/15 00:29, Hanno Böck wrote:
>> Hi,
>>
>> There is an out of bounds read error in the function genpattern() in
>> shred (coreutils 8.23). This issue only appears randomly.
>>
>> To test:
>> a) recompile coreutils 8.23 with address sanitizer

> Nice one!
> 
> It looks like the restriction to the k patterns available
> was lost with v5.92-1462-g65533e1 and that this should
> fix it up.
> 
> diff --git a/src/shred.c b/src/shred.c
> index 63bcd6f..74f7ad9 100644
> --- a/src/shred.c
> +++ b/src/shred.c
> @@ -785,6 +785,7 @@ genpattern (int *dest, size_t num, struct randint_source *s)
>                    n--;
>                  }
>                p++;
> +              k--;
>              }
>            while (n);
>            break;

Attached is the full patch including a test.
Marking this as done.

thanks!
Pádraig.

[shred-patterns.patch (text/x-patch, attachment)]
This bug report was last modified 10 years and 17 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.