user/mcpp: heap-use-after-free in substitute() causes segfault
As of writing, no patch is immediately available.
# | Summary▾ | Milestone▾ | Status▾ | Owner▾ | Created▾ | Updated▾ | Priority▾ | |
---|---|---|---|---|---|---|---|---|
14 | heap-use-after-free in substitute() causes segfault | v1.0 (example) | open | 2021-11-24 | 2021-11-24 | 5 |
quick test, with all the latest patches applied, shows this is reproducible:
(gdb) bt
#0 0xf7f601a4 in ?? () from /lib/ld-musl-powerpc.so.1
#1 0xf7f605b4 in __uflow () from /lib/ld-musl-powerpc.so.1
#2 0xf7f605b4 in __uflow () from /lib/ld-musl-powerpc.so.1
#3 0xf7f614ec in fgets_unlocked () from /lib/ld-musl-powerpc.so.1
#4 0xf7e545ec in mcpp_fgets (stream=<optimized out>, size=65536, s=0xf7dd0020 "\n") at support.c:1909
#5 get_line (in_comment=in_comment@entry=0) at support.c:1938
#6 0xf7e560fc in parse_line () at support.c:1657
#7 0xf7e55324 in get_ch () at support.c:1580
#8 0xf7e442cc in mcpp_main () at main.c:623
#9 mcpp_lib_main (argc=-134340444, argv=0xfffef518) at main.c:423
#10 0x0040045c in ?? ()
#11 0xf7f1566c in ?? () from /lib/ld-musl-powerpc.so.1
#12 0xf7f156d8 in __libc_start_main () from /lib/ld-musl-powerpc.so.1
#13 0x004004ec in ?? ()
#14 0x004004a8 in ?? ()
See also: https://sourceforge.net/p/mcpp/bugs/14/