Bug#825855: closed by Alastair McKinstry (Bug#825855: fixed in mxml 2.9-1)

Salvatore Bonaccorso Fri, 10 Jun 2016 09:00:48 -0700

Control: reopen -1

Hi


I just schecked again, CVE-2016-4571 part at least is not yet fixed.
Building mxml with ASan, leads to the following with the
stack-exhaustion-2.xml reproducer:

==10554==ERROR: AddressSanitizer: stack-overflow on address 0x7ffe8f42ce88 (pc 
0x7f67a5de43e4 bp 0x7ffe8f42d6f0 sp 0x7ffe8f42ce90 T0)
    #0 0x7f67a5de43e3 in strlen (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x6d3e3)
    #1 0x40c499 in mxml_write_node /root/mxml-2.9/mxml-file.c:2749
    #2 0x40c931 in mxml_write_node /root/mxml-2.9/mxml-file.c:2811
    #3 0x40c931 in mxml_write_node /root/mxml-2.9/mxml-file.c:2811
    #4 0x40c931 in mxml_write_node /root/mxml-2.9/mxml-file.c:2811
[...]
    #246 0x40c931 in mxml_write_node /root/mxml-2.9/mxml-file.c:2811
    #247 0x40c931 in mxml_write_node /root/mxml-2.9/mxml-file.c:2811
    #248 0x40c931 in mxml_write_node /root/mxml-2.9/mxml-file.c:2811
    #249 0x40c931 in mxml_write_node /root/mxml-2.9/mxml-file.c:2811
    #250 0x40c931 in mxml_write_node /root/mxml-2.9/mxml-file.c:2811
    #251 0x40c931 in mxml_write_node /root/mxml-2.9/mxml-file.c:2811

SUMMARY: AddressSanitizer: stack-overflow ??:0 strlen
==10554==ABORTING

Regards,
Salvatore

Bug#825855: closed by Alastair McKinstry (Bug#825855: fixed in mxml 2.9-1)

Reply via email to