Package: foremost Version: 1.5.7-11 Severity: normal X-Debbugs-Cc: [email protected]
Dear Maintainer, when executing foremost without any arguments an invalid memory access occurs in file config.c line 201. Then, len = 1, which results in buffer[1 - 2] and thefore accesses memory out of buffer. I found the problem on an arm64 machine with Memory Tagging enabled, however, it is also findable with valgrind. So, command to reproduce: docker run --rm -e DEBUGINFOD_URLS="https://debuginfod.debian.net"; debian:trixie bash -lc 'apt-get update && apt-get install -y valgrind debuginfod && valgrind /usr/bin/foremost' valgrind finds even more issues, actually: ==1== Invalid read of size 1 ==1== at 0x10D5FE: process_line (config.c:201) ==1== by 0x10D8B0: load_config_file (config.c:320) ==1== by 0x10A42E: main (main.c:246) ==1== Address 0x4a5598f is 1 bytes before a block of size 1,024 alloc'd ==1== at 0x4844818: malloc (vg_replace_malloc.c:446) ==1== by 0x10D87D: load_config_file (config.c:291) ==1== by 0x10A42E: main (main.c:246) ==1== ==1== Conditional jump or move depends on uninitialised value(s) ==1== at 0x48539C2: strstr (vg_replace_strmem.c:1814) ==1== by 0x10EFA0: create_sub_dirs (dir.c:273) ==1== by 0x10A6A5: main (main.c:262) ==1== ==1== Conditional jump or move depends on uninitialised value(s) ==1== at 0x48539EF: strstr (vg_replace_strmem.c:1814) ==1== by 0x10EFA0: create_sub_dirs (dir.c:273) ==1== by 0x10A6A5: main (main.c:262) ==1== ==1== Conditional jump or move depends on uninitialised value(s) ==1== at 0x48539EA: strstr (vg_replace_strmem.c:1814) ==1== by 0x10EFA0: create_sub_dirs (dir.c:273) ==1== by 0x10A6A5: main (main.c:262) -- System Information: Debian Release: 12.13 APT prefers oldstable-updates APT policy: (500, 'oldstable-updates'), (500, 'oldstable-security'), (500, 'oldstable') Architecture: amd64 (x86_64) Kernel: Linux 6.12.12+bpo-amd64 (SMP w/512 CPU threads; PREEMPT) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages foremost depends on: ii libc6 2.36-9+deb12u13 foremost recommends no packages. foremost suggests no packages.
