subject:"\[Bug 2095070\] Re\: heap\-buffer\-overflow on matio\-1.5.28\/src\/mat.c\:2462\:69 in Mat

[Bug 2095070] Re: heap-buffer-overflow on matio-1.5.28/src/mat.c:2462:69 in Mat_VarPrint

2025-01-16 Thread sae

** Description changed:

- heap-buffer-overflow on matio-1.5.28/src/mat.c:2462 Mat_VarPrint when we
- run ./fuzzers/matio_fuzzer ./crashes/poc.
- 
- root@6:/fuzz# ./fuzzers/matio_fuzzer crashes/crash-104
- Reading 5045 bytes from crashes/crash-104
-   Name: easy
-   Rank: 2
- Dimensions: 1 x 1
- Class Type: Structure
-  Data Type: Structure
- Fields[6] {
-   Name: d
-   Rank: 2
- Dimensions: 5 x 10
- Class Type: Double Precision Array
-  Data Type: IEEE 754 double-precision
-   Name: s
-   Rank: 2
- Dimensions: 5 x 10
- Class Type: Single Precision Array
-  Data Type: IEEE 754 single-precision
-   Name: i32
-   Rank: 2
- Dimensions: 5 x 10
- Class Type: 32-bit, signed integer array
-  Data Type: 32-bit, signed integer
-   Name: i16
-   Rank: 2
- Dimensions: 5 x 10
- Class Type: 16-bit, signed integer array
-  Data Type: 16-bit, signed integer
-   Name: i8
-   Rank: 2
- Dimensions: 5 x 10
- Class Type: 8-bit, signed integer array
-  Data Type: 8-bit, signed integer
-   Name: c
-   Rank: 2
- Dimensions: 2 x 11
- Class Type: Character Array
-  Data Type: Unicode UTF-8 Encoded Character Data
- }
-   Name: easy
-   Rank: 2
- Dimensions: 1 x 1
- Class Type: Structure
-  Data Type: Structure
- Fields[6] {
-   Name: d
-   Rank: 2
- Dimensions: 5 x 10
- Class Type: Double Precision Array
-  Data Type: IEEE 754 double-precision
- {
- 1 6 11 16 21 26 31 36 41 46 
- 2 7 12 17 22 27 32 37 42 47 
- 3 8 13 18 23 28 33 38 43 48 
- 4 9 14 19 24 29 34 39 44 49 
- 5 10 15 20 25 30 35 40 45 50 
- }
-   Name: s
-   Rank: 2
- Dimensions: 5 x 10
- Class Type: Single Precision Array
-  Data Type: IEEE 754 single-precision
- {
- 1 6 11 16 21 26 31 36 41 46 
- 2 7 12 17 22 27 32 37 42 47 
- 3 8 13 18 23 28 33 38 43 48 
- 4 9 14 19 24 29 34 39 44 49 
- 5 10 15 20 25 30 35 40 45 50 
- }
-   Name: i32
-   Rank: 2
- Dimensions: 5 x 10
- Class Type: 32-bit, signed integer array
-  Data Type: 32-bit, signed integer
- {
- 1 6 11 16 21 26 31 36 41 46 
- 2 7 12 17 22 27 32 37 42 47 
- 3 8 13 18 23 28 33 38 43 48 
- 4 9 14 19 24 29 34 39 44 49 
- 5 10 15 20 25 30 35 40 45 50 
- }
-   Name: i16
-   Rank: 2
- Dimensions: 5 x 10
- Class Type: 16-bit, signed integer array
-  Data Type: 16-bit, signed integer
- {
- 1 6 11 16 21 26 31 36 41 46 
- 2 7 12 17 22 27 32 37 42 47 
- 3 8 13 18 23 28 33 38 43 48 
- 4 9 14 19 24 29 34 39 44 49 
- 5 10 15 20 25 30 35 40 45 50 
- }
-   Name: i8
-   Rank: 2
- Dimensions: 5 x 10
- Class Type: 8-bit, signed integer array
-  Data Type: 8-bit, signed integer
- {
- 1 6 11 16 21 26 31 36 41 46 
- 2 7 12 17 22 27 32 37 42 47 
- 3 8 13 18 23 28 33 38 43 48 
- 4 9 14 19 24 29 34 39 44 49 
- 5 10 15 20 25 30 35 40 45 50 
- }
-   Name: c
-   Rank: 2
- Dimensions: 2 x 11
- Class Type: Character Array
-  Data Type: Unicode UTF-8 Encoded Character Data
- {
- char array1
- char array2
- }
- }
-   Name: easy_with_sparse_and_tag
-   Rank: 2
- Dimensions: 1 x 1
- Class Type: Structure
-  Data Type: Structure
- Fields[14] {
-   Name: d
-   Rank: 2
- Dimensions: 5 x 10
- Class Type: Double Precision Array
-  Data Type: IEEE 754 double-precision
-   Name: s
-   Rank: 2
- Dimensions: 5 x 10
- Class Type: Single Precision Array
-  Data Type: IEEE 754 single-precision
-   Name: i32
-   Rank: 2
- Dimensions: 5 x 10
- Class Type: 32-bit, signed integer array
-  Data Type: 32-bit, signed integer
-   Name: i16
-   Rank: 2
- Dimensions: 5 x 10
- Class Type: 16-bit, signed integer array
-  Data Type: 16-bit, signed integer
-   Name: i8
-   Rank: 2
- Dimensions: 5 x 10
- Class Type: 8-bit, signed integer array
-  Data Type: 8-bit, signed integer
-   Name: c
-   Rank: 2
- Dimensions: 2 x 11
- Class Type: Character Array
-  Data Type: Unicode UTF-8 Encoded Character Data
-   Name: d_in_tag
-   Rank: 2
- Dimensions: 1 x 4
- Class Type: Double Precision Array
-  Data Type: IEEE 754 double-precision
-   Name: s_in_tag
-   Rank: 2
- Dimensions: 5 x 10
- Class Type: Single Precision Array
-  Data Type: IEEE 754 single-precision
-   Name: i32_in_tag
-   Rank: 2
- Dimensions: 5 x 10
- Class Type: 32-bit, signed integer array
-  Data Type: 32-bit, signed integer
-   Name: i16_in_tag
-   Rank: 2
- Dimensions: 5 x 10
- Class Type: 16-bit, signed integer array
-  Data Type: 16-bit, signed integer
-   Name: i8_in_tag
-   Rank: 2
- Dimensions: 5 x 10
- Class Type: 8-bit, signed integer array
-  Data Type: 8-bit, signed integer
-   Name: c_in_tag
-   Rank: 2
- Dimensions: 1 x 4
- Class Type: Character Array
-  Data Type: Unicode UTF-8 Encoded Character Data
-   Name: sp
-   Rank: 2
- Dimensions: 5 x 10
- Class Type: Sparse Array
-  Data Type: IEEE 754 double-precision
-   Name: sp_diag
-   Rank: 2
- Dimensions: 10 x 10
- Class Type: Sparse Array
-  Data Type: IEEE 754 double-precision
- }
-   Name: easy_with_sparse_and_tag

[Bug 2095070] Re: heap-buffer-overflow on matio-1.5.28/src/mat.c:2462:69 in Mat_VarPrint

2025-01-16 Thread Ninzahost

A heap-buffer-overflow at matio-1.5.28/src/mat.c:2462:69 in the
Mat_VarPrint function typically occurs when the function attempts to
access memory outside the bounds of the allocated buffer. This may be
caused by incorrect memory management or an error in how the variable is
being processed. To resolve the issue, you can:

Check memory allocation: Ensure that the memory allocated for the variable is 
sufficient and properly managed.
Validate inputs: Make sure the input data to Mat_VarPrint is valid and doesn't 
lead to out-of-bounds memory access.
Use debugging tools: Use tools like Valgrind or AddressSanitizer to detect 
memory issues and pinpoint the exact location of the overflow.
For a reliable hosting environment to manage your projects and avoid 
performance issues, you can check out https://ninzahost.net/ for excellent 
hosting solutions.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2095070

Title:
  heap-buffer-overflow on matio-1.5.28/src/mat.c:2462:69 in Mat_VarPrint

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+bug/2095070/+subscriptions


-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 2095070] Re: heap-buffer-overflow on matio-1.5.28/src/mat.c:2462:69 in Mat_VarPrint

[Bug 2095070] Re: heap-buffer-overflow on matio-1.5.28/src/mat.c:2462:69 in Mat_VarPrint

2 matches

Site Navigation

Mail list logo

Footer information