program abort by "lh_table_new: calloc failed"
Bug #1878738 reported by
yusuke mihara
This bug report is a duplicate of:
Bug #1878723: Kernel panic when used with upstart after 0.11-4ubuntu2.1 update.
Edit
Remove
This bug affects 5 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
json-c (Ubuntu) |
Confirmed
|
Undecided
|
Unassigned |
Bug Description
I wrote small sample program which abort by lh_table_new calloc failed.
see this.
https:/
CVE References
To post a comment you must log in.
I have identified the same issue. Parsing a relatively small file may result in a calloc failure because lh_table_new attempts to allocate an incorrectly size block of memory. In my case it attempted to allocate over 68 GiB in a single allocation.
The cause seems to be the changes in the CVE patch:
json-c (0.12.1- 1.3ubuntu0. 1) bionic-security; urgency=medium
* SECURITY UPDATE: Integer overflows patches/ CVE-2020- 12762-* .patch: fix a series of
- debian/
integer overflows adding checks in linkhash.c, printbuf.c.
- CVE-2020-12762
-- <email address hidden> (Leonidas S. Barbosa) Mon, 11 May 2020 16:29:02 -0300