crash due to buffer overflow in acc_tabs.c
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Cuneiform for Linux |
New
|
Undecided
|
Unassigned | ||
cuneiform (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
cuneiform -l pol file.png
I don't know how much it's related to the other bugs so filing as new one. This happens if -l pol is specified and with -O... option passed to compiler (gcc 4.6.2; tested with -O2). I'm also attaching my patch which works around the problem and shows where it is.
If anyone has some improvements to it, that's appreciated.
Also attempts to fix a condition looks wrong.
*** buffer overflow detected ***: cuneiform terminated
======= Backtrace: =========
/lib/libc.
/lib/libc.
/lib/libc.
/usr/lib/
/usr/lib/
/usr/lib/
/usr/lib/
/usr/lib/
/usr/lib/
/usr/lib/
cuneiform[
/lib/libc.
cuneiform[
======= Memory map: ========
08048000-0804c000 r-xp 00000000 08:02 950958 /usr/bin/cuneiform
0804c000-0804d000 r--p 00003000 08:02 950958 /usr/bin/cuneiform
0804d000-0804e000 rw-p 00004000 08:02 950958 /usr/bin/cuneiform
089b4000-08b9d000 rw-p 00000000 00:00 0 [heap]
b5f37000-b62fb000 rw-p 00000000 00:00 0
b62fb000-b632b000 r-xp 00000000 08:02 970900 /usr/lib/
b632b000-b632c000 r--p 0002f000 08:02 970900 /usr/lib/
b632c000-b632d000 rw-p 00030000 08:02 970900 /usr/lib/
b6353000-b6377000 r-xp 00000000 08:02 837199 /usr/lib/
b6377000-b6378000 r--p 00023000 08:02 837199 /usr/lib/
b6378000-b6379000 rw-p 00024000 08:02 837199 /usr/lib/
b6379000-b637e000 rw-p 00000000 00:00 0
b637e000-b6385000 r-xp 00000000 08:02 951118 /usr/lib/
b6385000-b6386000 r--p 00006000 08:02 951118 /usr/lib/
b6386000-b6387000 rw-p 00007000 08:02 951118 /usr/lib/
b6387000-b638a000 rw-p 00000000 00:00 0
b638a000-b638b000 r-xp 00000000 08:02 951060 /usr/lib/
b638b000-b638c000 r--p 00000000 08:02 951060 /usr/lib/
b638c000-b638d000 rw-p 00001000 08:02 951060 /usr/lib/
b638d000-b638e000 rw-p 00000000 00:00 0
b638e000-b638f000 r-xp 00000000 08:02 951107 /usr/lib/
b638f000-b6390000 r--p 00000000 08:02 951107 /usr/lib/
b6390000-b6391000 rw-p 00001000 08:02 951107 /usr/lib/
b6391000-b63d1000 rw-p 00000000 00:00 0
b63d1000-b63e5000 r-xp 00000000 08:02 951168 /usr/lib/
b63e5000-b63e6000 r--p 00013000 08:02 951168 /usr/lib/
b63e6000-b63e7000 rw-p 00014000 08:02 951168 /usr/lib/
b63e7000-b63f9000 rw-p 00000000 00:00 0
b63f9000-b6413000 r-xp 00000000 08:02 951078 /usr/lib/
b6413000-b6414000 r--p 00019000 08:02 951078 /usr/lib/
b6414000-b6418000 rw-p 0001a000 08:02 951078 /usr/lib/
b6418000-b641b000 rw-p 00000000 00:00 0
b641b000-b641f000 r-xp 00000000 08:02 954452 /lib/libuuid.
b641f000-b6420000 r--p 00003000 08:02 954452 /lib/libuuid.
b6420000-b6421000 rw-p 00004000 08:02 954452 /lib/libuuid.
b6421000-b6422000 rw-p 00000000 00:00 0
b6422000-b6443000 r-xp 00000000 08:02 836334 /usr/lib/
b6443000-b6444000 r--p 00020000 08:02 836334 /usr/lib/
b6444000-b6445000 rw-p 00021000 08:02 836334 /usr/lib/
b6445000-b645f000 r-xp 00000000 08:02 951091 /usr/lib/
b645f000-b6460000 r--p 00019000 08:02 951091 /usr/lib/
b6460000-b6461000 rw-p 0001a000 08:02 951091 /usr/lib/
b6461000-b6466000 rw-p 00000000 00:00 0
b6466000-b646d000 r-xp 00000000 08:02 951294 /usr/lib/
b646d000-b646e000 r--p 00006000 08:02 951294 /usr/lib/
b646e000-b646f000 rw-p 00007000 08:02 951294 /usr/lib/
b646f000-b648d000 r-xp 00000000 08:02 951121 /usr/lib/
b648d000-b648e000 r--p 0001d000 08:02 951121 /usr/lib/
b648e000-b648f000 rw-p 0001e000 08:02 951121 /usr/lib/
b648f000-b6490000 rw-p 00000000 00:00 0
b6490000-b649e000 r-xp 00000000 08:02 951114 /usr/lib/
b649e000-b649f000 r--p 0000e000 08:02 951114 /usr/lib/
b649f000-b64a0000 rw-p 0000f000 08:02 951114 /usr/lib/
b64a0000-b64a4000 rw-p 00000000 00:00 0
b64a4000-b64a8000 r-xp 00000000 08:02 951111 /usr/lib/
b64a8000-b64a9000 r--p 00003000 08:02 951111 /usr/lib/
b64a9000-b64aa000 rw-p 00004000 08:02 951111 /usr/lib/
b64aa000-b64eb000 rw-p 00000000 00:00 0
b64eb000-b6516000 r-xp 00000000 08:02 951088 /usr/lib/
b6516000-b6517000 r--p 0002a000 08:02 951088 /usr/lib/
b6517000-b6519000 rw-p 0002b000 08:02 951088 /usr/lib/
b6519000-b6538000 rw-p 00000000 00:00 0
b6538000-b6540000 r-xp 00000000 08:02 951072 /usr/lib/
b6540000-b6541000 r--p 00008000 08:02 951072 /usr/lib/
b6541000-b6542000 rw-p 00009000 08:02 951072 /usr/lib/
b6542000-b6553000 rw-p 00000000 00:00 0
b6553000-b6563000 r-xp 00000000 08:02 951317 /usr/lib/
b6563000-b6564000 r--p 0000f000 08:02 951317 /usr/lib/
b6564000-b6565000 rw-p 00010000 08:02 951317 /usr/lib/
b6565000-b6569000 rw-p 00000000 00:00 0
b6569000-b657d000 r-xp 00000000 08:02 951165 /usr/lib/
b657d000-b657e000 r--p 00013000 08:02 951165 /usr/lib/
b657e000-b657f000 rw-p 00014000 08:02 951165 /usr/lib/
b657f000-b6592000 rw-p 00000000 00:00 0
b6592000-b659c000 r-xp 00000000 08:02 951314 /usr/lib/
b659c000-b659d000 r--p 00009000 08:02 951314 /usr/lib/
b659d000-b659e000 rw-p 0000a000 08:02 951314 /usr/lib/
b659e000-b65ac000 r-xp 00000000 08:02 951136 /usr/lib/
b65ac000-b65ad000 r--p 0000d000 08:02 951136 /usr/lib/
b65ad000-b65af000 rw-p 0000e000 08:02 951136 /usr/lib/
b65af000-b65cf000 rw-p 00000000 00:00 0
b65cf000-b65d3000 r-xp 00000000 08:02 951101 /usr/lib/
b65d3000-b65d4000 r--p 00003000 08:02 951101 /usr/lib/
b65d4000-b65d5000 rw-p 00004000 08:02 951101 /usr/lib/
This is another approach, but I didn't test or used it.