[PATCH] google polyline out of bounds read

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

[PATCH] google polyline out of bounds read

Ralf Horstmann
Hi,

here is a patch to fix out of bounds access to the polyline part of the google
format.

The attached sample is best tested with valgrind to verify the invalid reads
are fixed with the patch. E.g.:

valgrind gpsbabel -i google -f google2.xml

Cheers,
Ralf


------------------------------------------------------------------------------
Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
from Actuate! Instantly Supercharge Your Business Reports and Dashboards
with Interactivity, Sharing, Native Excel Exports, App Integration & more
Get technology previously reserved for billion-dollar corporations, FREE
http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk
_______________________________________________
Gpsbabel-code mailing list  http://www.gpsbabel.org
[hidden email]
https://lists.sourceforge.net/lists/listinfo/gpsbabel-code

gpsbabel-polyline.patch (346 bytes) Download Attachment
google2.xml (339 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: [PATCH] google polyline out of bounds read

tsteven4-2
If I build gpsbabel with CC=afl-gcc CXX=afl-g++ multiple test cases  when running ./testo
I was using the latest afl fuzzer, 0.95b, on Centos 7.

Does this work for you?

On 12/21/2014 8:53 AM, Ralf Horstmann wrote:
Hi,

here is a patch to fix out of bounds access to the polyline part of the google
format.

The attached sample is best tested with valgrind to verify the invalid reads
are fixed with the patch. E.g.:

valgrind gpsbabel -i google -f google2.xml

Cheers,
Ralf



------------------------------------------------------------------------------
Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
from Actuate! Instantly Supercharge Your Business Reports and Dashboards
with Interactivity, Sharing, Native Excel Exports, App Integration & more
Get technology previously reserved for billion-dollar corporations, FREE
http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk


_______________________________________________
Gpsbabel-code mailing list  http://www.gpsbabel.org
[hidden email]
https://lists.sourceforge.net/lists/listinfo/gpsbabel-code


------------------------------------------------------------------------------
Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
from Actuate! Instantly Supercharge Your Business Reports and Dashboards
with Interactivity, Sharing, Native Excel Exports, App Integration & more
Get technology previously reserved for billion-dollar corporations, FREE
http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk
_______________________________________________
Gpsbabel-code mailing list  http://www.gpsbabel.org
[hidden email]
https://lists.sourceforge.net/lists/listinfo/gpsbabel-code
Reply | Threaded
Open this post in threaded view
|

Re: [PATCH] google polyline out of bounds read

Ralf Horstmann
I guess you mean that test cases are _failing_ when gpsbabel is compiled with
afl, right?

For me that works, ./testo reports no errors when gpsbabel is compiled with
afl. I'm using the following combinations:

- Debian/Jessie amd64, gcc-4.9.1, afl 0.95b
- OpenBSD-current amd64, gcc-4.2.1, afl 0.95b

Cheers,
Ralf

* tsteven4 <[hidden email]> [2014-12-21 23:45]:

> If I build gpsbabel with CC=afl-gcc CXX=afl-g++ multiple test cases when
> running ./testo
> I was using the latest afl fuzzer, 0.95b, on Centos 7.
>
> Does this work for you?
>
> On 12/21/2014 8:53 AM, Ralf Horstmann wrote:
> >Hi,
> >
> >here is a patch to fix out of bounds access to the polyline part of the google
> >format.
> >
> >The attached sample is best tested with valgrind to verify the invalid reads
> >are fixed with the patch. E.g.:
> >
> >valgrind gpsbabel -i google -f google2.xml
> >
> >Cheers,
> >Ralf

------------------------------------------------------------------------------
Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
from Actuate! Instantly Supercharge Your Business Reports and Dashboards
with Interactivity, Sharing, Native Excel Exports, App Integration & more
Get technology previously reserved for billion-dollar corporations, FREE
http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk
_______________________________________________
Gpsbabel-code mailing list  http://www.gpsbabel.org
[hidden email]
https://lists.sourceforge.net/lists/listinfo/gpsbabel-code
Reply | Threaded
Open this post in threaded view
|

Re: [PATCH] google polyline out of bounds read

tsteven4-2
Ralf,

Thanks for letting me know testo works for you.

Your guess is correct, when executing the instrumented executable many
of the test cases fail for me.  This is on our regression machine so all
these test cases regularly pass with a non-instrumented executable.

I have written Michal Zalewski, perhaps he will be able to shed some
light on the problem.

Steve

On 12/22/2014 2:20 AM, Ralf Horstmann wrote:

> I guess you mean that test cases are _failing_ when gpsbabel is compiled with
> afl, right?
>
> For me that works, ./testo reports no errors when gpsbabel is compiled with
> afl. I'm using the following combinations:
>
> - Debian/Jessie amd64, gcc-4.9.1, afl 0.95b
> - OpenBSD-current amd64, gcc-4.2.1, afl 0.95b
>
> Cheers,
> Ralf
>
> * tsteven4 <[hidden email]> [2014-12-21 23:45]:
>> If I build gpsbabel with CC=afl-gcc CXX=afl-g++ multiple test cases when
>> running ./testo
>> I was using the latest afl fuzzer, 0.95b, on Centos 7.
>>
>> Does this work for you?
>>
>> On 12/21/2014 8:53 AM, Ralf Horstmann wrote:
>>> Hi,
>>>
>>> here is a patch to fix out of bounds access to the polyline part of the google
>>> format.
>>>
>>> The attached sample is best tested with valgrind to verify the invalid reads
>>> are fixed with the patch. E.g.:
>>>
>>> valgrind gpsbabel -i google -f google2.xml
>>>
>>> Cheers,
>>> Ralf
> ------------------------------------------------------------------------------
> Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
> from Actuate! Instantly Supercharge Your Business Reports and Dashboards
> with Interactivity, Sharing, Native Excel Exports, App Integration & more
> Get technology previously reserved for billion-dollar corporations, FREE
> http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk
> _______________________________________________
> Gpsbabel-code mailing list  http://www.gpsbabel.org
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/gpsbabel-code


------------------------------------------------------------------------------
Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
from Actuate! Instantly Supercharge Your Business Reports and Dashboards
with Interactivity, Sharing, Native Excel Exports, App Integration & more
Get technology previously reserved for billion-dollar corporations, FREE
http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk
_______________________________________________
Gpsbabel-code mailing list  http://www.gpsbabel.org
[hidden email]
https://lists.sourceforge.net/lists/listinfo/gpsbabel-code
Reply | Threaded
Open this post in threaded view
|

Re: [PATCH] google polyline out of bounds read

Robert Lipe-4
In reply to this post by Ralf Horstmann
Thanx, Rolf.  I've committed this.

On Sun, Dec 21, 2014 at 9:53 AM, Ralf Horstmann <[hidden email]> wrote:
Hi,

here is a patch to fix out of bounds access to the polyline part of the google
format.

The attached sample is best tested with valgrind to verify the invalid reads
are fixed with the patch. E.g.:

valgrind gpsbabel -i google -f google2.xml

Cheers,
Ralf


------------------------------------------------------------------------------
Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
from Actuate! Instantly Supercharge Your Business Reports and Dashboards
with Interactivity, Sharing, Native Excel Exports, App Integration & more
Get technology previously reserved for billion-dollar corporations, FREE
http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk
_______________________________________________
Gpsbabel-code mailing list  http://www.gpsbabel.org
[hidden email]
https://lists.sourceforge.net/lists/listinfo/gpsbabel-code


------------------------------------------------------------------------------
Dive into the World of Parallel Programming! The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now. http://goparallel.sourceforge.net
_______________________________________________
Gpsbabel-code mailing list  http://www.gpsbabel.org
[hidden email]
https://lists.sourceforge.net/lists/listinfo/gpsbabel-code
Reply | Threaded
Open this post in threaded view
|

Re: [PATCH] google polyline out of bounds read

tsteven4-2
In reply to this post by tsteven4-2
My issues with afl where due to a bug in afl.  It has been fixed in 0.97b.
> Fixed a very rare glitch when running instrumenting 64-bit code that makes
>      heavy use of xmm registers that are also touched by glibc.

On 12/22/2014 6:37 AM, tsteven4 wrote:

> Ralf,
>
> Thanks for letting me know testo works for you.
>
> Your guess is correct, when executing the instrumented executable many
> of the test cases fail for me.  This is on our regression machine so
> all these test cases regularly pass with a non-instrumented executable.
>
> I have written Michal Zalewski, perhaps he will be able to shed some
> light on the problem.
>
> Steve
>
> On 12/22/2014 2:20 AM, Ralf Horstmann wrote:
>> I guess you mean that test cases are _failing_ when gpsbabel is
>> compiled with
>> afl, right?
>>
>> For me that works, ./testo reports no errors when gpsbabel is
>> compiled with
>> afl. I'm using the following combinations:
>>
>> - Debian/Jessie amd64, gcc-4.9.1, afl 0.95b
>> - OpenBSD-current amd64, gcc-4.2.1, afl 0.95b
>>
>> Cheers,
>> Ralf
>>
>> * tsteven4 <[hidden email]> [2014-12-21 23:45]:
>>> If I build gpsbabel with CC=afl-gcc CXX=afl-g++ multiple test cases
>>> when
>>> running ./testo
>>> I was using the latest afl fuzzer, 0.95b, on Centos 7.
>>>
>>> Does this work for you?
>>>
>>> On 12/21/2014 8:53 AM, Ralf Horstmann wrote:
>>>> Hi,
>>>>
>>>> here is a patch to fix out of bounds access to the polyline part of
>>>> the google
>>>> format.
>>>>
>>>> The attached sample is best tested with valgrind to verify the
>>>> invalid reads
>>>> are fixed with the patch. E.g.:
>>>>
>>>> valgrind gpsbabel -i google -f google2.xml
>>>>
>>>> Cheers,
>>>> Ralf
>> ------------------------------------------------------------------------------
>>
>> Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
>> from Actuate! Instantly Supercharge Your Business Reports and Dashboards
>> with Interactivity, Sharing, Native Excel Exports, App Integration &
>> more
>> Get technology previously reserved for billion-dollar corporations, FREE
>> http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk 
>>
>> _______________________________________________
>> Gpsbabel-code mailing list  http://www.gpsbabel.org
>> [hidden email]
>> https://lists.sourceforge.net/lists/listinfo/gpsbabel-code
>


------------------------------------------------------------------------------
Dive into the World of Parallel Programming! The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now. http://goparallel.sourceforge.net
_______________________________________________
Gpsbabel-code mailing list  http://www.gpsbabel.org
[hidden email]
https://lists.sourceforge.net/lists/listinfo/gpsbabel-code