From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on sa.local.altlinux.org X-Spam-Level: X-Spam-Status: No, score=-2.2 required=5.0 tests=BAYES_00, DNS_FROM_AHBL_RHSBL, RCVD_IN_DNSWL_LOW,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,RP_MATCHES_RCVD, SPF_PASS autolearn=ham autolearn_force=no version=3.4.0 Date: Sun, 27 Mar 2016 20:59:22 +0100 From: Felix Janda To: Linux console tools development discussion Message-ID: <20160327195922.GA13409@nyan> References: <20160321104152.654b0d38@pc1> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <20160321104152.654b0d38@pc1> User-Agent: Mutt/1.5.23 (2014-03-12) Subject: Re: [kbd] Invalid out of bounds memory read when running make check X-BeenThere: kbd@lists.altlinux.org X-Mailman-Version: 2.1.12 Precedence: list Reply-To: Linux console tools development discussion List-Id: Linux console tools development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 27 Mar 2016 19:59:43 -0000 Archived-At: List-Archive: Subject: ksyms: Fix out of bounds memory read in codetoksym Bug detected by Hanno Böck using asan. --- src/libkeymap/ksyms.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/libkeymap/ksyms.c b/src/libkeymap/ksyms.c index 22b1336..3d35ead 100644 --- a/src/libkeymap/ksyms.c +++ b/src/libkeymap/ksyms.c @@ -197,7 +197,7 @@ codetoksym(struct lk_ctx *ctx, int code) { i = ctx->charset; while (1) { p = (sym *) charsets[i].charnames; - if (p) { + if (p && (KVAL(code) >= charsets[i].start)) { p += KVAL(code) - charsets[i].start; if (p->name[0]) -- 2.7.3 Hanno Böck wrote: > Hi, > > When compiling kbd (latest version 2.0.3) with address sanitizer and > running the test suite (make check) it will show a global out of bounds > memory read. I have attached the address sanitizer error message at the > end of this mail. > > I have not fully tracked down the bug, but the error happens in the > file ksyms.c in line 203. > > The test that's causing this can be manually run with > ./libkeymap-dumpkeys ./dumpkeys.ua-ws.map SEPARATE_LINE FALSE > in the tests dir. > > This line from dumpkeys.ua-ws.map causes it: > altgr keycode 3 = 157 > > To reproduce: > ./configure CFLAGS="-fsanitize=address -g" LDFLAGS="-fsanitize=address" > make > make check It segfaults for me on a musl based system without asan. I think that the patch above should fix it. Felix