Submit #586105: GNU libpspp pspp-convert master in Git Repository [commit:82fb509fb2fedd33e7ac0c46ca99e108bb3bdffb] Denial of Serviceinfo

TitleGNU libpspp pspp-convert master in Git Repository [commit:82fb509fb2fedd33e7ac0c46ca99e108bb3bdffb] Denial of Service
DescriptionSummary Segmentation Fault in pspp-convert Due to Improper Memory Access. Environment PSPP version: master in Git Repository[commit:82fb509fb2fedd33e7ac0c46ca99e108bb3bdffb] OS: Ubuntu 20.04.6 LTS Compiler: Clang-12.0.1 Steps to reproduce # export CFLAGS="-g -O0 -fno-inline -fno-lto -fsanitize=address" # export CXXFLAGS="-g -O0 -fno-inline -fno-lto -fsanitize=address" # ./configure --prefix=$INSTALL_DIR --without-gui --disable-shared --without-perl-module # make -j64 & make install root@9c4de30a2a30:pspp-82fb509/install/bin/pspp-convert -O csv --drop var1 --recode --delimiter / POC/POC_PSPP_SEGV_1 /dev/null `POC/POC_PSPP_SEGV_1': This system file does not indicate its own character encoding. Using default encoding ANSI_X3.4-1968. For best results, specify an encoding explicitly. Use SYSFILE INFO with ENCODING="DETECT" to analyze the possible encodings. `POC/POC_PSPP_SEGV_1': File header claims 4 variable positions but 0 were read from file. AddressSanitizer:DEADLYSIGNAL ================================================================= ==2540292==ERROR: AddressSanitizer: SEGV on unknown address 0x7f47201d4c58 (pc 0x000000424d54 bp 0x000000000000 sp 0x7ffe9c883cb0 T0) ==2540292==The signal is caused by a WRITE memory access. #0 0x424d54 in __asan::Allocator::Deallocate(void*, unsigned long, unsigned long, __sanitizer::BufferedStackTrace*, __asan::AllocType) (/new-test/fuzzdir/fuz-pspp/pspp-0501-new/pspp-82fb509/install/bin/pspp-convert+0x424d54) #1 0x49ec65 in free (/new-test/fuzzdir/fuz-pspp/pspp-0501-new/pspp-82fb509/install/bin/pspp-convert+0x49ec65) #2 0x4d32bb in parse_variables_option /new-test/fuzzdir/fuz-pspp/pspp-0501-new/pspp-82fb509/utilities/pspp-convert.c:91:7 #3 0x4d131b in main /new-test/fuzzdir/fuz-pspp/pspp-0501-new/pspp-82fb509/utilities/pspp-convert.c:315:12 #4 0x7f47201f9d8f in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16 #5 0x7f47201f9e3f in __libc_start_main csu/../csu/libc-start.c:392:3 #6 0x423fa4 in _start (/new-test/fuzzdir/fuz-pspp/pspp-0501-new/pspp-82fb509/install/bin/pspp-convert+0x423fa4) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV (/new-test/fuzzdir/fuz-pspp/pspp-0501-new/pspp-82fb509/install/bin/pspp-convert+0x424d54) in __asan::Allocator::Deallocate(void*, unsigned long, unsigned long, __sanitizer::BufferedStackTrace*, __asan::AllocType) ==2540292==ABORTING POC https://drive.google.com/file/d/1ZigqDFZQn5YUWFLu1V2juDGWQgbJFAtX/view?usp=sharing Credit Xudong Cao (UCAS)
Source⚠️ https://savannah.gnu.org/bugs/index.php?67071
User
 Anonymous User
Submission05/28/2025 07:47 PM (2 months ago)
Moderation06/09/2025 09:19 AM (12 days later)
StatusAccepted
VulDB Entry311670 [GNU PSPP 82fb509fb2fedd33e7ac0c46ca99e108bb3bdffb utilities/pspp-convert.c parse_variables_option out-of-bounds write]
Points20

PreviousOverviewNext

Might our Artificial Intelligence support you?

Check our Alexa App!