Submit #586106: GNU libpspp pspp-convert master in Git Repository[commit:82fb509fb2fedd33e7ac0c46ca99e108bb3bdffb] Denial of Serviceinfo

TitleGNU libpspp pspp-convert master in Git Repository[commit:82fb509fb2fedd33e7ac0c46ca99e108bb3bdffb] Denial of Service
DescriptionSummary Bad-Free Vulnerability in pspp-convert: Uninitialized Memory Free Attempt Environment PSPP version: master in Git Repository[commit:82fb509fb2fedd33e7ac0c46ca99e108bb3bdffb] OS: Ubuntu 20.04.6 LTS Compiler: Clang-12.0.1 Steps to reproduce # export CFLAGS="-g -O0 -fno-inline -fno-lto -fsanitize=address" # export CXXFLAGS="-g -O0 -fno-inline -fno-lto -fsanitize=address" # ./configure --prefix=$INSTALL_DIR --without-gui --disable-shared --without-perl-module # make -j64 & make install root@9c4de30a2a30:pspp-82fb509/install/bin/pspp-convert -O csv --drop var1 --recode --delimiter / POC_PSPP_bad-free /dev/null `POC_PSPP_bad-free': This system file does not indicate its own character encoding. Using default encoding ANSI_X3.4-1968. For best results, specify an encoding explicitly. Use SYSFILE INFO with ENCODING="DETECT" to analyze the possible encodings. `POC_PSPP_bad-free': File header claims 4 variable positions but 0 were read from file. ================================================================= ==2681342==ERROR: AddressSanitizer: attempting free on address which was not malloc()-ed: 0x7fa4dca13d98 in thread T0 #0 0x49ec02 in free (/new-test/fuzzdir/fuz-pspp/pspp-0501-new/pspp-82fb509/install/bin/pspp-convert+0x49ec02) #1 0x4d32bb in parse_variables_option /new-test/fuzzdir/fuz-pspp/pspp-0501-new/pspp-82fb509/utilities/pspp-convert.c:91:7 #2 0x4d131b in main /new-test/fuzzdir/fuz-pspp/pspp-0501-new/pspp-82fb509/utilities/pspp-convert.c:315:12 #3 0x7fa4deff1d8f in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16 #4 0x7fa4deff1e3f in __libc_start_main csu/../csu/libc-start.c:392:3 #5 0x423fa4 in _start (/new-test/fuzzdir/fuz-pspp/pspp-0501-new/pspp-82fb509/install/bin/pspp-convert+0x423fa4) Address 0x7fa4dca13d98 is a wild pointer. SUMMARY: AddressSanitizer: bad-free (/new-test/fuzzdir/fuz-pspp/pspp-0501-new/pspp-82fb509/install/bin/pspp-convert+0x49ec02) in free ==2681342==ABORTING POC https://drive.google.com/file/d/1YPJLiBzOwVTcc2FzdawYxBJWGujwqy7o/view?usp=sharing Credit Xudong Cao (UCAS)
Source⚠️ https://savannah.gnu.org/bugs/index.php?67072
User
 Anonymous User
Submission05/28/2025 07:50 PM (1 month ago)
Moderation06/09/2025 09:19 AM (12 days later)
StatusAccepted
VulDB Entry311671 [GNU PSPP 82fb509fb2fedd33e7ac0c46ca99e108bb3bdffb utilities/pspp-convert.c parse_variables_option free of memory not on the heap]
Points20

PreviousOverviewNext

Might our Artificial Intelligence support you?

Check our Alexa App!