Отправить #850385: radareorg radare2 6.1.6 Integer OverflowИнформация

Названиеradareorg radare2 6.1.6 Integer Overflow
Описание> This report was generated by AI and manually verified by a human. ## Environment ```sh # copypaste this script into your shell and replace it with the output date r2 -v uname -ms ``` ## Description `r_str_append` in `libr/util/str.c` can overflow signed `int` arithmetic while computing the required appended string size. A harness linked against the sanitized `libr_util` drives the size calculation to `2147483647 + 1`. UBSan reports signed integer overflow at `libr/util/str.c:870:36`. The expected behavior is to use checked size arithmetic and reject append operations whose computed size exceeds the supported range. ## Test PoC: - [r_str_append_overflow_harness.c](https://github.com/Bin-infinite/vuln-validations/blob/main/radare2/target/case-027/pocs/r_str_append_overflow_harness.c) - [run_r_str_append_overflow.sh](https://github.com/Bin-infinite/vuln-validations/blob/main/radare2/target/case-027/pocs/run_r_str_append_overflow.sh) Reproducer: ```sh ROOT="$PWD" curl -LO https://raw.githubusercontent.com/Bin-infinite/vuln-validations/main/radare2/target/case-027/pocs/r_str_append_overflow_harness.c clang -fsanitize=address,undefined -fno-omit-frame-pointer -g -O0 \ -I"$ROOT/libr/include" \ -I"$ROOT/build" \ -I"$ROOT/shlr/sdb/include" \ -L"$ROOT/build/libr/util" \ -Wl,-rpath,"$ROOT/build/libr/util" \ -o /tmp/r_str_append_overflow_harness \ r_str_append_overflow_harness.c \ -lr_util ASAN_OPTIONS=detect_leaks=0 \ UBSAN_OPTIONS=halt_on_error=0:print_stacktrace=1 \ /tmp/r_str_append_overflow_harness ``` Expected sanitizer result: ```text libr/util/str.c:870:36: runtime error: signed integer overflow: 2147483647 + 1 cannot be represented in type 'int' ``` Stack trace excerpt: ```text #0 r_str_append libr/util/str.c:870 #1 main row-validation-output/case-027/pocs/r_str_append_overflow_harness.c:108 SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior libr/util/str.c:870:36 ```
Источник⚠️ https://github.com/radareorg/radare2/issues/26045
Пользователь
 Kery Qi (UID 94424)
Представление06.06.2026 07:31 (29 дни назад)
Модерация04.07.2026 18:19 (28 days later)
Статуспринято
Запись VulDB376350 [radareorg radare2 до 6.1.6 libr/util/str.c r_str_ndup/r_str_append повреждение памяти]
Баллы20

Might our Artificial Intelligence support you?

Check our Alexa App!