GNOME Bugzilla – Bug 751946
Out-of-bounds read in lotus.c:1636 on a fuzzed lotus file
Last modified: 2015-07-04 14:47:28 UTC
Git versions of glib, goffice, gnumeric, libgsf and libxml2. Test case: http://jutaky.com/fuzzing/gnumeric_case_002-lotus.c.1636.wk $ ssconvert -I Gnumeric_lotus:lotus gnumeric_case_002-lotus.c.1636.wk /tmp/out.gnumeric ==29897==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000020 (pc 0x7fb24012f203 bp 0x7ffe800958d0 sp 0x7ffe80094f80 T0) #0 0x7fb24012f202 in lotus_read_old gnumeric/gnumeric/plugins/lotus-123/lotus.c:1636:12 #1 0x7fb24012af37 in lotus_read gnumeric/gnumeric/plugins/lotus-123/lotus.c:2500:11 #2 0x7fb240122bc7 in lotus_file_open gnumeric/gnumeric/plugins/lotus-123/boot.c:85:7 #3 0x7fb261eddf20 in go_plugin_loader_module_func_file_open gnumeric/goffice/goffice/app/go-plugin-loader-module.c:282:3 #4 0x7fb261ef1aa4 in go_plugin_file_opener_open gnumeric/goffice/goffice/app/go-plugin-service.c:685:2 #5 0x7fb261eff2b8 in go_file_opener_open gnumeric/goffice/goffice/app/file.c:417:2 #6 0x7fb26387e874 in workbook_view_new_from_input gnumeric/gnumeric/src/workbook-view.c:1278:3 #7 0x7fb26387f460 in workbook_view_new_from_uri gnumeric/gnumeric/src/workbook-view.c:1337:9 #8 0x4e1031 in convert gnumeric/gnumeric/src/ssconvert.c:721:9 #9 0x4ded93 in main gnumeric/gnumeric/src/ssconvert.c:913:9 #10 0x7fb25c31a78f in __libc_start_main (/usr/lib/libc.so.6+0x2078f) #11 0x437c58 in _start (apps/bin/ssconvert+0x437c58) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV gnumeric/gnumeric/plugins/lotus-123/lotus.c:1636 lotus_read_old -- Juha Kylmänen
This problem has been fixed in our software repository. The fix will go into the next software release. Once that release is available, you may want to check for a software upgrade provided by your Linux distribution.