View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0000617 | Raptor RDF Syntax Library | api | public | 2017-04-15 14:55 | 2022-12-26 22:24 |
| Reporter | hanno | Assigned To | Dave Beckett | ||
| Priority | normal | Severity | crash | Reproducibility | always |
| Status | closed | Resolution | fixed | ||
| Platform | Linux | OS | Linux | ||
| Product Version | 2.0.15 | ||||
| Fixed in Version | 2.0.16 | ||||
| Summary | 0000617: heap buffer overflow in raptor_qname_format_as_xml | ||||
| Description | The attached file will cause a heap buffer overflow in raptor. Can be tested with the rapper command line tool. This is a security bug, so I'm marking this private. Here's a stack trace of the crash (from address sanitizer): ==24627==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x604000002090 at pc 0x000000529a9c bp 0x7fffc7e52060 sp 0x7fffc7e52058 WRITE of size 8 at 0x604000002090 thread T0 #0 0x529a9b in raptor_qname_format_as_xml /f/raptor/raptor2-2.0.15/src/raptor_qname.c:666:15 #1 0x5cb770 in raptor_xml_writer_start_element_common /f/raptor/raptor2-2.0.15/src/raptor_xml_writer.c:242:9 #2 0x5cd317 in raptor_xml_writer_start_element /f/raptor/raptor2-2.0.15/src/raptor_xml_writer.c:571:3 #3 0x55c534 in raptor_rdfxml_start_element_grammar /f/raptor/raptor2-2.0.15/src/raptor_rdfxml.c:2044:9 #4 0x55c534 in raptor_rdfxml_start_element_handler /f/raptor/raptor2-2.0.15/src/raptor_rdfxml.c:830 #5 0x54d8e6 in raptor_sax2_start_element /f/raptor/raptor2-2.0.15/src/raptor_sax2.c:826:5 #6 0x7efcbd5decad in xmlParseStartTag (/usr/lib64/libxml2.so.2+0x41cad) #7 0x7efcbd5ec323 (/usr/lib64/libxml2.so.2+0x4f323) #8 0x7efcbd5ed3ba in xmlParseChunk (/usr/lib64/libxml2.so.2+0x503ba) #9 0x54c2e7 in raptor_sax2_parse_chunk /f/raptor/raptor2-2.0.15/src/raptor_sax2.c:534:10 #10 0x558ec9 in raptor_rdfxml_parse_chunk /f/raptor/raptor2-2.0.15/src/raptor_rdfxml.c:1169:8 #11 0x512da5 in raptor_parser_parse_chunk /f/raptor/raptor2-2.0.15/src/raptor_parse.c:482:10 #12 0x512da5 in raptor_parser_parse_file_stream /f/raptor/raptor2-2.0.15/src/raptor_parse.c:554 #13 0x51324f in raptor_parser_parse_file /f/raptor/raptor2-2.0.15/src/raptor_parse.c:616:8 #14 0x50dd82 in main /f/raptor/raptor2-2.0.15/utils/rapper.c:917:8 #15 0x7efcbc4d52b0 in __libc_start_main (/lib64/libc.so.6+0x202b0) #16 0x41b919 in _start (/r/raptor/rapper+0x41b919) | ||||
| Tags | No tags attached. | ||||
| Syntax Name | |||||
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2017-04-15 14:55 | hanno | New Issue | |
| 2017-04-15 14:55 | hanno | File Added: raptor-heapoverflow-raptor_qname_format_as_xml.rdf | |
| 2017-04-16 15:18 | Dave Beckett | Note Added: 0002136 | |
| 2017-04-16 15:18 | Dave Beckett | Status | new => closed |
| 2017-04-16 15:18 | Dave Beckett | Assigned To | => Dave Beckett |
| 2017-04-16 15:18 | Dave Beckett | Resolution | open => fixed |
| 2017-04-16 15:18 | Dave Beckett | Fixed in Version | => 2.0.16 |
| 2022-12-26 22:24 | Dave Beckett | View Status | private => public |
