eaglebh / blast-dbf Goto Github PK
View Code? Open in Web Editor NEWCode to convert from dbc to dbf - Based on blast by Mark Adler <[email protected]> Decompressor for output of PKWare Data Compression Library (DCL)
Code to convert from dbc to dbf - Based on blast by Mark Adler <[email protected]> Decompressor for output of PKWare Data Compression Library (DCL)
Malformed input DBC file (attached below) causes out-of-bounds write due to missing check.
Run: (File crash01
zipped and attached below.)
./blast-dbf crash01 /dev/null
File crash01
zipped and attached below.
Gives the output:
blast-dbf.c:66:19: runtime error: variable length array bound evaluates to non-positive value 0
=================================================================
==3684929==ERROR: AddressSanitizer: dynamic-stack-buffer-overflow on address 0x7ffd8ed60e9f at pc 0x5633cca583c5 bp 0x7ffd8ed60e60 sp 0x7ffd8ed60e50
WRITE of size 1 at 0x7ffd8ed60e9f thread T0
#0 0x5633cca583c4 in dbc2dbf /home/ub/blast-dbf/blast-dbf.c:70
#1 0x5633cca48f4e in main /home/ub/blast-dbf/blast-dbf.c:118
#2 0x7f7765e75d8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
#3 0x7f7765e75e3f in __libc_start_main_impl ../csu/libc-start.c:392
#4 0x5633cca49314 in _start (/home/ub/blast-dbf/blast-dbf+0xc314)
Address 0x7ffd8ed60e9f is located in stack of thread T0
SUMMARY: AddressSanitizer: dynamic-stack-buffer-overflow /home/ub/blast-dbf/blast-dbf.c:70 in dbc2dbf
Shadow bytes around the buggy address:
0x100031da4180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x100031da4190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x100031da41a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x100031da41b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x100031da41c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x100031da41d0: ca ca ca[ca]cb cb cb cb 00 00 00 00 00 00 00 00
0x100031da41e0: 00 00 00 00 f1 f1 f1 f1 02 f3 f3 f3 00 00 00 00
0x100031da41f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x100031da4200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x100031da4210: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x100031da4220: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
==3684929==ABORTING
Crash analysis:
The issue is on blast-dbf.c:70
:
buf[header-1] = 0x0D;
With a specially crafted DBC file, I can force the header to evaluate to 0, causing 0x0D to be written to buf[-1] which is an out-of-bounds write. This crashes the program and may lead to denial of service for downstream services. I will raise a PR to fix this and a CVE to account for this bug as there are multiple downstream projects in multiple languages (Python, R from what I've seen) that make use of this code.
Hi everyone!
I would like to know what's the license of this project? I'm planing to create a conda-package for this project and I need this information.
Thanks.
Hi,
Is there any way to run blast-dbf directly from a Windows machine?
tks
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.