From 70e3fcf293c1827a2655a86584ab13075124a8a8 Mon Sep 17 00:00:00 2001
From: Sami Kerola
Date: Sun, 9 Aug 2015 18:02:18 +0100
Subject: colcrt: allocate enough space for data moves [afl & asan]

==2807==ERROR: AddressSanitizer: global-buffer-overflow on address 0x0000013a31f0 at pc 0x0000004e3047 bp 0x7fffcb7df8d0 sp 0x7fffcb7df8c8
READ of size 4 at 0x0000013a31f0 thread T0
    #0 0x4e3046 in move /home/src/util-linux/text-utils/colcrt.c:309:13
    #1 0x4e25b1 in pflush /home/src/util-linux/text-utils/colcrt.c:264:3
    #2 0x4e246d in colcrt /home/src/util-linux/text-utils/colcrt.c:157:4
    #3 0x4e17d4 in main /home/src/util-linux/text-utils/colcrt.c:141:3
    #4 0x7fb0cb2ee60f in __libc_start_main (/usr/lib/libc.so.6+0x2060f)
    #5 0x4362c8 in _start (/home/src/util-linux/colcrt+0x4362c8)

0x0000013a31f0 is located 0 bytes to the right of global variable 'page' defined in 'text-utils/colcrt.c:73:9' (0x1380b40) of size 140976
SUMMARY: AddressSanitizer: global-buffer-overflow /home/src/util-linux/text-utils/colcrt.c:309 move

And another crash:

==4578==ERROR: AddressSanitizer: global-buffer-overflow on address 0x0000013a3d24 at pc 0x0000004e2510 bp 0x7ffc9257b0e0 sp 0x7ffc9257b0d8
READ of size 4 at 0x0000013a3d24 thread T0
    #0 0x4e250f in colcrt /home/src/util-linux/text-utils/colcrt.c:218:8
    #1 0x4e17d4 in main /home/src/util-linux/text-utils/colcrt.c:141:3
    #2 0x7fe0ac94160f in __libc_start_main (/usr/lib/libc.so.6+0x2060f)
    #3 0x4362c8 in _start (/home/src/util-linux/colcrt+0x4362c8)

0x0000013a3d24 is located 8 bytes to the right of global variable 'page' defined in 'text-utils/colcrt.c:73:9' (0x1381240) of size 142044
SUMMARY: AddressSanitizer: global-buffer-overflow /home/src/util-linux/text-utils/colcrt.c:218 colcrt

Reported-by: Alaa Mubaied <alaamubaied@gmail.com>
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
---
 text-utils/colcrt.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'text-utils/colcrt.c')

diff --git a/text-utils/colcrt.c b/text-utils/colcrt.c
index 3cf25cbbe..be7f84795 100644
--- a/text-utils/colcrt.c
+++ b/text-utils/colcrt.c
@@ -71,7 +71,7 @@ static void __attribute__ ((__noreturn__)) usage(FILE * out);
 #define FLUSH_SIZE 62
 #define PAGE_ARRAY_ROWS 267
 #define PAGE_ARRAY_COLS 132
-wchar_t	page[PAGE_ARRAY_ROWS][PAGE_ARRAY_COLS];
+wchar_t	page[PAGE_ARRAY_ROWS + 1][PAGE_ARRAY_COLS + 1];
 
 int	outline = 1;
 int	outcol;
-- 
cgit v1.2.3-55-g7522