View Issue Details Jump to Notes ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0011018CMakeCMakepublic2010-07-21 08:252011-05-02 14:45
ReporterPetr Uzel 
Assigned ToBen Boeckel 
PriorityhighSeveritymajorReproducibilityalways
StatusclosedResolutionfixed 
PlatformOSOS Version
Product VersionCMake-2-8 
Target VersionCMake 2.8.4Fixed in VersionCMake 2.8.4 
Summary0011018: CMake compilation fails with buffer overflow detected
DescriptionSystemInformationImplementation::ChipID.ProcessorName buffer is to short so that it cannot store long enough processor name.

This leads to buffer overflow in
Source/kwsys/SystemInformation.cxx:2040-2042.

[cmake-2.8.2]

I suggest to increase the CHIPNAME_STRING_LENGTH to some higher value. Patch attached.
TagsNo tags attached.
Attached Filesdiff file icon fortify-buffer-overflows.diff [^] (506 bytes) 2010-07-21 08:25 [Show Content]

 Relationships
has duplicate 0009267closedBill Hoffman Buffer overflows in SystemInformation.cxx 

  Notes
(0022171)
David Cole (manager)
2010-09-09 17:50

How do you reproduce this problem?

There's actually a processor name string longer than 48 chars out there in the wild?
What is it?

And is 70 sufficiently future proof? (Is there a max reasonable agreed-upon-by-vendors length for this...?)
(0022255)
Petr Uzel (reporter)
2010-09-16 05:52

Hello David,

> How do you reproduce this problem?
By building cmake-2.8.2 with g++-4.5 with following options:
-O2 -g -m64 -fmessage-length=0 -D_FORTIFY_SOURCE=2 -fstack-protector -funwind-tables -fasynchronous-unwind-tables

> There's actually a processor name string longer than 48 chars out there in
> the wild? What is it?
The strings come from cmake sources. See Source/kwsys/SystemInformation.cxx, lines 2040-2042 (in cmake-2.8.2)
(0023807)
Ben Boeckel (developer)
2010-12-08 13:37

I think it'd be saner to use snprintf where possible here to avoid future overflows. A size of 70 should be good for now, but protecting against future overflows should be done as well IMO. I'll work to get this merged for 2.8.4.
(0023828)
Ben Boeckel (developer)
2010-12-08 17:40

I changed things to be std::string instead to avoid all future issues with buffer overflows with these variables. Since it changes kwsys, I can't push it right now. Will get it merged this week if possible.
(0024307)
Brad King (manager)
2010-12-21 08:27

http://cmake.org/gitweb?p=cmake.git;a=commitdiff;h=4c88a862 [^]
(0024474)
Ben Boeckel (developer)
2011-01-06 14:42

Committed to master.

http://cmake.org/gitweb?p=cmake.git;a=commit;h=4c88a8622dd25bc3d630f2d35e3a4acca9a7a5a2 [^]
(0026318)
David Cole (manager)
2011-05-02 14:45

Closing resolved issues that have not been updated in more than 3 months.

 Issue History
Date Modified Username Field Change
2010-07-21 08:25 Petr Uzel New Issue
2010-07-21 08:25 Petr Uzel File Added: fortify-buffer-overflows.diff
2010-07-21 10:28 Bill Hoffman Status new => assigned
2010-07-21 10:28 Bill Hoffman Assigned To => David Cole
2010-09-09 17:48 David Cole Priority normal => high
2010-09-09 17:50 David Cole Note Added: 0022171
2010-09-16 05:52 Petr Uzel Note Added: 0022255
2010-09-16 07:16 David Cole Assigned To David Cole => Bill Hoffman
2010-11-04 17:10 David Cole Target Version => CMake 2.8.4
2010-12-08 13:36 Ben Boeckel Assigned To Bill Hoffman => Ben Boeckel
2010-12-08 13:37 Ben Boeckel Note Added: 0023807
2010-12-08 17:40 Ben Boeckel Note Added: 0023828
2010-12-21 08:27 Brad King Note Added: 0024307
2011-01-06 14:42 Ben Boeckel Note Added: 0024474
2011-01-06 14:42 Ben Boeckel Status assigned => resolved
2011-01-06 14:42 Ben Boeckel Resolution open => fixed
2011-01-06 14:42 Ben Boeckel Fixed in Version => CMake 2.8.4
2011-02-03 18:53 David Cole Relationship added has duplicate 0009267
2011-05-02 14:45 David Cole Note Added: 0026318
2011-05-02 14:45 David Cole Status resolved => closed


Copyright © 2000 - 2018 MantisBT Team