Buffer overflow in the active project's symbols search field

24 views
Skip to first unread message

Paras Bhatia (ESEC\DEL)

unread,
Jun 19, 2020, 3:21:51 PM6/19/20
to CBFortran

To replicate the buffer overflow:
1. Click on "View" tab and click on "Manager" to enable it.
2. Click on "FSymbols" tab.
3. Select "Active project's symbols" from drop down menu.
4. In the "Search" field enter 5 thousand characters.
5. Press Enter from keyboard.
6. Watch your program crash.

Darius Markauskas

unread,
Jun 20, 2020, 2:04:41 AM6/20/20
to cbfo...@googlegroups.com
Thank you for reporting this issue. How do you found this overflow? Why somebody would enter 5000 characters in the 'search' field?

--
You received this message because you are subscribed to the Google Groups "CBFortran" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cbfortran+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/cbfortran/57823268-4a27-4057-a6b6-997ebd964491n%40googlegroups.com.

Paras Bhatia (ESEC\DEL)

unread,
Jun 20, 2020, 4:49:49 AM6/20/20
to CBFortran
Hi Darius

Overflows are found through a process called fuzzing. It occurs when the user input data is not properly sanitized and when a program attempts to put more data in a buffer than it can hold or when a program attempts to put data in a memory area past a buffer. Writing outside the bounds of a block of allocated memory can corrupt data, crash the program, or cause the execution of malicious code. On further analysis i found that the application crashes if even a single character is given as input in the specified field.


On Friday, June 19, 2020 at 11:04:41 PM UTC-7, darmar wrote:
Thank you for reporting this issue. How do you found this overflow? Why somebody would enter 5000 characters in the 'search' field?

On Fri, 19 Jun 2020 at 21:21, Paras Bhatia (ESEC\DEL) <paras...@esecforte.com> wrote:

To replicate the buffer overflow:
1. Click on "View" tab and click on "Manager" to enable it.
2. Click on "FSymbols" tab.
3. Select "Active project's symbols" from drop down menu.
4. In the "Search" field enter 5 thousand characters.
5. Press Enter from keyboard.
6. Watch your program crash.

--
You received this message because you are subscribed to the Google Groups "CBFortran" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cbfo...@googlegroups.com.
Reply all
Reply to author
Forward
0 new messages