Parameter parsing in gst-tool.c can cause out of bounds reads

Project:GNU Smalltalk
Component:Build
Category:bug
Priority:normal
Assigned:Unassigned
Status:active
Description

In gst-tool.c there is a loop that compares a given long option with the available long options. It uses a memcmp call for that with the length of the given option.
This will cause out of bounds heap reads (that can be detected with address sanitizer), because many of the available options will be shorter than a given option.

Changing memcmp to strncmp corrects this bug and will avoid reading the option strings beyond a terminating zero. See attached patch. This patch is against the latest test version 3.2.91.

User login