Menu

#934 Buffer overflow in the way project files are processed

Undefined
invalid
nobody
None
Bug_Report
2022-08-18
2020-03-28
Vilius Povilaika
No

To replicate the buffer overflow:
1. Create a new CBP project
2. Close the project, open the .cbp file with a text editor
3. Find the object_output setting in the Debug configuration
4. Replace the value with 6 thousand characters
5. Load the file into Code::Blocks IDE
6. Press 'Build and Run'
7. Watch your program crash

Discussion

  • Miguel Gimenez

    Miguel Gimenez - 2021-12-02
    • status: open --> invalid
     

  • John Helmert III

    John Helmert III - 2022-08-18

    Hi, why was this closed as invalid? I can definitely reproduce (despite the relatively poor report).

     

  • ollydbg

    ollydbg - 2022-08-18

    The report has some issue:
    1, "6 thousand characters"???
    2, we web address is broken, I can't access it.

     

  • John Helmert III

    John Helmert III - 2022-08-18

    Yes, excessive input is a typical way to produce a buffer overflow.

     

  • Andrew Cottrell

    Andrew Cottrell - 2022-08-18

    The app crashed due to user doing crazy things.

    If you can show that there is a security issue then it can be looked at, but if you want to get it fixed then patches are welcome that stop the crash for crazy/stupid/dumb end users.

    Just because you overflowed something does NOT mean there is a security issue.

     

Log in to post a comment.

Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.