Activity for liuchenyifan
-
liuchenyifan created ticket #2800
heap-buffer-overflow on gp_cairo_helper_coordval_to_chars()
-
SEGV on _IO_str_init_static_internal()
-
SEGV on load_linetype
-
SEGV on xstrftime()
-
stack-overflow on parse_primary_expression()
-
heap-buffer-overflow on set_var_loadpath()
-
SEGV on plot3d_points()
-
stack-overflow on gp_alloc()
-
stack-overflow on parse_assignment_expression()
-
stack-overflow on enhanced_recursion()
-
stack-overflow on bezier_spline()
-
stack-buffer-overflow on read_objects()
-
SEGV on genge_itp_spline()
-
use this command to reproduce: valgrind fig2dev -L pict2e ./poc
-
SEGV on read_arcobject()
-
SEGV on put_patternarc()
-
FPE on get_slope()
-
heap-buffer-overflow on create_line_with_spline()
-
heap-buffer-overflow on utf8_copy_one()
-
I appreciate your validation and reply. Gnuplot is a widely used binary program. Leave memory leaks bug alone, but buffer overflow can cause security problems. Attacker can use this bug if it won't be fixed. So I still suggest that you could fix this one.
-
memory leaks on fit_main()
-
memory leaks on command()
-
heap-buffer-overflow on utf8_copy_one()
-
SEGV on CANVAS_text()
-
SEGV on GetAnnotateString()
-
SEGV on X11_graphics()
-
I appreciate your time for replying , thanks!
-
it seems pretty serious, could you please provide more details about this?
-
heap-use-after-free on load_file
-
SEGV
-
SEGV on (mc_malloc_wrappers.c:378)
-
SEGV on eval_plots
-
SEGV on tkcanvas
-
double-free on fputc
-
global-buffer-overflow on set_terminal
-
heap-use-after-free on strstr_sse42
-
SEGV on vfprintf
-
heap-buffer-overflow on strlen
-
sorry about this.sometime I can't get the information of the trigger line.Thus it would cause some duplication I can't figure out.
-
SEGV on __GI_mempcpy (vg_replace_strmem.c:1537)
-
heap-buffer-overflow
-
heap-buffer-overflow
-
SEGV on eval_link_function (axis.c:2412)
-
SEGV on __strstr_sse42
-
heap-use-after-free in show_sched_status_wrk
-
SEGV
-
I try it for more, and still can be reproduced. I have no idea. But it's a good news if these crashes can not affect gnuplot. Let's leave these alone. I'll keep testing gnuplot.Thanks anyway!
-
I'm pretty sure there is only one gnuplot version in there. I'm new for testing gnuplot. Maybe the enviroment differs. The version is gnuplot 5.5 (last modified in 9.18) on centos linux 7.7.1908; The command is "gnuplot bug6"
-
The version is gnuplot 5.5 (last modified in 9.18) on centos linux 7.7.1908; I try it several times , it can be reproduce by : gnuplot bug6
-
SEGV
-
SEGV
-
SEGV on CANVAS_text
-
SEGV on plot_points
-
SEGV on vg_replace_malloc.c:538
-
information below from valgrind ==25852== at 0x79B90C: CGM_make_palette (cgm.trm:1014) ==25852== by 0x4379C9: make_palette (color.c:151) ==25852== by 0x562730: do_plot (graphics.c:709) ==25852== by 0x61F74B: eval_plots (plot2d.c:3612) ==25852== by 0x44BB88: plot_command (command.c:1897) ==25852== by 0x4411AB: command (command.c:659) ==25852== by 0x4411AB: do_line (command.c:429) ==25852== by 0x5CD14B: load_file (misc.c:335) ==25852== by 0x406416: main (plot.c:636) ==25852== Address 0xce30924 is 16...
-
another heap-buffer-overflow
-
information below from valgrind "./crash/bug1" line 1: warning: ==2264== Invalid read of size 4 ==2264== at 0x61512ED: vfprintf (in /usr/lib64/libc-2.17.so) ==2264== by 0x6154E5A: buffered_vfprintf (in /usr/lib64/libc-2.17.so) ==2264== by 0x614F81D: vfprintf (in /usr/lib64/libc-2.17.so) ==2264== by 0x82F69D: int_warn (util.c:1225) ==2264== by 0x498892: df_open (datafile.c:1438) ==2264== by 0x61ABBF: eval_plots (plot2d.c:2218) ==2264== by 0x44BB88: plot_command (command.c:1897) ==2264== by 0x4411AB:...
-
information below from valgrind ==26095== at 0x79B90C: CGM_make_palette (cgm.trm:1014) ==26095== by 0x4379C9: make_palette (color.c:151) ==26095== by 0x562730: do_plot (graphics.c:709) ==26095== by 0x61F74B: eval_plots (plot2d.c:3612) ==26095== by 0x44BB88: plot_command (command.c:1897) ==26095== by 0x4411AB: command (command.c:659) ==26095== by 0x4411AB: do_line (command.c:429) ==26095== by 0x5CD14B: load_file (misc.c:335) ==26095== by 0x406416: main (plot.c:636) ==26095== Address 0x654a804 is 16...
-
information below from valgrind ==10188== Invalid read of size 1 ==10188== at 0x4C322D4: __strstr_sse42 (vg_replace_strmem.c:1644) ==10188== by 0x7A96AB: enhanced_recursion.constprop.132 (term.c:2063) ==10188== by 0x7E358B: ENHX11_put_text (x11.trm:2132) ==10188== by 0x802E6B: write_multiline (term.c:801) ==10188== by 0x4EE158: key_text (graph3d.c:3463) ==10188== by 0x50B815: do_3dplot (graph3d.c:1092) ==10188== by 0x651E70: eval_3dplots (plot3d.c:2872) ==10188== by 0x44E1C5: splot_command (command.c:2323)...
-
heap-use-after-free
-
heap-use-after-free
-
heap-buffer-overflow
-
SEGV on unknown address
1
