You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hi, I found a stack-buffer-overflow at zlog_conf_build_with_file /src/zlog/src/conf.c:308.
Here is the stack backtrace:
`=================================================================
==9483==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7ffea36f776f at pc 0x0000005588c4 bp 0x7ffea36f7610 sp 0x7ffea36f7608
READ of size 1 at 0x7ffea36f776f thread T0
#0 0x5588c3 in zlog_conf_build_with_file /src/zlog/src/conf.c:308:15 #1 0x557ad6 in zlog_conf_new /src/zlog/src/conf.c:176:7 #2 0x551183 in zlog_init_inner /src/zlog/src/zlog.c:91:18 #3 0x551008 in zlog_init /src/zlog/src/zlog.c:134:6 #4 0x550df1 in LLVMFuzzerTestOneInput /src/zlog_init_fuzzer.c:18:18
Address 0x7ffea36f776f is located in stack of thread T0 at offset 335 in frame
#0 0x557d2f in zlog_conf_build_with_file /src/zlog/src/conf.c:241
This frame has 4 object(s):
[32, 176) 'a_stat' (line 243)
[240, 296) 'local_time' (line 244)
[336, 4433) 'line' (line 247) <== Memory access at offset 335 underflows this variable
[4704, 4708) 'section' (line 255)
HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork
(longjmp and C++ exceptions are supported)
SUMMARY: AddressSanitizer: stack-buffer-overflow /src/zlog/src/conf.c:308:15 in zlog_conf_build_with_file`
Of course , I byte read overflow is not important. But you can see, "p" It will read the memory that is underflow the "line" buffer. If there is exactly “0x20” or "0x90" or anthiny that means "space", "p" will go on move and the next "p++" will cause a write overflow. That is really a bug. Sepecally, I think the byte read overflow is like an address. So ,"0x20"maybe possible. There will be a crash or other wired things.
If I'm right? If you need the crash case you can tell me.
The text was updated successfully, but these errors were encountered:
Hi, I found a stack-buffer-overflow at zlog_conf_build_with_file /src/zlog/src/conf.c:308.
Here is the stack backtrace:
`=================================================================
==9483==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7ffea36f776f at pc 0x0000005588c4 bp 0x7ffea36f7610 sp 0x7ffea36f7608
READ of size 1 at 0x7ffea36f776f thread T0
#0 0x5588c3 in zlog_conf_build_with_file /src/zlog/src/conf.c:308:15
#1 0x557ad6 in zlog_conf_new /src/zlog/src/conf.c:176:7
#2 0x551183 in zlog_init_inner /src/zlog/src/zlog.c:91:18
#3 0x551008 in zlog_init /src/zlog/src/zlog.c:134:6
#4 0x550df1 in LLVMFuzzerTestOneInput /src/zlog_init_fuzzer.c:18:18
Address 0x7ffea36f776f is located in stack of thread T0 at offset 335 in frame
#0 0x557d2f in zlog_conf_build_with_file /src/zlog/src/conf.c:241
This frame has 4 object(s):
[32, 176) 'a_stat' (line 243)
[240, 296) 'local_time' (line 244)
[336, 4433) 'line' (line 247) <== Memory access at offset 335 underflows this variable
[4704, 4708) 'section' (line 255)
HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork
(longjmp and C++ exceptions are supported)
SUMMARY: AddressSanitizer: stack-buffer-overflow /src/zlog/src/conf.c:308:15 in zlog_conf_build_with_file`
Of course , I byte read overflow is not important. But you can see, "p" It will read the memory that is underflow the "line" buffer. If there is exactly “0x20” or "0x90" or anthiny that means "space", "p" will go on move and the next "p++" will cause a write overflow. That is really a bug. Sepecally, I think the byte read overflow is like an address. So ,"0x20"maybe possible. There will be a crash or other wired things.
If I'm right? If you need the crash case you can tell me.
The text was updated successfully, but these errors were encountered: