heap-buffer-overflow libyara/exec.c:1426 in yr_execute_code #1945

shinibufa · 2023-08-10T08:11:16Z

Describe the bug
AddressSanitizer: heap-buffer-overflow libyara/exec.c:1426 in yr_execute_code

To Reproduce
Steps to reproduce the behavior:
1, compile yara with asan: ./configure CC=gcc CXX=g++ CFLAGS="-g -O0 -fsanitize=address" CXXFLAGS="-g -O0 -fsanitize=address" LDFLAGS="-g -O0 -fsanitize=address"
2, run this command: ./yara -C PoC binFile

Please complete the following information:

OS: ubuntu 20.04
YARA version: 4.3.2

Additional context
ASAN reprot:

==1855158==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x604000000248 at pc 0x7f168933dfaf bp 0x7ffd229d5530 sp 0x7ffd229d5520
READ of size 8 at 0x604000000248 thread T0
#0 0x7f168933dfae in yr_execute_code libyara/exec.c:1426
#1 0x7f16893a1cd8 in yr_scanner_scan_mem_blocks libyara/scanner.c:526
#2 0x7f16893a27a0 in yr_scanner_scan_mem libyara/scanner.c:670
#3 0x7f16893a2b3e in yr_scanner_scan_fd libyara/scanner.c:706
#4 0x55aa2e6ed11a in scan_file cli/yara.c:736
#5 0x55aa2e6f1444 in main cli/yara.c:1654
#6 0x7f1688c22082 in __libc_start_main ../csu/libc-start.c:308
#7 0x55aa2e6e9ced in _start (/home/root/latestFiles/yara-4.3.2/.libs/yara+0x7ced)

0x604000000248 is located 8 bytes to the left of 48-byte region [0x604000000250,0x604000000280)
allocated by thread T0 here:
#0 0x7f1689535a06 in __interceptor_calloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cc:153
#1 0x7f168936db41 in yr_calloc libyara/mem.c:127
#2 0x7f168939fe48 in yr_scanner_create libyara/scanner.c:242
#3 0x55aa2e6f12af in main cli/yara.c:1640
#4 0x7f1688c22082 in __libc_start_main ../csu/libc-start.c:308

SUMMARY: AddressSanitizer: heap-buffer-overflow libyara/exec.c:1426 in yr_execute_code
Shadow bytes around the buggy address:
0x0c087fff7ff0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c087fff8000: fa fa fd fd fd fd fd fa fa fa 00 00 00 00 00 fa
0x0c087fff8010: fa fa fd fd fd fd fd fa fa fa 00 00 00 00 00 fa
0x0c087fff8020: fa fa fd fd fd fd fd fa fa fa 00 00 00 00 00 fa
0x0c087fff8030: fa fa fd fd fd fd fd fa fa fa 00 00 00 00 00 fa
=>0x0c087fff8040: fa fa 00 00 00 00 00 00 fa[fa]00 00 00 00 00 00
0x0c087fff8050: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c087fff8060: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c087fff8070: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c087fff8080: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c087fff8090: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
==1855158==ABORTING

plusvic · 2023-08-14T20:37:14Z

Closing as this is crash is the result of fuzzing compiled rules. See #1948 for more context.

shinibufa added the bug label Aug 10, 2023

plusvic closed this as completed Aug 14, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

heap-buffer-overflow libyara/exec.c:1426 in yr_execute_code #1945

heap-buffer-overflow libyara/exec.c:1426 in yr_execute_code #1945

shinibufa commented Aug 10, 2023

plusvic commented Aug 14, 2023

heap-buffer-overflow libyara/exec.c:1426 in yr_execute_code #1945

heap-buffer-overflow libyara/exec.c:1426 in yr_execute_code #1945

Comments

shinibufa commented Aug 10, 2023

Additional context ASAN reprot:

plusvic commented Aug 14, 2023

Additional context
ASAN reprot: