ReadStat version 1.0-prerelease
Ubuntu 16.04 x86_64
git log
commit 2330b36f536705a23a50e9cbd9f0f72b38b0be98
Author: Evan Miller <emmiller@gmail.com>
Date: Wed Jan 10 20:26:31 2018 -0500
SAS7BDAT: Fix 4096-byte test (was 2096 bytes)
./readstat ./heap-buffer-overflow.dta 1.sav
=================================================================
==19976==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6030000000b2 at pc 0x000000448071 bp 0x7fff0960c110 sp 0x7fff0960b8c0
READ of size 19 at 0x6030000000b2 thread T0
#0 0x448070 (/home/test/libfuzz/new/ReadStat/build/bin/readstat+0x448070)
#1 0x49494d (/home/test/libfuzz/new/ReadStat/build/bin/readstat+0x49494d)
#2 0x494de0 (/home/test/libfuzz/new/ReadStat/build/bin/readstat+0x494de0)
#3 0x7f4b84a3fe27 (/home/test/libfuzz/new/ReadStat/build/lib/libreadstat.so.0+0x6ce27)
#4 0x7f4b84a4275d (/home/test/libfuzz/new/ReadStat/build/lib/libreadstat.so.0+0x6f75d)
#5 0x513e4f (/home/test/libfuzz/new/ReadStat/build/bin/readstat+0x513e4f)
#6 0x7f4b83ae182f (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
#7 0x41b888 (/home/test/libfuzz/new/ReadStat/build/bin/readstat+0x41b888)
0x6030000000b2 is located 0 bytes to the right of 18-byte region [0x6030000000a0,0x6030000000b2)
allocated by thread T0 here:
#0 0x4dc388 (/home/test/libfuzz/new/ReadStat/build/bin/readstat+0x4dc388)
#1 0x7f4b84a4209e (/home/test/libfuzz/new/ReadStat/build/lib/libreadstat.so.0+0x6f09e)
#2 0x513e4f (/home/test/libfuzz/new/ReadStat/build/bin/readstat+0x513e4f)
#3 0x7f4b83ae182f (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
SUMMARY: AddressSanitizer: heap-buffer-overflow (/home/test/libfuzz/new/ReadStat/build/bin/readstat+0x448070)
Shadow bytes around the buggy address:
0x0c067fff7fc0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c067fff7fd0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c067fff7fe0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c067fff7ff0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c067fff8000: fa fa 00 00 00 00 fa fa 00 00 00 fa fa fa 00 00
=>0x0c067fff8010: 00 00 fa fa 00 00[02]fa fa fa fa fa fa fa fa fa
0x0c067fff8020: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c067fff8030: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c067fff8040: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c067fff8050: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c067fff8060: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==19976==ABORTING
ReadStat version 1.0-prerelease
Ubuntu 16.04 x86_64
git log
./readstat ./heap-buffer-overflow.dta 1.sav
testcase:https://github.com/xcainiao/poc/blob/master/readstat_heap-buffer-overflow.dta
The text was updated successfully, but these errors were encountered: