$ ./main-asan ./poc.csv
=================================================================
==58179==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x606000000480 at pc 0x7f4834e5577a bp 0x7fff1198aed0 sp 0x7fff1198a678
WRITE of size 181 at 0x606000000480 thread T0
#0 0x7f4834e55779 (/usr/lib/x86_64-linux-gnu/libasan.so.4+0x79779)
#1 0x55fd598bd79a in ok_csv_circular_buffer_read /home/au9/ok-file-format/ok_csv.c:95
#2 0x55fd598bf52d in ok_csv_decode2 /home/au9/ok-file-format/ok_csv.c:484
#3 0x55fd598bdf1d in ok_csv_decode /home/au9/ok-file-format/ok_csv.c:241
#4 0x55fd598bdd4a in ok_csv_read /home/au9/ok-file-format/ok_csv.c:177
#5 0x55fd598bd0c2 in main /home/au9/ok-file-format/main.c:8
#6 0x7f4834a0cbf6 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21bf6)
#7 0x55fd598bcf89 in _start (/home/au9/ok-file-format/main-asan+0xf89)
0x606000000480 is located 0 bytes to the right of 64-byte region [0x606000000440,0x606000000480)
allocated by thread T0 here:
#0 0x7f4834ebab40 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdeb40)
#1 0x55fd598bf4e1 in ok_csv_decode2 /home/au9/ok-file-format/ok_csv.c:479
#2 0x55fd598bdf1d in ok_csv_decode /home/au9/ok-file-format/ok_csv.c:241
#3 0x55fd598bdd4a in ok_csv_read /home/au9/ok-file-format/ok_csv.c:177
#4 0x55fd598bd0c2 in main /home/au9/ok-file-format/main.c:8
#5 0x7f4834a0cbf6 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21bf6)
SUMMARY: AddressSanitizer: heap-buffer-overflow (/usr/lib/x86_64-linux-gnu/libasan.so.4+0x79779)
Shadow bytes around the buggy address:
0x0c0c7fff8040: 00 00 00 00 00 00 00 03 fa fa fa fa 00 00 00 00
0x0c0c7fff8050: 00 00 00 05 fa fa fa fa 00 00 00 00 00 00 05 fa
0x0c0c7fff8060: fa fa fa fa 00 00 00 00 00 00 04 fa fa fa fa fa
0x0c0c7fff8070: 00 00 00 00 00 00 00 06 fa fa fa fa 00 00 00 00
0x0c0c7fff8080: 00 00 00 05 fa fa fa fa 00 00 00 00 00 00 00 00
=>0x0c0c7fff8090:[fa]fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c0c7fff80a0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c0c7fff80b0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c0c7fff80c0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c0c7fff80d0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c0c7fff80e0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==58179==ABORTING
Hi, @aug5t7 ~ ,May I get your contact e-mail? I would like to ask some questions about submitting CVE. I would be very grateful if you can take the time to reply to me!
Hi, @aug5t7 ~ ,May I get your contact e-mail? I would like to ask some questions about submitting CVE. I would be very grateful if you can take the time to reply to me!
Description
A heap-buffer-overflow was discovered in ok_file_formats. The issue is being triggered in function ok_csv_circular_buffer_read() at ok_csv.c:95
Version
dev version, git clone https://github.com/brackeen/ok-file-formats.git
Environment
Ubuntu 18.04, 64bit
Reproduce
test program
Compile test program with Address Sanitizer:
Asan Report
PoC
poc.csv
The text was updated successfully, but these errors were encountered: