$ ./asanpng heap-buffer-overflow-6.png
=================================================================
==80024==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60d00000cff1 at pc 0x7fa588189dc4 bp 0x7ffcdbf9eeb0 sp 0x7ffcdbf9e658
WRITE of size 769 at 0x60d00000cff1 thread T0
#0 0x7fa588189dc3 (/usr/lib/x86_64-linux-gnu/libasan.so.3+0x47dc3)
#1 0x562d30f5a72f in ok_png_read_data /home/xrz/afl++/ok-file-formats-png/issues/ok_png.c:853
#2 0x562d30f5b15d in ok_png_decode2 /home/xrz/afl++/ok-file-formats-png/issues/ok_png.c:971
#3 0x562d30f5b608 in ok_png_decode /home/xrz/afl++/ok-file-formats-png/issues/ok_png.c:1025
#4 0x562d30f542f3 in ok_png_read_with_allocator /home/xrz/afl++/ok-file-formats-png/issues/ok_png.c:188
#5 0x562d30f541cf in ok_png_read /home/xrz/afl++/ok-file-formats-png/issues/ok_png.c:177
#6 0x562d30f607d7 in main /home/xrz/afl++/ok-file-formats-png/issues/main.c:8
#7 0x7fa587d72b96 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b96)
#8 0x562d30f53d79 in _start (/home/xrz/afl++/ok-file-formats-png/issues/heap-buffer-overflow-6/asanpng+0x1d79)
0x60d00000cff1 is located 0 bytes to the right of 129-byte region [0x60d00000cf70,0x60d00000cff1)
allocated by thread T0 here:
#0 0x7fa588208e80 in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.3+0xc6e80)
#1 0x562d30f53e9b in ok_stdlib_alloc /home/xrz/afl++/ok-file-formats-png/issues/ok_png.c:58
#2 0x562d30f59e7c in ok_png_read_data /home/xrz/afl++/ok-file-formats-png/issues/ok_png.c:788
#3 0x562d30f5b15d in ok_png_decode2 /home/xrz/afl++/ok-file-formats-png/issues/ok_png.c:971
#4 0x562d30f5b608 in ok_png_decode /home/xrz/afl++/ok-file-formats-png/issues/ok_png.c:1025
#5 0x562d30f542f3 in ok_png_read_with_allocator /home/xrz/afl++/ok-file-formats-png/issues/ok_png.c:188
#6 0x562d30f541cf in ok_png_read /home/xrz/afl++/ok-file-formats-png/issues/ok_png.c:177
#7 0x562d30f607d7 in main /home/xrz/afl++/ok-file-formats-png/issues/main.c:8
#8 0x7fa587d72b96 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b96)
SUMMARY: AddressSanitizer: heap-buffer-overflow (/usr/lib/x86_64-linux-gnu/libasan.so.3+0x47dc3)
Shadow bytes around the buggy address:
0x0c1a7fff99a0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c1a7fff99b0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c1a7fff99c0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c1a7fff99d0: fa fa fa fa 00 00 00 00 00 00 00 00 00 00 00 00
0x0c1a7fff99e0: 00 00 00 00 01 fa fa fa fa fa fa fa fa fa 00 00
=>0x0c1a7fff99f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00[01]fa
0x0c1a7fff9a00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c1a7fff9a10: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c1a7fff9a20: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c1a7fff9a30: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c1a7fff9a40: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap right redzone: fb
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==80024==ABORTING
Description
A heap-buffer-overflow was discovered in ok_file_formats. The issue is being triggered in ‘/usr/lib/x86_64-linux-gnu/libasan.so.3+0x47dc3’.
Version
203defd
Environment
Ubuntu 18.04,64 bit
Testcase
Command
Compile test program:
Compile test program with address sanitizer with this command:
Result
The result of running without ASAN:
Information obtained by using ASAN:
Description
A heap-buffer-overflow was discovered in ok_file_formats. The issue is being triggered in ‘/usr/lib/x86_64-linux-gnu/libasan.so.3+0x47dc3’.
Poc
Poc file is this.
The text was updated successfully, but these errors were encountered: