This repository was archived by the owner on Jun 4, 2022. It is now read-only.
This repository was archived by the owner on Jun 4, 2022. It is now read-only.
global-buffer-overflow in /lib/support/unicodeconv/unicodeconv.c:40:2 #59
Closed
Description
Test Version
dev version, git clone https://github.com/caryll/otfcc.git
Test Program
otfcc/bin/release-x64/otfccdump [infile]
Asan Debug Information
➜ release-x64 git:(master) ✗ ./otfccdump ../../../crashes_1/2018-12-30-01-global-buffer-overflow.otf
=================================================================
==46365==ERROR: AddressSanitizer: global-buffer-overflow on address 0x0000008be881 at pc 0x0000004582e5 bp 0x7fff894427d0 sp 0x7fff89441f80
READ of size 95 at 0x0000008be881 thread T0
#0 0x4582e4 (/home/moonagirl/megic_afl/otfcc/bin/release-x64/otfccdump+0x4582e4)
#1 0x86c0c1 (/home/moonagirl/megic_afl/otfcc/bin/release-x64/otfccdump+0x86c0c1)
#2 0x844322 (/home/moonagirl/megic_afl/otfcc/bin/release-x64/otfccdump+0x844322)
#3 0x68c74d (/home/moonagirl/megic_afl/otfcc/bin/release-x64/otfccdump+0x68c74d)
#4 0x4fb6ec (/home/moonagirl/megic_afl/otfcc/bin/release-x64/otfccdump+0x4fb6ec)
#5 0x4eb79f (/home/moonagirl/megic_afl/otfcc/bin/release-x64/otfccdump+0x4eb79f)
#6 0x7f893917c82f (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
#7 0x418c88 (/home/moonagirl/megic_afl/otfcc/bin/release-x64/otfccdump+0x418c88)
0x0000008be881 is located 0 bytes to the right of global variable '<string literal>' defined in '../../lib/support/unicodeconv/unicodeconv.c:40:22' (0x8be880) of size 1
'<string literal>' is ascii string ''
SUMMARY: AddressSanitizer: global-buffer-overflow (/home/moonagirl/megic_afl/otfcc/bin/release-x64/otfccdump+0x4582e4)
Shadow bytes around the buggy address:
0x00008010fcc0: 00 00 00 06 f9 f9 f9 f9 00 00 02 f9 f9 f9 f9 f9
0x00008010fcd0: 00 07 f9 f9 f9 f9 f9 f9 00 00 00 00 00 00 00 00
0x00008010fce0: 02 f9 f9 f9 f9 f9 f9 f9 00 00 00 06 f9 f9 f9 f9
0x00008010fcf0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x00008010fd00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x00008010fd10:[01]f9 f9 f9 f9 f9 f9 f9 00 00 00 00 00 00 00 00
0x00008010fd20: 00 00 00 00 01 f9 f9 f9 f9 f9 f9 f9 00 04 f9 f9
0x00008010fd30: f9 f9 f9 f9 00 04 f9 f9 f9 f9 f9 f9 00 00 f9 f9
0x00008010fd40: f9 f9 f9 f9 00 04 f9 f9 f9 f9 f9 f9 00 f9 f9 f9
0x00008010fd50: f9 f9 f9 f9 00 05 f9 f9 f9 f9 f9 f9 00 04 f9 f9
0x00008010fd60: f9 f9 f9 f9 00 06 f9 f9 f9 f9 f9 f9 00 07 f9 f9
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap right redzone: fb
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==46365==ABORTINGPOC file
https://github.com/moonAgirl/Bugs/blob/master/otfcc/2018-12-30-01-global-buffer-overflow.otf/
Metadata
Metadata
Assignees
Labels
No labels