You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
=================================================================
==20078==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7ffd3311cff6 at pc 0x7ff8ae25b20b bp 0x7ffd3311cef0 sp 0x7ffd3311c698
READ of size 7 at 0x7ffd3311cff6 thread T0
#0 0x7ff8ae25b20a in __interceptor_strlen (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x7020a) #1 0x40a88f in jsfNameFromString src/jsflash.c:56 #2 0x40e76b in jsfLoadBootCodeFromFlash src/jsflash.c:738 #3 0x4406f7 in jsiSoftInit src/jsinteractive.c:475 #4 0x441a54 in jsiSemiInit src/jsinteractive.c:804 #5 0x441ac6 in jsiInit src/jsinteractive.c:863 #6 0x4d46cc in run_test targets/linux/main.c:64 #7 0x4d53f2 in main targets/linux/main.c:287 #8 0x7ff8ad91b82f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f) #9 0x402438 in _start (/home/dawn/esp-asan/Espruino-RELEASE_2V00/espruino+0x402438)
Address 0x7ffd3311cff6 is located in stack of thread T0 at offset 38 in frame
#0 0x40e6b5 in jsfLoadBootCodeFromFlash src/jsflash.c:733
This frame has 1 object(s):
[32, 38) 'filename' <== Memory access at offset 38 overflows this variable
HINT: this may be a false positive if your program uses some custom stack unwind mechanism or swapcontext
(longjmp and C++ exceptions are supported)
SUMMARY: AddressSanitizer: stack-buffer-overflow ??:0 __interceptor_strlen
Shadow bytes around the buggy address:
0x10002661b9a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10002661b9b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10002661b9c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10002661b9d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10002661b9e0: 00 00 f1 f1 f1 f1 00 01 f4 f4 f3 f3 f3 f3 00 00
=>0x10002661b9f0: 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1[06]f4
0x10002661ba00: f4 f4 f3 f3 f3 f3 00 00 00 00 00 00 00 00 00 00
0x10002661ba10: 00 00 00 00 00 00 f1 f1 f1 f1 00 f4 f4 f4 f3 f3
0x10002661ba20: f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10002661ba30: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10002661ba40: 00 00 00 00 f1 f1 f1 f1 04 f4 f4 f4 f2 f2 f2 f2
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap right redzone: fb
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
==20078==ABORTING
WRLAB
The text was updated successfully, but these errors were encountered:
I pulled the master branch, it does segfault.But as you say the bug seems not be a critical one.Is this necessary to be fixed, I’ve no idea.
I will keep fuzzing for a while.
Thanks for your reply!
Hello!
I am learning AFL-Fuzz recently,and I found a bug in this program
POC is here
Please confirm
Best regards
TestVersion
RELEASE_2V00
Environment
gcc (Ubuntu 5.4.0-6ubuntu1~16.04.10) 5.4.0 20160609
./espruino --test id:000000,sig:11,src:006488+005799,op:splice,rep:2
=================================================================
==20078==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7ffd3311cff6 at pc 0x7ff8ae25b20b bp 0x7ffd3311cef0 sp 0x7ffd3311c698
READ of size 7 at 0x7ffd3311cff6 thread T0
#0 0x7ff8ae25b20a in __interceptor_strlen (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x7020a)
#1 0x40a88f in jsfNameFromString src/jsflash.c:56
#2 0x40e76b in jsfLoadBootCodeFromFlash src/jsflash.c:738
#3 0x4406f7 in jsiSoftInit src/jsinteractive.c:475
#4 0x441a54 in jsiSemiInit src/jsinteractive.c:804
#5 0x441ac6 in jsiInit src/jsinteractive.c:863
#6 0x4d46cc in run_test targets/linux/main.c:64
#7 0x4d53f2 in main targets/linux/main.c:287
#8 0x7ff8ad91b82f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
#9 0x402438 in _start (/home/dawn/esp-asan/Espruino-RELEASE_2V00/espruino+0x402438)
Address 0x7ffd3311cff6 is located in stack of thread T0 at offset 38 in frame
#0 0x40e6b5 in jsfLoadBootCodeFromFlash src/jsflash.c:733
This frame has 1 object(s):
[32, 38) 'filename' <== Memory access at offset 38 overflows this variable
HINT: this may be a false positive if your program uses some custom stack unwind mechanism or swapcontext
(longjmp and C++ exceptions are supported)
SUMMARY: AddressSanitizer: stack-buffer-overflow ??:0 __interceptor_strlen
Shadow bytes around the buggy address:
0x10002661b9a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10002661b9b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10002661b9c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10002661b9d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10002661b9e0: 00 00 f1 f1 f1 f1 00 01 f4 f4 f3 f3 f3 f3 00 00
=>0x10002661b9f0: 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1[06]f4
0x10002661ba00: f4 f4 f3 f3 f3 f3 00 00 00 00 00 00 00 00 00 00
0x10002661ba10: 00 00 00 00 00 00 f1 f1 f1 f1 00 f4 f4 f4 f3 f3
0x10002661ba20: f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10002661ba30: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10002661ba40: 00 00 00 00 f1 f1 f1 f1 04 f4 f4 f4 f2 f2 f2 f2
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap right redzone: fb
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
==20078==ABORTING
WRLAB
The text was updated successfully, but these errors were encountered: