./mysofa2json overflow-libmysofa2
ASAN:SIGSEGV
=================================================================
==9769==ERROR: AddressSanitizer: stack-overflow on address 0x7ffeb49eeff8 (pc 0x7f4d5c559b01 bp 0x7ffeb49ef910 sp 0x7ffeb49ef000 T0)
#0 0x7f4d5c559b00 (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x22b00)
#1 0x7f4d5c5cf5d2 in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x985d2)
#2 0x4074dd in readOHDRHeaderMessageDatatype /home/libmysofa/libmysofa_asan/libmysofa/src/hdf/dataobject.c:216
#3 0x4093b4 in readOHDRHeaderMessageAttribute /home/libmysofa/libmysofa_asan/libmysofa/src/hdf/dataobject.c:694
#4 0x409c78 in readOHDRmessages /home/libmysofa/libmysofa_asan/libmysofa/src/hdf/dataobject.c:822
#5 0x409ee6 in readOCHK /home/libmysofa/libmysofa_asan/libmysofa/src/hdf/dataobject.c:865
#6 0x408fbe in readOHDRHeaderMessageContinue /home/libmysofa/libmysofa_asan/libmysofa/src/hdf/dataobject.c:631
#7 0x409c9c in readOHDRmessages /home/libmysofa/libmysofa_asan/libmysofa/src/hdf/dataobject.c:826
#8 0x40a3de in dataobjectRead /home/libmysofa/libmysofa_asan/libmysofa/src/hdf/dataobject.c:913
#9 0x40d8d6 in directblockRead /home/libmysofa/libmysofa_asan/libmysofa/src/hdf/fractalhead.c:201
#10 0x40e0ec in indirectblockRead /home/libmysofa/libmysofa_asan/libmysofa/src/hdf/fractalhead.c:295
#11 0x40f722 in fractalheapRead /home/libmysofa/libmysofa_asan/libmysofa/src/hdf/fractalhead.c:448
#12 0x40a534 in dataobjectRead /home/libmysofa/libmysofa_asan/libmysofa/src/hdf/dataobject.c:931
#13 0x40d8d6 in directblockRead /home/libmysofa/libmysofa_asan/libmysofa/src/hdf/fractalhead.c:201
#14 0x40f74a in fractalheapRead /home/libmysofa/libmysofa_asan/libmysofa/src/hdf/fractalhead.c:451
#15 0x40a626 in dataobjectRead /home/libmysofa/libmysofa_asan/libmysofa/src/hdf/dataobject.c:937
#16 0x40d8d6 in directblockRead /home/libmysofa/libmysofa_asan/libmysofa/src/hdf/fractalhead.c:201
#17 0x40f74a in fractalheapRead /home/libmysofa/libmysofa_asan/libmysofa/src/hdf/fractalhead.c:451
#18 0x40a626 in dataobjectRead /home/libmysofa/libmysofa_asan/libmysofa/src/hdf/dataobject.c:937
#19 0x40d8d6 in directblockRead /home/libmysofa/libmysofa_asan/libmysofa/src/hdf/fractalhead.c:201
#20 0x40f74a in fractalheapRead /home/libmysofa/libmysofa_asan/libmysofa/src/hdf/fractalhead.c:451
#21 0x40a626 in dataobjectRead /home/libmysofa/libmysofa_asan/libmysofa/src/hdf/dataobject.c:937
.....
about code:
case 6:
log(" COMPONENT %d %02X\n", dt->size, dt->class_bit_field);
if ((dt->class_and_version & 0xf0) != 0x30) {
log("object OHDR datatype message must have version 1 not %d\n",
dt->class_and_version >> 4);
return MYSOFA_INVALID_FORMAT;
}
for (i = 0; i < (dt->class_bit_field & 0xffff); i++) {
int maxsize = 0x1000;
---------------> buffer = malloc(maxsize);
The text was updated successfully, but these errors were encountered:
A crafted input will lead to crash in dataobject.c at libmysofa v0.8.
Triggered by
./mysofa2json POC
Poc
overflow-libmysofa2
The ASAN information is as follows:
about code:
The text was updated successfully, but these errors were encountered: