Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
A stack-buffer-overflow bug was discovered in function do_prism_read_palette modules/atari-img.c:331
Version v1.6.2 (Lastest commit)
Ubuntu 18.04, 64bit
Command
git clone the Lastest Version firstly. make && make install ./deark -l -zip ./poc
POC file at the bottom of this report.
Module: prismpaint ================================================================= ==20784==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7ffc6490a820 at pc 0x55eae0de20ff bp 0x7ffc6490a390 sp 0x7ffc6490a380 READ of size 4 at 0x7ffc6490a820 thread T0 #0 0x55eae0de20fe in do_prism_read_palette modules/atari-img.c:331 #1 0x55eae0de247e in de_run_prismpaint modules/atari-img.c:361 #2 0x55eae0fd7023 in de_run_module src/deark-util.c:878 #3 0x55eae0fd7023 in de_run_module src/deark-util.c:843 #4 0x55eae1036a35 in de_run src/deark-user.c:452 #5 0x55eae0dc39e9 in main2 src/deark-cmd.c:988 #6 0x55eae0dc39e9 in main src/deark-cmd.c:1022 #7 0x7fd587ac4082 in __libc_start_main ../csu/libc-start.c:308 #8 0x55eae0dc652d in _start (/AFLplusplus/my_test/deark/backup/asan/deark-master/deark+0xf652d) Address 0x7ffc6490a820 is located in stack of thread T0 at offset 1056 in frame #0 0x55eae0de1c7f in do_prism_read_palette modules/atari-img.c:304 This frame has 2 object(s): [32, 1056) 'pal1' (line 308) <== Memory access at offset 1056 overflows this variable [1184, 1216) 'tmps' (line 310) HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork (longjmp and C++ exceptions *are* supported) SUMMARY: AddressSanitizer: stack-buffer-overflow modules/atari-img.c:331 in do_prism_read_palette Shadow bytes around the buggy address: 0x10000c9194b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x10000c9194c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x10000c9194d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x10000c9194e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x10000c9194f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 =>0x10000c919500: 00 00 00 00[f2]f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 0x10000c919510: f2 f2 f2 f2 00 00 00 00 f3 f3 f3 f3 00 00 00 00 0x10000c919520: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x10000c919530: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x10000c919540: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x10000c919550: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb Shadow gap: cc
id_000027,sig_11,src_013544+002505,time_31840218,execs_68965869,op_splice,rep_16.zip
Any issue plz contact with me: asteriska001@gmail.com OR: twitter: @Asteriska8
The text was updated successfully, but these errors were encountered:
prismpaint: Fixed a buffer overrun bug
b297d9a
Ref: GitHub issue #52
Thanks. It should be fixed now (commit b297d9a).
Sorry, something went wrong.
No branches or pull requests
Description
A stack-buffer-overflow bug was discovered in function do_prism_read_palette modules/atari-img.c:331
Version
Version v1.6.2 (Lastest commit)
Environment
Ubuntu 18.04, 64bit
Reproduce
Command
POC file at the bottom of this report.
ASAN Report
POC
id_000027,sig_11,src_013544+002505,time_31840218,execs_68965869,op_splice,rep_16.zip
Any issue plz contact with me:
asteriska001@gmail.com
OR:
twitter: @Asteriska8
The text was updated successfully, but these errors were encountered: