Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Multiple heap-buffer-overflow in load_module #18

Open
haruki3hhh opened this issue Mar 7, 2024 · 1 comment
Open

Multiple heap-buffer-overflow in load_module #18

haruki3hhh opened this issue Mar 7, 2024 · 1 comment

Comments

@haruki3hhh
Copy link

Version

385e13c

Compile

CFLAGS="-g -fsanitize=address" make

ASAN Report

root@9dc6ce043bcb:~/Ablation/wasm-fuzz/fuzz_out_wac/crashes# ./wace id:000220,sig:11,src:001688,op:python,pos:0
=================================================================
==4631==ERROR: AddressSanitizer: heap-buffer-overflow on address 0xf3c004d4 at pc 0x56665510 bp 0xffcd8328 sp 0xffcd8318
WRITE of size 4 at 0xf3c004d4 thread T0
    #0 0x5666550f in load_module /root/Ablation/wac-asan/wa.c:1806
    #1 0x566680e9 in main /root/Ablation/wac-asan/wace.c:64
    #2 0xf73c7ed4 in __libc_start_main ../csu/libc-start.c:308
    #3 0x5664b704 in _start (/root/Ablation/wac-asan/wace+0x3704)

0xf3c004d4 is located 0 bytes to the right of 4-byte region [0xf3c004d0,0xf3c004d4)
allocated by thread T0 here:
    #0 0xf7a1a9f7 in __interceptor_calloc ../../../../../src/libsanitizer/asan/asan_malloc_linux.cc:153
    #1 0x56667299 in acalloc /root/Ablation/wac-asan/platform_libc.c:16
    #2 0x566640f7 in load_module /root/Ablation/wac-asan/wa.c:1694
    #3 0x566680e9 in main /root/Ablation/wac-asan/wace.c:64
    #4 0xf73c7ed4 in __libc_start_main ../csu/libc-start.c:308

Reproduce

./wace https://github.com/haruki3hhh/fuzzing/blob/main/wac/id%3A000220%2Csig%3A11%2Csrc%3A001688%2Cop%3Apython%2Cpos%3A0
@haruki3hhh haruki3hhh changed the title heap-buffer-overflow in load_module Multiple heap-buffer-overflow in load_module Mar 7, 2024
@haruki3hhh
Copy link
Author

Version

385e13c

Compile

CFLAGS="-g -fsanitize=address" make

ASAN Report

root@9dc6ce043bcb:~/Ablation/wasm-fuzz/fuzz_out_wac/crashes# ./wace id:000220,sig:11,src:001688,op:python,pos:0
=================================================================
==4631==ERROR: AddressSanitizer: heap-buffer-overflow on address 0xf3c004d4 at pc 0x56665510 bp 0xffcd8328 sp 0xffcd8318
WRITE of size 4 at 0xf3c004d4 thread T0
    #0 0x5666550f in load_module /root/Ablation/wac-asan/wa.c:1806
    #1 0x566680e9 in main /root/Ablation/wac-asan/wace.c:64
    #2 0xf73c7ed4 in __libc_start_main ../csu/libc-start.c:308
    #3 0x5664b704 in _start (/root/Ablation/wac-asan/wace+0x3704)

0xf3c004d4 is located 0 bytes to the right of 4-byte region [0xf3c004d0,0xf3c004d4)
allocated by thread T0 here:
    #0 0xf7a1a9f7 in __interceptor_calloc ../../../../../src/libsanitizer/asan/asan_malloc_linux.cc:153
    #1 0x56667299 in acalloc /root/Ablation/wac-asan/platform_libc.c:16
    #2 0x566640f7 in load_module /root/Ablation/wac-asan/wa.c:1694
    #3 0x566680e9 in main /root/Ablation/wac-asan/wace.c:64
    #4 0xf73c7ed4 in __libc_start_main ../csu/libc-start.c:308

Reproduce

./wace https://github.com/haruki3hhh/fuzzing/blob/main/wac/id%3A000060%2Csig%3A11%2Csrc%3A000707%2Cop%3Apython%2Cpos%3A0

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@haruki3hhh