Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Stack overflow (memcmp) #133

Closed
blindfuzzy opened this issue Apr 11, 2017 · 2 comments
Closed

Stack overflow (memcmp) #133

blindfuzzy opened this issue Apr 11, 2017 · 2 comments

Comments

@blindfuzzy
Copy link

GDB:

Program received signal SIGSEGV, Segmentation fault.

 [----------------------------------registers-----------------------------------]
RAX: 0x60600000de22 --> 0x796c70 ('ply')
RBX: 0x67af80 --> 0x0 
RCX: 0x60400000d210 --> 0x60800000b520 --> 0x60800000bf20 (0x000060800000bf20)
RDX: 0x5 
RSI: 0x60600000de20 --> 0x796c707061 --> 0x0 
RDI: 0x606000008de0 --> 0x796c707061 --> 0x0 
RBP: 0x7fffff7ff750 --> 0xcd92bf19 --> 0x0 
RSP: 0x7fffff7feee0 
RIP: 0x7ffff6ee1749 (<memcmp+665>:	call   QWORD PTR [rip+0x49b571]        # 0x7ffff737ccc0)
R8 : 0x679c68 --> 0x67af80 --> 0x0 
R9 : 0x67af80 --> 0x0 
R10: 0x679c68 --> 0x67af80 --> 0x0 
R11: 0x1 
R12: 0x60600000ec00 --> 0x200000020 --> 0x0 
R13: 0x5 
R14: 0x60600000de20 --> 0x796c707061 --> 0x0 
R15: 0x606000008de0 --> 0x796c707061 --> 0x0
EFLAGS: 0x10246 (carry PARITY adjust ZERO sign trap INTERRUPT direction overflow)
[-------------------------------------code-------------------------------------]
   0x7ffff6ee1740 <memcmp+656>:	mov    rdx,r13
   0x7ffff6ee1743 <memcmp+659>:	mov    rsi,r14
   0x7ffff6ee1746 <memcmp+662>:	mov    rdi,r15
=> 0x7ffff6ee1749 <memcmp+665>:	call   QWORD PTR [rip+0x49b571]        # 0x7ffff737ccc0
   0x7ffff6ee174f <memcmp+671>:	lea    rdx,[rip+0x6f474a]        # 0x7ffff75d5ea0
   0x7ffff6ee1756 <memcmp+678>:	mov    rdx,QWORD PTR [rdx]
   0x7ffff6ee1759 <memcmp+681>:	test   rdx,rdx
   0x7ffff6ee175c <memcmp+684>:	je     0x7ffff6ee15fe <memcmp+334>
Guessed arguments:
arg[0]: 0x606000008de0 --> 0x796c707061 --> 0x0 
arg[1]: 0x60600000de20 --> 0x796c707061 --> 0x0 
arg[2]: 0x5 
[------------------------------------stack-------------------------------------]
Invalid $SP address: 0x7fffff7feee0
[------------------------------------------------------------------------------]
Legend: code, data, rodata, value
Stopped reason: SIGSEGV

POC:

#unittest {	error: NONE;
	result: 3;
};

func add() {
	main() _args[0] + _args[1];
}

func main() {
	return add.apply(self, [1,2]);
}
@marcobambini
Copy link
Owner

marcobambini commented Apr 12, 2017
edited
Loading

I made a lot of testing but I really don't think there can be a solution for these kind of issues.
It is an infinite loop that result in the process killed by the OS.
The same exact issue can be reproduced this a C program like:

#include <stdio.h>

static int func1(int a, int b);
static int sum = 0;

static int func2(int a, int b) {
    sum += func1(a,b);
    return sum;
}

static int func1(int a, int b) {
    sum += func2(a, b+sum);
    return sum;
}

int main(int argc, const char * argv[]) {
    func1(1,2);
    return 0;
}

Any comment?

@marcobambini
Copy link
Owner

Fixed by 3c8cfec.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@marcobambini @blindfuzzy