Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
root@ubuntu:/home/tim/fuzz/codedoc# ./codedoc poc2 poc2.zip
asan output
================================================================= ==29166==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7ffffffddc40 at pc 0x7ffff6e94d82 bp 0x7ffffffd9b70 sp 0x7ffffffd9318 WRITE of size 1 at 0x7ffffffddc40 thread T0 #0 0x7ffff6e94d81 in __interceptor_memmove (/usr/lib/x86_64-linux-gnu/libasan.so.4+0x7ad81) #1 0x555555567c6e in memmove /usr/include/x86_64-linux-gnu/bits/string_fortified.h:40 #2 0x555555567c6e in codedoc_strlcpy /home/tim/codedoc-addr/codedoc.c:144 #3 0x555555567e8c in add_variable /home/tim/codedoc-addr/codedoc.c:860 #4 0x55555556d103 in scan_file /home/tim/codedoc-addr/codedoc.c:3591 #5 0x555555566b56 in main /home/tim/codedoc-addr/codedoc.c:488 #6 0x7ffff660eb96 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b96) #7 0x5555555675e9 in _start (/home/tim/fuzz/codedoc/codedoc-addr+0x135e9) Address 0x7ffffffddc40 is located in stack of thread T0 at offset 16480 in frame #0 0x555555567cb0 in add_variable /home/tim/codedoc-addr/codedoc.c:810 This frame has 2 object(s): [32, 36) 'whitespace' [96, 16480) 'buffer' <== Memory access at offset 16480 overflows this variable HINT: this may be a false positive if your program uses some custom stack unwind mechanism or swapcontext (longjmp and C++ exceptions *are* supported) SUMMARY: AddressSanitizer: stack-buffer-overflow (/usr/lib/x86_64-linux-gnu/libasan.so.4+0x7ad81) in __interceptor_memmove Shadow bytes around the buggy address: 0x10007fff3b30: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x10007fff3b40: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x10007fff3b50: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x10007fff3b60: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x10007fff3b70: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 =>0x10007fff3b80: 00 00 00 00 00 00 00 00[f3]f3 f3 f3 00 00 00 00 0x10007fff3b90: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x10007fff3ba0: 00 00 00 00 00 00 00 00 f1 f1 f1 f1 04 f2 f2 f2 0x10007fff3bb0: f2 f2 f2 f2 00 00 00 00 00 00 00 00 00 00 00 00 0x10007fff3bc0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x10007fff3bd0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb ==29166==ABORTING
gdb output
*** stack smashing detected ***: <unknown> terminated Program received signal SIGABRT, Aborted. [----------------------------------registers-----------------------------------] RAX: 0x0 RBX: 0x7ffffffd9bd0 --> 0x0 RCX: 0x7ffff75e6e97 (<__GI_raise+199>: mov rcx,QWORD PTR [rsp+0x108]) RDX: 0x0 RSI: 0x7ffffffd9930 --> 0x0 RDI: 0x2 RBP: 0x7ffffffd9d60 --> 0x7ffff775e97e ("<unknown>") RSP: 0x7ffffffd9930 --> 0x0 RIP: 0x7ffff75e6e97 (<__GI_raise+199>: mov rcx,QWORD PTR [rsp+0x108]) R8 : 0x0 R9 : 0x7ffffffd9930 --> 0x0 R10: 0x8 R11: 0x246 R12: 0x7ffffffd9bd0 --> 0x0 R13: 0x1000 R14: 0x0 R15: 0x30 ('0') EFLAGS: 0x246 (carry PARITY adjust ZERO sign trap INTERRUPT direction overflow) [-------------------------------------code-------------------------------------] 0x7ffff75e6e8b <__GI_raise+187>: mov edi,0x2 0x7ffff75e6e90 <__GI_raise+192>: mov eax,0xe 0x7ffff75e6e95 <__GI_raise+197>: syscall => 0x7ffff75e6e97 <__GI_raise+199>: mov rcx,QWORD PTR [rsp+0x108] 0x7ffff75e6e9f <__GI_raise+207>: xor rcx,QWORD PTR fs:0x28 0x7ffff75e6ea8 <__GI_raise+216>: mov eax,r8d 0x7ffff75e6eab <__GI_raise+219>: jne 0x7ffff75e6ecc <__GI_raise+252> 0x7ffff75e6ead <__GI_raise+221>: add rsp,0x118 [------------------------------------stack-------------------------------------] 0000| 0x7ffffffd9930 --> 0x0 0008| 0x7ffffffd9938 --> 0x0 0016| 0x7ffffffd9940 --> 0x0 0024| 0x7ffffffd9948 --> 0x0 0032| 0x7ffffffd9950 --> 0x0 0040| 0x7ffffffd9958 --> 0x0 0048| 0x7ffffffd9960 --> 0x0 0056| 0x7ffffffd9968 --> 0x0 [------------------------------------------------------------------------------] Legend: code, data, rodata, value Stopped reason: SIGABRT __GI_raise (sig=sig@entry=0x6) at ../sysdeps/unix/sysv/linux/raise.c:51 51 ../sysdeps/unix/sysv/linux/raise.c: No such file or directory. gdb-peda$ bt #0 __GI_raise (sig=sig@entry=0x6) at ../sysdeps/unix/sysv/linux/raise.c:51 #1 0x00007ffff75e8801 in __GI_abort () at abort.c:79 #2 0x00007ffff7631897 in __libc_message (action=action@entry=do_abort, fmt=fmt@entry=0x7ffff775e988 "*** %s ***: %s terminated\n") at ../sysdeps/posix/libc_fatal.c:181 #3 0x00007ffff76dccd1 in __GI___fortify_fail_abort (need_backtrace=need_backtrace@entry=0x0, msg=msg@entry=0x7ffff775e966 "stack smashing detected") at fortify_fail.c:33 #4 0x00007ffff76dcc92 in __stack_chk_fail () at stack_chk_fail.c:29 #5 0x0000555555558602 in add_variable (parent=<optimized out>, name=<optimized out>, type=<optimized out>) at codedoc.c:930 #6 0x000055555555b95e in scan_file (file=<optimized out>, tree=<optimized out>) at codedoc.c:3591 #7 0x00005555555577d6 in main (argc=argc@entry=0x2, argv=argv@entry=0x7fffffffe098) at codedoc.c:488 #8 0x00007ffff75c9b97 in __libc_start_main (main=0x555555557239 <main>, argc=0x2, argv=0x7fffffffe098, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fffffffe088) at ../csu/libc-start.c:310 #9 0x0000555555557dfa in _start () gdb-peda$
The text was updated successfully, but these errors were encountered:
Fix a buffer overflow issue with fuzzer-generated code (Issue #5)
19532db
[master 19532db] Fix a buffer overflow issue with fuzzer-generated code (Issue #5)
Sorry, something went wrong.
michaelrsweet
No branches or pull requests
root@ubuntu:/home/tim/fuzz/codedoc# ./codedoc poc2
poc2.zip
asan output
gdb output
The text was updated successfully, but these errors were encountered: