You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
=================================================================
==60039==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x625000002810 at pc 0x0000004e639b bp 0x7fffffffd6d0 sp 0x7fffffffd6c8
READ of size 1 at 0x625000002810 thread T0
#0 0x4e639a (/home/casper/targets/struct/stb/dbg/fuzzrun/ttfuzz+0x4e639a)
#1 0x4e7ad0 (/home/casper/targets/struct/stb/dbg/fuzzrun/ttfuzz+0x4e7ad0)
#2 0x4e9f65 (/home/casper/targets/struct/stb/dbg/fuzzrun/ttfuzz+0x4e9f65)
#3 0x4e10a4 (/home/casper/targets/struct/stb/dbg/fuzzrun/ttfuzz+0x4e10a4)
#4 0x4d71a2 (/home/casper/targets/struct/stb/dbg/fuzzrun/ttfuzz+0x4d71a2)
#5 0x4e1b28 (/home/casper/targets/struct/stb/dbg/fuzzrun/ttfuzz+0x4e1b28)
#6 0x7ffff6e24b96 (/lib/x86_64-linux-gnu/libc.so.6+0x21b96)
#7 0x41ad49 (/home/casper/targets/struct/stb/dbg/fuzzrun/ttfuzz+0x41ad49)
Address 0x625000002810 is a wild pointer.
SUMMARY: AddressSanitizer: heap-buffer-overflow (/home/casper/targets/struct/stb/dbg/fuzzrun/ttfuzz+0x4e639a)
Shadow bytes around the buggy address:
0x0c4a7fff84b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c4a7fff84c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c4a7fff84d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c4a7fff84e0: 00 00 00 00 00 00 00 00 fa fa fa fa fa fa fa fa
0x0c4a7fff84f0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
=>0x0c4a7fff8500: fa fa[fa]fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c4a7fff8510: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c4a7fff8520: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c4a7fff8530: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c4a7fff8540: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c4a7fff8550: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
==60039==ABORTING
Program received signal SIGABRT, Aborted.
[----------------------------------registers-----------------------------------]
RAX: 0x0
RBX: 0x73be28 --> 0x0
RCX: 0x7ffff6e41e97 (<__GI_raise+199>: mov rcx,QWORD PTR [rsp+0x108])
RDX: 0x0
RSI: 0x7fffffffc710 --> 0x0
RDI: 0x2
RBP: 0x7fffffffd6a0 --> 0x7fffffffd6d0 --> 0x7fffffffd740 --> 0x7fffffffd770 --> 0x7fffffffd8d0 --> 0x7fffffffe120 (--> ...)
RSP: 0x7fffffffc710 --> 0x0
RIP: 0x7ffff6e41e97 (<__GI_raise+199>: mov rcx,QWORD PTR [rsp+0x108])
R8 : 0x0
R9 : 0x7fffffffc710 --> 0x0
R10: 0x8
R11: 0x246
R12: 0x7fffffffd6d0 --> 0x7fffffffd740 --> 0x7fffffffd770 --> 0x7fffffffd8d0 --> 0x7fffffffe120 --> 0x7fffffffe150 (--> ...)
R13: 0x7fffffffd6c8 --> 0x7fffffffd948 --> 0x2700000027 --> 0x0
R14: 0x7fffffffd670 --> 0xffffffc6000001ba
R15: 0x7ce288 --> 0x1
EFLAGS: 0x246 (carry PARITY adjust ZERO sign trap INTERRUPT direction overflow)
[-------------------------------------code-------------------------------------]
0x7ffff6e41e8b <__GI_raise+187>: mov edi,0x2
0x7ffff6e41e90 <__GI_raise+192>: mov eax,0xe
0x7ffff6e41e95 <__GI_raise+197>: syscall
=> 0x7ffff6e41e97 <__GI_raise+199>: mov rcx,QWORD PTR [rsp+0x108]
0x7ffff6e41e9f <__GI_raise+207>: xor rcx,QWORD PTR fs:0x28
0x7ffff6e41ea8 <__GI_raise+216>: mov eax,r8d
0x7ffff6e41eab <__GI_raise+219>: jne 0x7ffff6e41ecc <__GI_raise+252>
0x7ffff6e41ead <__GI_raise+221>: add rsp,0x118
[------------------------------------stack-------------------------------------]
0000| 0x7fffffffc710 --> 0x0
0008| 0x7fffffffc718 --> 0x7fffffffe118 --> 0x0
0016| 0x7fffffffc720 --> 0x940000c600006100
0024| 0x7fffffffc728 --> 0x1008e0000dd0000
0032| 0x7fffffffc730 --> 0x0
0040| 0x7fffffffc738 --> 0x0
0048| 0x7fffffffc740 --> 0x0
0056| 0x7fffffffc748 --> 0x0
[------------------------------------------------------------------------------]
Legend: code, data, rodata, value
Stopped reason: SIGABRT
__GI_raise (sig=sig@entry=0x6) at ../sysdeps/unix/sysv/linux/raise.c:51
51 ../sysdeps/unix/sysv/linux/raise.c: No such file or directory.
gdb-peda$ bt
#0 __GI_raise (sig=sig@entry=0x6) at ../sysdeps/unix/sysv/linux/raise.c:51
#1 0x00007ffff6e43801 in __GI_abort () at abort.c:79
#2 0x00000000004b0707 in __sanitizer::Abort() ()
at /tmp/final/llvm.src/projects/compiler-rt/lib/sanitizer_common/sanitizer_posix_libcdep.cc:154
#3 0x00000000004af0e1 in __sanitizer::Die() ()
at /tmp/final/llvm.src/projects/compiler-rt/lib/sanitizer_common/sanitizer_termination.cc:58
#4 0x0000000000496c69 in ~ScopedInErrorReport ()
at /tmp/final/llvm.src/projects/compiler-rt/lib/asan/asan_report.cc:186
#5 0x00000000004983df in ReportGenericError ()
at /tmp/final/llvm.src/projects/compiler-rt/lib/asan/asan_report.cc:470
#6 0x0000000000498ab8 in __asan_report_load1 () at /tmp/final/llvm.src/projects/compiler-rt/lib/asan/asan_rtl.cc:117
#7 0x00000000004e639b in stbtt__buf_get8 (b=0x7fffffffd920) at ./SRC/stb_truetype.h:1105
#8 0x00000000004e7ad1 in stbtt__buf_get (b=0x7fffffffd920, n=0x2) at ./SRC/stb_truetype.h:1132
#9 0x00000000004e9f66 in stbtt__cff_get_index (b=0x7fffffffd920) at ./SRC/stb_truetype.h:1162
#10 0x00000000004e10a5 in stbtt_InitFont_internal (info=0x7fffffffe180, data=0x625000000100 "OTTO", fontstart=0x0)
at ./SRC/stb_truetype.h:1405
#11 0x00000000004d71a3 in stbtt_InitFont (info=0x7fffffffe180, data=0x625000000100 "OTTO", offset=0x0)
at ./SRC/stb_truetype.h:4771
#12 0x00000000004e1b29 in main (argc=0x2, argv=0x7fffffffe428) at ../fuzzsrc/ttfuzz.c:29
#13 0x00007ffff6e24b97 in __libc_start_main (main=0x4e18f0 <main>, argc=0x2, argv=0x7fffffffe428,
init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fffffffe418)
at ../csu/libc-start.c:310
#14 0x000000000041ad4a in _start ()
The text was updated successfully, but these errors were encountered:
stbtt__buf_get8
has heap overflow vulnerability.poc:
poc.zip
result:
The text was updated successfully, but these errors were encountered: