Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
When the program input contains the option of "-b" , the program will cause global buffer overflow error.
Test Environment Ubuntu 20.04, 64 bit catdoc (version: 0.95; )
How to trigger Compile the program with AddressSanitizer Run command $ .catdoc -b $POC Details ASAN report $./catdoc -b $POC
================================================================= ==928572==ERROR: AddressSanitizer: global-buffer-overflow on address 0x000000ddb81e at pc 0x0000004cfcf2 bp 0x7ffd66b3b610 sp 0x7ffd66b3b608 READ of size 2 at 0x000000ddb81e thread T0 #0 0x4cfcf1 in process_file /home/root/FuzzDateset/catdoc/catdoc-0.95/src/reader.c:175:6 #1 0x4d12a2 in analyze_format /home/root/FuzzDateset/catdoc/catdoc-0.95/src/analyze.c:38:10 #2 0x4cd221 in main /home/root/FuzzDateset/catdoc/catdoc-0.95/src/catdoc.c:180:6 #3 0x7fcb6627f082 in __libc_start_main /build/glibc-SzIz7B/glibc-2.31/csu/../csu/libc-start.c:308:16 #4 0x41d44d in _start (/home/root/randomFuzz/catdoc/catdoc/catdoc_a_u_b/catdoc+0x41d44d) 0x000000ddb81e is located 2 bytes to the left of global variable 'buffer' defined in 'reader.c:13:20' (0xddb820) of size 524288 0x000000ddb81e is located 22 bytes to the right of global variable 'output_buffer' defined in 'catdoc.c:26:22' (0xddb800) of size 8 SUMMARY: AddressSanitizer: global-buffer-overflow /home/root/FuzzDateset/catdoc/catdoc-0.95/src/reader.c:175:6 in process_file Shadow bytes around the buggy address: 0x0000801b36b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0000801b36c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0000801b36d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0000801b36e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0000801b36f0: 00 00 00 00 04 f9 f9 f9 00 f9 f9 f9 00 f9 f9 f9 =>0x0000801b3700: 00 f9 f9[f9]00 00 00 00 00 00 00 00 00 00 00 00 0x0000801b3710: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0000801b3720: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0000801b3730: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0000801b3740: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0000801b3750: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb ==928572==ABORTING
The URL of PoC is PoC
The text was updated successfully, but these errors were encountered:
No branches or pull requests
When the program input contains the option of "-b" , the program will cause global buffer overflow error.
Test Environment
Ubuntu 20.04, 64 bit catdoc (version: 0.95; )
How to trigger
Compile the program with AddressSanitizer
Run command $ .catdoc -b $POC
Details
ASAN report
$./catdoc -b $POC
The URL of PoC is PoC
The text was updated successfully, but these errors were encountered: