We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
rasm2 exits with error messages
rasm2 crashes
==12719==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7ffcb1a49150 at pc 0x7fd749638618 bp 0x7ffcb1a49050 sp 0x7ffcb1a49048 WRITE of size 4 at 0x7ffcb1a49150 thread T0 #0 0x7fd749638617 in parseOperands /home/exp/FOT/radare2-fuzz/libr/asm/p/../arch/arm/armass64.c:740:30 #1 0x7fd749638617 in parseOpcode /home/exp/FOT/radare2-fuzz/libr/asm/p/../arch/arm/armass64.c:867 #2 0x7fd749638617 in arm64ass /home/exp/FOT/radare2-fuzz/libr/asm/p/../arch/arm/armass64.c:872 #3 0x7fd74956725d in assemble /home/exp/FOT/radare2-fuzz/libr/asm/p/asm_arm_cs.c:136:8 #4 0x7fd749995f25 in r_asm_assemble /home/exp/FOT/radare2-fuzz/libr/asm/asm.c:594:10 #5 0x7fd74999a986 in r_asm_massemble /home/exp/FOT/radare2-fuzz/libr/asm/asm.c:980:12 #6 0x7fd7499a13ff in r_asm_rasm_assemble /home/exp/FOT/radare2-fuzz/libr/asm/asm.c:1137:10 #7 0x56453eb71cfe in rasm_asm /home/exp/FOT/radare2-fuzz/binr/rasm2/rasm2.c:370:16 #8 0x56453eb71b1e in print_assembly_output /home/exp/FOT/radare2-fuzz/binr/rasm2/rasm2.c:429:8 #9 0x56453eb6ebd3 in main /home/exp/FOT/radare2-fuzz/binr/rasm2/rasm2.c:804:10 #10 0x7fd746621b96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310 #11 0x56453ea72af9 in _start (/home/exp/FOT/radare2-fuzz/binr/rasm2/rasm2+0x1eaf9) Address 0x7ffcb1a49150 is located in stack of thread T0 at offset 240 in frame #0 0x7fd74962e87f in arm64ass /home/exp/FOT/radare2-fuzz/libr/asm/p/../arch/arm/armass64.c:870 This frame has 1 object(s): [32, 240) 'ops' (line 871) <== Memory access at offset 240 overflows this variable HINT: this may be a false positive if your program uses some custom stack unwind mechanism or swapcontext (longjmp and C++ exceptions *are* supported) SUMMARY: AddressSanitizer: stack-buffer-overflow /home/exp/FOT/radare2-fuzz/libr/asm/p/../arch/arm/armass64.c:740:30 in parseOperands Shadow bytes around the buggy address: 0x1000163411d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x1000163411e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x1000163411f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x100016341200: 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 0x100016341210: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 =>0x100016341220: 00 00 00 00 00 00 00 00 00 00[f3]f3 f3 f3 f3 f3 0x100016341230: f3 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 0x100016341240: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x100016341250: 00 00 00 00 f1 f1 f1 f1 04 f2 f8 f3 00 00 00 00 0x100016341260: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x100016341270: 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb ==12719==ABORTING [1] 12719 abort rasm2 -a arm -b 64 '0 ,0,0,0,0,0,0,'
rasm2 -a arm -b 64 '0 ,0,0,0,0,0,0,'
We also find another file generates from r2's pd $s results that also emits such an error when running rasm2 -a arm -b 64 -f $FILE.
pd $s
rasm2 -a arm -b 64 -f $FILE
The text was updated successfully, but these errors were encountered:
The crash happens when radare2 is compiled with Clang -fsanitize=address -g -O3.
-fsanitize=address -g -O3
Sorry, something went wrong.
df167c7
No branches or pull requests
Work environment
Expected behavior
rasm2 exits with error messages
Actual behavior
rasm2 crashes
Steps to reproduce the behavior
rasm2 -a arm -b 64 '0 ,0,0,0,0,0,0,'
Additional Logs, screenshots, source-code, configuration dump, ...
We also find another file generates from r2's
pd $s
results that also emits such an error when runningrasm2 -a arm -b 64 -f $FILE
.The text was updated successfully, but these errors were encountered: