You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
==3759==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x611000016300 at pc 0x7fb03a620513 bp 0x7ffee94a4570 sp 0x7ffee94a4560
READ of size 1 at 0x611000016300 thread T0
#0 0x7fb03a620512 in r_read_le32 XYZ/radare2/libr/include/r_endian.h:176
#1 0x7fb03a620674 in r_read_at_le32 XYZ/radare2/libr/include/r_endian.h:185
#2 0x7fb03a620693 in r_read_le64 XYZ/radare2/libr/include/r_endian.h:199
#3 0x7fb03a6206e0 in r_read_at_le64 XYZ/radare2/libr/include/r_endian.h:206
#4 0x7fb03a622ef9 in wasm_dis XYZ/radare2/libr/..//libr/anal/p/../../asm/arch/wasm/wasm.c:655
#5 0x7fb03a624556 in wasm_op XYZ/radare2/libr/..//libr/anal/p/anal_wasm.c:79
#6 0x7fb03a66bc56 in r_anal_op XYZ/radare2/libr/anal/op.c:153
#7 0x7fb03e82c985 in r_core_anal_search_xrefs XYZ/radare2/libr/core/canal.c:3680
#8 0x7fb03e5e6f44 in r_core_anal_refs XYZ/radare2/libr/core/cmd_anal.c:7641
#9 0x7fb03e5ed3d9 in cmd_anal_all XYZ/radare2/libr/core/cmd_anal.c:8212
#10 0x7fb03e5f4908 in cmd_anal XYZ/radare2/libr/core/cmd_anal.c:9051
#11 0x7fb03e7f740f in r_cmd_call XYZ/radare2/libr/core/cmd_api.c:244
#12 0x7fb03e6deb61 in r_core_cmd_subst_i XYZ/radare2/libr/core/cmd.c:3276
#13 0x7fb03e6d3067 in r_core_cmd_subst XYZ/radare2/libr/core/cmd.c:2172
#14 0x7fb03e6e7ef0 in r_core_cmd XYZ/radare2/libr/core/cmd.c:4111
#15 0x7fb03e6e8fd4 in r_core_cmd0 XYZ/radare2/libr/core/cmd.c:4276
#16 0x7fb04621eb6a in r_main_radare2 XYZ/radare2/libr/main/radare2.c:1391
#17 0x560feb23c829 in main XYZ/radare2/binr/radare2/radare2.c:48
#18 0x7fb0450b6b96 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b96)
#19 0x560feb23c729 in _start (XYZ/radare2/binr/radare2/radare2+0x729)
0x611000016300 is located 0 bytes to the right of 256-byte region [0x611000016200,0x611000016300)
allocated by thread T0 here:
#0 0x7fb0465d3b50 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdeb50)
#1 0x7fb03e82c4cb in r_core_anal_search_xrefs XYZ/radare2/libr/core/canal.c:3647
#2 0x7fb03e5e6f44 in r_core_anal_refs XYZ/radare2/libr/core/cmd_anal.c:7641
#3 0x7fb03e5ed3d9 in cmd_anal_all XYZ/radare2/libr/core/cmd_anal.c:8212
#4 0x7fb03e5f4908 in cmd_anal XYZ/radare2/libr/core/cmd_anal.c:9051
#5 0x7fb03e7f740f in r_cmd_call XYZ/radare2/libr/core/cmd_api.c:244
#6 0x7fb03e6deb61 in r_core_cmd_subst_i XYZ/radare2/libr/core/cmd.c:3276
#7 0x7fb03e6d3067 in r_core_cmd_subst XYZ/radare2/libr/core/cmd.c:2172
#8 0x7fb03e6e7ef0 in r_core_cmd XYZ/radare2/libr/core/cmd.c:4111
#9 0x7fb03e6e8fd4 in r_core_cmd0 XYZ/radare2/libr/core/cmd.c:4276
#10 0x7fb04621eb6a in r_main_radare2 XYZ/radare2/libr/main/radare2.c:1391
#11 0x560feb23c829 in main XYZ/radare2/binr/radare2/radare2.c:48
#12 0x7fb0450b6b96 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b96)
SUMMARY: AddressSanitizer: heap-buffer-overflow XYZ/radare2/libr/include/r_endian.h:176 in r_read_le32
Shadow bytes around the buggy address:
0x0c227fffac10: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd
0x0c227fffac20: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c227fffac30: fd fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c227fffac40: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c227fffac50: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0c227fffac60:[fa]fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00
0x0c227fffac70: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c227fffac80: 00 00 00 00 00 00 00 00 fa fa fa fa fa fa fa fa
0x0c227fffac90: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c227fffaca0: fd fd fd fd fd fd fd fd fd fa fa fa fa fa fa fa
0x0c227fffacb0: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==3759==ABORTING
The text was updated successfully, but these errors were encountered:
pventuzelo
changed the title
Heap out of bounds read in r_read_le32() (wasm)
Heap out of bounds read in r_read_le32() (wasm_dis)
Jun 5, 2019
pventuzelo
changed the title
Heap out of bounds read in r_read_le32() (wasm_dis:655)
Heap out of bounds read in r_read_le32() (wasm_dis:655 - WASM_OP_F64CONST)
Jun 6, 2019
Work environment
Expected behavior
Disassembly of file or error message.
Actual behavior
Heap out of bounds read in ASAN build.
Steps to reproduce the behavior
r2 -A r2_hoobr_wasm_r_read_le32
Additional Logs, screenshots, source-code, configuration dump, ...
ASAN report:
The text was updated successfully, but these errors were encountered: