Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

AddressSanitizer shlr/java/class.c #2453

Closed
ghost opened this issue Apr 28, 2015 · 1 comment
Closed

AddressSanitizer shlr/java/class.c #2453

ghost opened this issue Apr 28, 2015 · 1 comment
Labels
fuzzing

Comments

@ghost
Copy link

ghost commented Apr 28, 2015 

==15712==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x614000010714 at pc 0x7f307c2483f7 bp 0x7fffef3a5b50 sp 0x7fffef3a5b40
READ of size 1 at 0x614000010714 thread T0
    #0 0x7f307c2483f6 in r_bin_java_code_attr_new /home/revskills/radare2/shlr/java/class.c:3251
    #1 0x7f307c23dca4 in r_bin_java_read_next_attr_from_buffer /home/revskills/radare2/shlr/java/class.c:1994
    #2 0x7f307c248c22 in r_bin_java_code_attr_new /home/revskills/radare2/shlr/java/class.c:3281
    #3 0x7f307c23dca4 in r_bin_java_read_next_attr_from_buffer /home/revskills/radare2/shlr/java/class.c:1994
    #4 0x7f307c23d95d in r_bin_java_read_next_attr /home/revskills/radare2/shlr/java/class.c:1962
    #5 0x7f307c23a8ae in r_bin_java_read_next_field /home/revskills/radare2/shlr/java/class.c:1489
    #6 0x7f307c23ef61 in r_bin_java_parse_fields /home/revskills/radare2/shlr/java/class.c:2114
    #7 0x7f307c2403cc in r_bin_java_load_bin /home/revskills/radare2/shlr/java/class.c:2257
    #8 0x7f307c23fdd9 in r_bin_java_new_bin /home/revskills/radare2/shlr/java/class.c:2219
    #9 0x7f307c246683 in r_bin_java_new_buf /home/revskills/radare2/shlr/java/class.c:2926
    #10 0x7f307c19f6d5 in load_bytes /home/revskills/radare2/libr/..//libr/bin/p/bin_java.c:67
    #11 0x7f307c1380c8 in r_bin_object_new /home/revskills/radare2/libr/bin/bin.c:909
    #12 0x7f307c139178 in r_bin_file_new_from_bytes /home/revskills/radare2/libr/bin/bin.c:1054
    #13 0x7f307c136a96 in r_bin_load_io_at_offset_as_sz /home/revskills/radare2/libr/bin/bin.c:643
    #14 0x7f307c136b91 in r_bin_load_io_at_offset_as /home/revskills/radare2/libr/bin/bin.c:665
    #15 0x7f307c135fc4 in r_bin_load_io /home/revskills/radare2/libr/bin/bin.c:545
    #16 0x7f307cf2313c in r_core_file_do_load_for_io_plugin /home/revskills/radare2/libr/core/file.c:344
    #17 0x7f307cf23a75 in r_core_bin_load /home/revskills/radare2/libr/core/file.c:476
    #18 0x4061fd in main /home/revskills/radare2/binr/radare2/radare2.c:573
    #19 0x7f3078094ec4 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21ec4)
    #20 0x4030f8 (/home/revskills/radare2/binr/radare2/radare2+0x4030f8)

0x614000010714 is located 102527711485617 bytes insideASAN:SIGSEGV
==15712==AddressSanitizer

file from radare-regressions: id031 34d8f680a8a0795b9ce451268f47c921
radare2 0.9.9-git 7749 @ linux-little-x86-64 git.0.9.8-1399-g5b4a4b7
commit: 5b4a4b7 build: 2015-04-28
@ghost
Copy link
Author

ghost commented Apr 28, 2015

Check this one too:

==22786==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x612000014fcd at pc 0x7fc43d5a860c bp 0x7fffcaf43ee0 sp 0x7fffcaf43ed0
READ of size 1 at 0x612000014fcd thread T0
    #0 0x7fc43d5a860b in r_bin_java_parse_methods /home/revskills/radare2/shlr/java/class.c:2171
    #1 0x7fc43d5a9443 in r_bin_java_load_bin /home/revskills/radare2/shlr/java/class.c:2262
    #2 0x7fc43d5a8dd9 in r_bin_java_new_bin /home/revskills/radare2/shlr/java/class.c:2219
    #3 0x7fc43d5af683 in r_bin_java_new_buf /home/revskills/radare2/shlr/java/class.c:2926
    #4 0x7fc43d5086d5 in load_bytes /home/revskills/radare2/libr/..//libr/bin/p/bin_java.c:67
    #5 0x7fc43d4a10c8 in r_bin_object_new /home/revskills/radare2/libr/bin/bin.c:909
    #6 0x7fc43d4a2178 in r_bin_file_new_from_bytes /home/revskills/radare2/libr/bin/bin.c:1054
    #7 0x7fc43d49fa96 in r_bin_load_io_at_offset_as_sz /home/revskills/radare2/libr/bin/bin.c:643
    #8 0x7fc43d49fb91 in r_bin_load_io_at_offset_as /home/revskills/radare2/libr/bin/bin.c:665
    #9 0x7fc43d49efc4 in r_bin_load_io /home/revskills/radare2/libr/bin/bin.c:545
    #10 0x7fc43e28c13c in r_core_file_do_load_for_io_plugin /home/revskills/radare2/libr/core/file.c:344
    #11 0x7fc43e28ca75 in r_core_bin_load /home/revskills/radare2/libr/core/file.c:476
    #12 0x4061fd in main /home/revskills/radare2/binr/radare2/radare2.c:573
    #13 0x7fc4393fdec4 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21ec4)
    #14 0x4030f8 (/home/revskills/radare2/binr/radare2/radare2+0x4030f8)

0x612000014fcd is located 102390272550762 bytes insideASAN:SIGSEGV
==22786==AddressSanitizer

file from radare-regressions: id070 06eb51e64b622ee5ecdbfb1573d34076
radare2 0.9.9-git 7749 @ linux-little-x86-64 git.0.9.8-1399-g5b4a4b7
commit: 5b4a4b7 build: 2015-04-28

@radare radare closed this as completed in 5d1ff72 Apr 29, 2015
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
fuzzing
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@jvoisin