You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
==2604==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7ffe491e5460 at pc 0x56425c850b51 bp 0x7ffe491e4f40 sp 0x7ffe491e46c8
WRITE of size 1157 at 0x7ffe491e5460 thread T0
#0 0x56425c850b50 in vsprintf /home/llvm/clang-3.9/final/llvm.src/projects/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:1338:1
#1 0x56425c851e3d in __interceptor_sprintf /home/llvm/clang-3.9/final/llvm.src/projects/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:1369:1
#2 0x7f921939e5fb in dalvik_disassemble /XYZ/radare2/libr/asm/p/asm_dalvik.c:318:6
#3 0x7f92194bfec1 in r_asm_disassemble /XYZ/radare2/libr/asm/asm.c:388:9
#4 0x7f921dd3f1bf in r_core_anal_op /XYZ/radare2/libr/core/canal.c:741:6
#5 0x7f921dd4f55e in fcn_callconv /XYZ/radare2/libr/core/canal.c:2248:9
#6 0x7f921dd59de0 in r_core_anal_all /XYZ/radare2/libr/core/canal.c:2780:5
#7 0x7f921db993db in cmd_anal_all /XYZ/radare2/libr/core/./cmd_anal.c:5149:4
#8 0x7f921db993db in cmd_anal /XYZ/radare2/libr/core/./cmd_anal.c:5499
#9 0x7f921dd377cf in r_cmd_call /XYZ/radare2/libr/core/cmd_api.c:226:10
#10 0x7f921dc36b1c in r_core_cmd_subst_i /XYZ/radare2/libr/core/cmd.c:2082:16
#11 0x7f921db8b287 in r_core_cmd_subst /XYZ/radare2/libr/core/cmd.c:1359:9
#12 0x7f921db854a7 in r_core_cmd /XYZ/radare2/libr/core/cmd.c:2656:9
#13 0x56425c906c8a in main /XYZ/radare2/binr/radare2/radare2.c:1084:12
#14 0x7f92169c082f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
#15 0x56425c834b38 in _start (/usr/local/bin/radare2+0x20b38)
ASAN:DEADLYSIGNAL
AddressSanitizer: nested bug in the same thread, aborting.
More context in Valgrind report (I can overwrite return address! - please consider using stack canaries, because are disabled by default).
==25534== Memcheck, a memory error detector
==25534== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al.
==25534== Using Valgrind-3.11.0 and LibVEX; rerun with -h for copyright info
==25534== Command: r2 -A r2_sbo_dalvik_disassemble
==25534==
# adler32 checksum doesn't match. Type this to fix it:
wx `#sha1 $s-32 @32` @12 ; wx `#adler32 $s-12 @12` @8
[==25534== Jump to the invalid address stated on the next line
==25534== at 0x4141414141414141: ???
==25534== by 0x4141414141414140: ???
==25534== by 0x4141414141414140: ???
==25534== by 0x4141414141414140: ???
==25534== by 0x4141414141414140: ???
==25534== by 0x4141414141414140: ???
==25534== by 0x4141414141414140: ???
==25534== by 0x4141414141414140: ???
==25534== by 0x4141414141414140: ???
==25534== by 0x41414140: ???
==25534== by 0x43: ???
==25534== by 0x3153B7: ??? (in /usr/local/bin/radare2)
==25534== Address 0x4141414141414141 is not stack'd, malloc'd or (recently) free'd
==25534==
==25534==
==25534== Process terminating with default action of signal 11 (SIGSEGV)
==25534== Bad permissions for mapped region at address 0x4141414141414141
==25534== at 0x4141414141414141: ???
==25534== by 0x4141414141414140: ???
==25534== by 0x4141414141414140: ???
==25534== by 0x4141414141414140: ???
==25534== by 0x4141414141414140: ???
==25534== by 0x4141414141414140: ???
==25534== by 0x4141414141414140: ???
==25534== by 0x4141414141414140: ???
==25534== by 0x4141414141414140: ???
==25534== by 0x41414140: ???
==25534== by 0x43: ???
==25534== by 0x3153B7: ??? (in /usr/local/bin/radare2)
==25534==
==25534== HEAP SUMMARY:
==25534== in use at exit: 1,175,379 bytes in 16,481 blocks
==25534== total heap usage: 75,971 allocs, 59,490 frees, 23,543,639 bytes allocated
==25534==
==25534== LEAK SUMMARY:
==25534== definitely lost: 18,447 bytes in 20 blocks
==25534== indirectly lost: 4,187 bytes in 2 blocks
==25534== possibly lost: 0 bytes in 0 blocks
==25534== still reachable: 1,152,745 bytes in 16,459 blocks
==25534== suppressed: 0 bytes in 0 blocks
==25534== Rerun with --leak-check=full to see details of leaked memory
==25534==
==25534== For counts of detected and suppressed errors, rerun with: -v
==25534== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0)
The text was updated successfully, but these errors were encountered:
Stack buffer overflow in dalvik_disassemble()
Tested on Git HEAD: 0744e33
Payload (bins/fuzzed/r2_sbo_dalvik_disassemble) in https://github.com/radare/radare2-regressions/pull/721
To reproduce:
r2 -A r2_sbo_dalvik_disassemble
ASAN:
More context in Valgrind report (I can overwrite return address! - please consider using stack canaries, because are disabled by default).
The text was updated successfully, but these errors were encountered: