New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Invalid read in sdb_set_internal() #8813

Closed
fumfel opened this Issue Nov 8, 2017 · 2 comments

Comments

Projects
None yet
3 participants
@fumfel

fumfel commented Nov 8, 2017

Invalid read in sdb_set_internal()

Git HEAD: 2a82e2c

Crashing testcase in radare/radare2-regressions#1069

Command: r2 -A r2_ir_sdb_set_internal

ASAN:

==15422==ERROR: AddressSanitizer: SEGV on unknown address 0x000030303030 (pc 0x7f3fea0c1746 bp 0x7fff0ccf7db0 sp 0x7fff0ccf7538 T0)
==15422==The signal is caused by a READ memory access.
    #0 0x7f3fea0c1745 in strlen (/lib/x86_64-linux-gnu/libc.so.6+0x8b745)
    #1 0x55f490967d8c in __interceptor_strlen.part.31 XYZ/llvm/projects/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:300
    #2 0x7f3feb1a1d7c in sdb_set_internal XYZ/radare2/shlr/sdb/src/sdb.c:562:9
    #3 0x7f3ff06d8e98 in r_bin_dwarf_parse_comp_unit XYZ/radare2/libr/bin/dwarf.c:1355:5
    #4 0x7f3ff06d8e98 in r_bin_dwarf_parse_info_raw XYZ/radare2/libr/bin/dwarf.c:1426
    #5 0x7f3ff06db298 in r_bin_dwarf_parse_info XYZ/radare2/libr/bin/dwarf.c:1557:9
    #6 0x7f3ff1b697ab in bin_dwarf XYZ/radare2/libr/core/cbin.c:894:3
    #7 0x7f3ff1b697ab in r_core_bin_info XYZ/radare2/libr/core/cbin.c:3133
    #8 0x7f3ff1b670a6 in r_core_bin_set_env XYZ/radare2/libr/core/cbin.c:116:3
    #9 0x7f3ff1ae7471 in r_core_file_do_load_for_io_plugin XYZ/radare2/libr/core/file.c:411:2
    #10 0x7f3ff1ae7471 in r_core_bin_load XYZ/radare2/libr/core/file.c:563
    #11 0x55f490a05c23 in main XYZ/radare2/binr/radare2/radare2.c:1009:15
    #12 0x7f3fea05682f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
    #13 0x55f4909072a8 in _start (/usr/local/bin/radare2+0x222a8)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV (/lib/x86_64-linux-gnu/libc.so.6+0x8b745) in strlen
==15422==ABORTING

@radare

This comment has been minimized.

Show comment
Hide comment
@radare

radare Nov 8, 2017

Owner
Owner

radare commented Nov 8, 2017

@fumfel

This comment has been minimized.

Show comment
Hide comment
@fumfel

fumfel Nov 9, 2017

==13556== Memcheck, a memory error detector
==13556== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al.
==13556== Using Valgrind-3.11.0 and LibVEX; rerun with -h for copyright info
==13556== Command: r2 -A r2_ir_sdb_set_internal
==13556== 
Warning: Cannot initialize program headers
Warning: Cannot initialize dynamic strings
Warning: Cannot initialize dynamic section
Warning: read (init_offset)
==13556== Warning: set address range perms: large range [0x395d8040, 0x698db070) (defined)
==13556== Invalid read of size 1
==13556==    at 0x4C30F62: strlen (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==13556==    by 0x98EE8D2: sdb_set_internal (sdb.c:562)
==13556==    by 0x5E11565: r_bin_dwarf_parse_comp_unit (dwarf.c:1354)
==13556==    by 0x5E11565: r_bin_dwarf_parse_info_raw (dwarf.c:1425)
==13556==    by 0x5E12691: r_bin_dwarf_parse_info (dwarf.c:1556)
==13556==    by 0x51D0F6D: bin_dwarf (cbin.c:877)
==13556==    by 0x51D0F6D: r_core_bin_info (cbin.c:3061)
==13556==    by 0x51CF333: r_core_bin_set_env (cbin.c:117)
==13556==    by 0x51826CD: r_core_file_do_load_for_io_plugin (file.c:411)
==13556==    by 0x51826CD: r_core_bin_load (file.c:563)
==13556==    by 0x11041F: main (radare2.c:998)
==13556==  Address 0x30303030 is not stack'd, malloc'd or (recently) free'd
==13556== 
==13556== 
==13556== Process terminating with default action of signal 11 (SIGSEGV)
==13556==  Access not within mapped region at address 0x30303030
==13556==    at 0x4C30F62: strlen (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==13556==    by 0x98EE8D2: sdb_set_internal (sdb.c:562)
==13556==    by 0x5E11565: r_bin_dwarf_parse_comp_unit (dwarf.c:1354)
==13556==    by 0x5E11565: r_bin_dwarf_parse_info_raw (dwarf.c:1425)
==13556==    by 0x5E12691: r_bin_dwarf_parse_info (dwarf.c:1556)
==13556==    by 0x51D0F6D: bin_dwarf (cbin.c:877)
==13556==    by 0x51D0F6D: r_core_bin_info (cbin.c:3061)
==13556==    by 0x51CF333: r_core_bin_set_env (cbin.c:117)
==13556==    by 0x51826CD: r_core_file_do_load_for_io_plugin (file.c:411)
==13556==    by 0x51826CD: r_core_bin_load (file.c:563)
==13556==    by 0x11041F: main (radare2.c:998)
==13556==  If you believe this happened as a result of a stack
==13556==  overflow in your program's main thread (unlikely but
==13556==  possible), you can try to increase the size of the
==13556==  main thread stack using the --main-stacksize= flag.
==13556==  The main thread stack size used in this run was 8388608.
==13556== 
==13556== HEAP SUMMARY:
==13556==     in use at exit: 809,981,654 bytes in 17,914 blocks
==13556==   total heap usage: 26,366 allocs, 8,452 frees, 857,218,190 bytes allocated
==13556== 
==13556== LEAK SUMMARY:
==13556==    definitely lost: 0 bytes in 0 blocks
==13556==    indirectly lost: 0 bytes in 0 blocks
==13556==      possibly lost: 0 bytes in 0 blocks
==13556==    still reachable: 809,981,654 bytes in 17,914 blocks
==13556==         suppressed: 0 bytes in 0 blocks
==13556== Rerun with --leak-check=full to see details of leaked memory
==13556== 
==13556== For counts of detected and suppressed errors, rerun with: -v
==13556== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0)

fumfel commented Nov 9, 2017

==13556== Memcheck, a memory error detector
==13556== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al.
==13556== Using Valgrind-3.11.0 and LibVEX; rerun with -h for copyright info
==13556== Command: r2 -A r2_ir_sdb_set_internal
==13556== 
Warning: Cannot initialize program headers
Warning: Cannot initialize dynamic strings
Warning: Cannot initialize dynamic section
Warning: read (init_offset)
==13556== Warning: set address range perms: large range [0x395d8040, 0x698db070) (defined)
==13556== Invalid read of size 1
==13556==    at 0x4C30F62: strlen (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==13556==    by 0x98EE8D2: sdb_set_internal (sdb.c:562)
==13556==    by 0x5E11565: r_bin_dwarf_parse_comp_unit (dwarf.c:1354)
==13556==    by 0x5E11565: r_bin_dwarf_parse_info_raw (dwarf.c:1425)
==13556==    by 0x5E12691: r_bin_dwarf_parse_info (dwarf.c:1556)
==13556==    by 0x51D0F6D: bin_dwarf (cbin.c:877)
==13556==    by 0x51D0F6D: r_core_bin_info (cbin.c:3061)
==13556==    by 0x51CF333: r_core_bin_set_env (cbin.c:117)
==13556==    by 0x51826CD: r_core_file_do_load_for_io_plugin (file.c:411)
==13556==    by 0x51826CD: r_core_bin_load (file.c:563)
==13556==    by 0x11041F: main (radare2.c:998)
==13556==  Address 0x30303030 is not stack'd, malloc'd or (recently) free'd
==13556== 
==13556== 
==13556== Process terminating with default action of signal 11 (SIGSEGV)
==13556==  Access not within mapped region at address 0x30303030
==13556==    at 0x4C30F62: strlen (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==13556==    by 0x98EE8D2: sdb_set_internal (sdb.c:562)
==13556==    by 0x5E11565: r_bin_dwarf_parse_comp_unit (dwarf.c:1354)
==13556==    by 0x5E11565: r_bin_dwarf_parse_info_raw (dwarf.c:1425)
==13556==    by 0x5E12691: r_bin_dwarf_parse_info (dwarf.c:1556)
==13556==    by 0x51D0F6D: bin_dwarf (cbin.c:877)
==13556==    by 0x51D0F6D: r_core_bin_info (cbin.c:3061)
==13556==    by 0x51CF333: r_core_bin_set_env (cbin.c:117)
==13556==    by 0x51826CD: r_core_file_do_load_for_io_plugin (file.c:411)
==13556==    by 0x51826CD: r_core_bin_load (file.c:563)
==13556==    by 0x11041F: main (radare2.c:998)
==13556==  If you believe this happened as a result of a stack
==13556==  overflow in your program's main thread (unlikely but
==13556==  possible), you can try to increase the size of the
==13556==  main thread stack using the --main-stacksize= flag.
==13556==  The main thread stack size used in this run was 8388608.
==13556== 
==13556== HEAP SUMMARY:
==13556==     in use at exit: 809,981,654 bytes in 17,914 blocks
==13556==   total heap usage: 26,366 allocs, 8,452 frees, 857,218,190 bytes allocated
==13556== 
==13556== LEAK SUMMARY:
==13556==    definitely lost: 0 bytes in 0 blocks
==13556==    indirectly lost: 0 bytes in 0 blocks
==13556==      possibly lost: 0 bytes in 0 blocks
==13556==    still reachable: 809,981,654 bytes in 17,914 blocks
==13556==         suppressed: 0 bytes in 0 blocks
==13556== Rerun with --leak-check=full to see details of leaked memory
==13556== 
==13556== For counts of detected and suppressed errors, rerun with: -v
==13556== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment