fuzz@fuzz:~/fuzz/issue$ date
Fri 07 May 2021 01:44:26 PM UTC
fuzz@fuzz:~/fuzz/issue$ r2 -v
radare2 5.3.0-git 26142 @ linux-x86-64 git.5.2.1
commit: 518bf6664cedcb3035c9c47388b4fa03bba66748 build: 2021-05-07__12:55:47
fuzz@fuzz:~/fuzz/issue$ uname -ms
Linux x86_64
Description
While I am fuzzing rabin2 binary with -I parameter, I found out that there may be a floating point exception ( divide by zero) bug on it. rebase_buffer function is throwing floating point exception with the attached Mach-O file. I am not debugging master but page_size is 0 on rebase_buffer which may cause to this bug.
With MSAN:
fuzz@fuzz:~/fuzz/issue$ rabin2 -I test
MemorySanitizer:DEADLYSIGNAL
==905482==ERROR: MemorySanitizer: FPE on unknown address 0x7ffff3ed678c (pc 0x7ffff3ed678c bp 0x7ffffff988c0 sp 0x7ffffff98470 T905482)
#0 0x7ffff3ed678c in rebase_buffer /home/fuzz/fuzz/radare2/libr/../libr/bin/p/bin_mach0.c:778:49#1 0x7ffff3ed5b71 in rebasing_and_stripping_io_read /home/fuzz/fuzz/radare2/libr/../libr/bin/p/bin_mach0.c:757:3#2 0x7ffff791acf7 in r_io_plugin_read /home/fuzz/fuzz/radare2/libr/io/io_plugin.c:162:9#3 0x7ffff792cc03 in r_io_desc_read /home/fuzz/fuzz/radare2/libr/io/io_desc.c:205:12#4 0x7ffff794baa5 in r_io_fd_read /home/fuzz/fuzz/radare2/libr/io/io_fd.c:21:15#5 0x7ffff74a97ca in buf_io_read /home/fuzz/fuzz/radare2/libr/util/./buf_io.c:72:9#6 0x7ffff74981ae in buf_read /home/fuzz/fuzz/radare2/libr/util/buf.c:40:27#7 0x7ffff7495e77 in r_buf_read /home/fuzz/fuzz/radare2/libr/util/buf.c:427:11#8 0x7ffff749512b in r_buf_read_at /home/fuzz/fuzz/radare2/libr/util/buf.c:577:6#9 0x7ffff3f13412 in get_hdr /home/fuzz/fuzz/radare2/libr/../libr/bin/p/../format/mach0/mach0.c:4343:8#10 0x7ffff3f16d81 in mach_fields /home/fuzz/fuzz/radare2/libr/../libr/bin/p/../format/mach0/mach0.c:4224:35#11 0x7ffff3c3d9be in r_bin_object_set_items /home/fuzz/fuzz/radare2/libr/bin/bobj.c:313:15#12 0x7ffff3c3b588 in r_bin_object_new /home/fuzz/fuzz/radare2/libr/bin/bobj.c:172:2#13 0x7ffff3c1d379 in r_bin_file_new_from_buffer /home/fuzz/fuzz/radare2/libr/bin/bfile.c:529:19#14 0x7ffff3bb803b in r_bin_open_buf /home/fuzz/fuzz/radare2/libr/bin/bin.c:286:8#15 0x7ffff3bb6048 in r_bin_open_io /home/fuzz/fuzz/radare2/libr/bin/bin.c:346:13#16 0x7ffff3bb4919 in r_bin_open /home/fuzz/fuzz/radare2/libr/bin/bin.c:231:9#17 0x7ffff7dde246 in r_main_rabin2 /home/fuzz/fuzz/radare2/libr/main/rabin2.c:1069:7#18 0x5555555ec931 in main /home/fuzz/fuzz/radare2/binr/rabin2/rabin2.c:6:9#19 0x7ffff7bb10b2 in __libc_start_main /build/glibc-eX1tMB/glibc-2.31/csu/../csu/libc-start.c:308:16#20 0x55555557225d in _start (/home/fuzz/fuzz/radare2/binr/rabin2/rabin2+0x1e25d)
MemorySanitizer can not provide additional info.
SUMMARY: MemorySanitizer: FPE /home/fuzz/fuzz/radare2/libr/../libr/bin/p/bin_mach0.c:778:49 in rebase_buffer
==905482==ABORTING
Without ASAN:
fuzz@fuzz:~/fuzz/issue$ rabin2 -I test
Floating point exception
This issue is also produced with radare2:
fuzz@fuzz:~/fuzz/issue$ radare2 floating_point
Floating point exception
Test
Value of page_size variable when ut64 page_idx = (R_MAX (start, off) - start) / page_size; is called.
Environment
Description
While I am fuzzing rabin2 binary with -I parameter, I found out that there may be a floating point exception ( divide by zero) bug on it. rebase_buffer function is throwing floating point exception with the attached Mach-O file. I am not debugging master but page_size is 0 on rebase_buffer which may cause to this bug.
With MSAN:
Without ASAN:
This issue is also produced with radare2:
fuzz@fuzz:~/fuzz/issue$ radare2 floating_point Floating point exceptionTest
Value of page_size variable when
ut64 page_idx = (R_MAX (start, off) - start) / page_size;is called.File format of test file.
floating_point.zip
The text was updated successfully, but these errors were encountered: