-
-
Notifications
You must be signed in to change notification settings - Fork 2.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update SDB code and use ht_update_key API in RFlag #12804
Merged
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
red |
@radare that bug seems to be in master too I just tried with asan:
|
You see it you fix it
… On 16 Jan 2019, at 11:48, Riccardo Schirone ***@***.***> wrote:
@radare that bug seems to be in master too
I just tried with asan:
$ radare2 r2r/bins/elf/ls
> aaa
> afbr 0x80b0
=================================================================
==15482==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x602000136a8e at pc 0x7f3c525cc917 bp 0x7ffc47869030 sp 0x7ffc47869020
READ of size 2 at 0x602000136a8e thread T0
#0 0x7f3c525cc916 in anal_fcn_list_bb ../libr/core/cmd_anal.c:1744
#1 0x7f3c525d4034 in cmd_anal_fcn ../libr/core/cmd_anal.c:2785
#2 0x7f3c525fe047 in cmd_anal ../libr/core/cmd_anal.c:8103
#3 0x7f3c5269df97 in r_cmd_call ../libr/core/cmd_api.c:235
#4 0x7f3c52691ae8 in r_core_cmd_subst_i ../libr/core/cmd.c:3010
#5 0x7f3c5268a622 in r_core_cmd_subst ../libr/core/cmd.c:2018
#6 0x7f3c5269700b in r_core_cmd ../libr/core/cmd.c:3744
#7 0x7f3c526bb9fe in r_core_prompt_exec ../libr/core/core.c:2715
#8 0x40bbaa in main ../binr/radare2/radare2.c:1462
#9 0x7f3c4fa76412 in __libc_start_main (/lib64/libc.so.6+0x24412)
#10 0x4049cd in _start (/usr/local/bin/radare2+0x4049cd)
0x602000136a8e is located 2 bytes to the left of 6-byte region [0x602000136a90,0x602000136a96)
allocated by thread T0 here:
#0 0x7f3c52d67a50 in __interceptor_calloc (/lib64/libasan.so.5+0xefa50)
#1 0x7f3c4fff4e58 in r_anal_bb_new ../libr/anal/bb.c:24
#2 0x7f3c5002b8ce in appendBasicBlock ../libr/anal/fcn.c:348
#3 0x7f3c5002fa68 in fcn_recurse ../libr/anal/fcn.c:973
#4 0x7f3c50033501 in fcn_recurse ../libr/anal/fcn.c:1326
#5 0x7f3c50032c3b in fcn_recurse ../libr/anal/fcn.c:1283
#6 0x7f3c50033501 in fcn_recurse ../libr/anal/fcn.c:1326
#7 0x7f3c50033501 in fcn_recurse ../libr/anal/fcn.c:1326
#8 0x7f3c50033501 in fcn_recurse ../libr/anal/fcn.c:1326
#9 0x7f3c50033501 in fcn_recurse ../libr/anal/fcn.c:1326
#10 0x7f3c50036315 in r_anal_fcn ../libr/anal/fcn.c:1644
#11 0x7f3c524fa7ca in core_anal_fcn ../libr/core/canal.c:710
#12 0x7f3c52502a28 in r_core_anal_fcn ../libr/core/canal.c:1656
#13 0x7f3c524f9c94 in r_anal_analyze_fcn_refs ../libr/core/canal.c:618
#14 0x7f3c524fbb48 in core_anal_fcn ../libr/core/canal.c:827
#15 0x7f3c52502a28 in r_core_anal_fcn ../libr/core/canal.c:1656
#16 0x7f3c525e8e24 in _anal_calls ../libr/core/cmd_anal.c:5374
#17 0x7f3c525e9441 in cmd_anal_calls ../libr/core/cmd_anal.c:5441
#18 0x7f3c525fa31a in cmd_anal_all ../libr/core/cmd_anal.c:7502
#19 0x7f3c525fe2c6 in cmd_anal ../libr/core/cmd_anal.c:8152
#20 0x7f3c5269df97 in r_cmd_call ../libr/core/cmd_api.c:235
#21 0x7f3c52691ae8 in r_core_cmd_subst_i ../libr/core/cmd.c:3010
#22 0x7f3c5268a622 in r_core_cmd_subst ../libr/core/cmd.c:2018
#23 0x7f3c5269700b in r_core_cmd ../libr/core/cmd.c:3744
#24 0x7f3c526bb9fe in r_core_prompt_exec ../libr/core/core.c:2715
#25 0x40bbaa in main ../binr/radare2/radare2.c:1462
#26 0x7f3c4fa76412 in __libc_start_main (/lib64/libc.so.6+0x24412)
SUMMARY: AddressSanitizer: heap-buffer-overflow ../libr/core/cmd_anal.c:1744 in anal_fcn_list_bb
Shadow bytes around the buggy address:
0x0c048001ed00: fa fa fd fd fa fa fd fd fa fa fd fa fa fa fd fd
0x0c048001ed10: fa fa fd fa fa fa fd fa fa fa fd fd fa fa fd fd
0x0c048001ed20: fa fa fd fa fa fa fd fd fa fa fd fa fa fa fd fa
0x0c048001ed30: fa fa fd fa fa fa fd fd fa fa fd fd fa fa 07 fa
0x0c048001ed40: fa fa fd fd fa fa fd fa fa fa fd fd fa fa 00 04
=>0x0c048001ed50: fa[fa]06 fa fa fa fd fa fa fa fd fd fa fa 00 04
0x0c048001ed60: fa fa fd fa fa fa fd fa fa fa fd fd fa fa fd fa
0x0c048001ed70: fa fa fd fd fa fa fd fa fa fa 00 04 fa fa fd fa
0x0c048001ed80: fa fa fd fd fa fa fd fa fa fa fd fa fa fa fd fd
0x0c048001ed90: fa fa 00 04 fa fa fd fa fa fa fd fd fa fa fd fd
0x0c048001eda0: fa fa fd fd fa fa fd fd fa fa fd fd fa fa fd fd
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==15482==ABORTING
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub, or mute the thread.
|
@radare seems ready. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.