=================================================================
==3349==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6040000048ba at pc 0x000000812255 bp 0x7fffe43bc350 sp 0x7fffe43bc348
READ of size 1 at 0x6040000048ba thread T0
#0 0x812254 in char const* Sass::Prelexer::skip_over_scopes<&(char const* Sass::Prelexer::exactly<(char)40>(char const*)), &(char const* Sass::Prelexer::exactly<(char)41>(char const*))>(char const*, char const*) /home/eack/libsass/src/prelexer.hpp:69:14
#1 0x812254 in char const* Sass::Prelexer::skip_over_scopes<&(char const* Sass::Prelexer::exactly<(char)40>(char const*)), &(char const* Sass::Prelexer::exactly<(char)41>(char const*))>(char const*) /home/eack/libsass/src/prelexer.hpp:122
#2 0x812254 in char const* Sass::Parser::peek<&(char const* Sass::Prelexer::skip_over_scopes<&(char const* Sass::Prelexer::exactly<(char)40>(char const*)), &(char const* Sass::Prelexer::exactly<(char)41>(char const*))>(char const*))>(char const*) /home/eack/libsass/src/parser.hpp:136
#3 0x812254 in Sass::Parser::parse_import() /home/eack/libsass/src/parser.cpp:349
#4 0x7f6922 in Sass::Parser::parse_block_node(bool) /home/eack/libsass/src/parser.cpp:249:24
#5 0x7eee86 in Sass::Parser::parse_block_nodes(bool) /home/eack/libsass/src/parser.cpp:197:11
#6 0x7ea18f in Sass::Parser::parse() /home/eack/libsass/src/parser.cpp:123:5
#7 0x611d5b in Sass::Context::register_resource(Sass::Include const&, Sass::Resource const&) /home/eack/libsass/src/context.cpp:324:24
#8 0x62e930 in Sass::Data_Context::parse() /home/eack/libsass/src/context.cpp:636:5
#9 0x5b9926 in Sass::sass_parse_block(Sass_Compiler*) /home/eack/libsass/src/sass_context.cpp:234:31
#10 0x5b9926 in sass_compiler_parse /home/eack/libsass/src/sass_context.cpp:483
#11 0x5b85c2 in sass_compile_context(Sass_Context*, Sass::Context*) /home/eack/libsass/src/sass_context.cpp:371:7
#12 0x5b81ac in sass_compile_data_context /home/eack/libsass/src/sass_context.cpp:456:12
#13 0x5a7069 in compile_stdin /home/eack/sassc/sassc.c:138:5
#14 0x5a81ed in main /home/eack/sassc/sassc.c:375:18
#15 0x7f84ef93182f in __libc_start_main /build/glibc-Cl5G7W/glibc-2.23/csu/../csu/libc-start.c:291
#16 0x4aad88 in _start (/home/eack/sassc/bin/sassc+0x4aad88)
0x6040000048ba is located 0 bytes to the right of 42-byte region [0x604000004890,0x6040000048ba)
allocated by thread T0 here:
#0 0x56f420 in realloc /home/eack/llvm-install/llvm-6.0.1.src/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:107
#1 0x5a6f22 in compile_stdin /home/eack/sassc/sassc.c:112:25
#2 0x5a81ed in main /home/eack/sassc/sassc.c:375:18
#3 0x7f84ef93182f in __libc_start_main /build/glibc-Cl5G7W/glibc-2.23/csu/../csu/libc-start.c:291
SUMMARY: AddressSanitizer: heap-buffer-overflow /home/eack/libsass/src/prelexer.hpp:69:14 in char const* Sass::Prelexer::skip_over_scopes<&(char const* Sass::Prelexer::exactly<(char)40>(char const*)), &(char const* Sass::Prelexer::exactly<(char)41>(char const*))>(char const*, char const*)
Shadow bytes around the buggy address:
0x0c087fff88c0: fa fa 00 00 00 00 00 00 fa fa 00 00 00 00 00 00
0x0c087fff88d0: fa fa 00 00 00 00 00 00 fa fa 00 00 00 00 00 00
0x0c087fff88e0: fa fa 00 00 00 00 00 00 fa fa 00 00 00 00 00 00
0x0c087fff88f0: fa fa 00 00 00 00 00 00 fa fa 00 00 00 00 00 00
0x0c087fff8900: fa fa 00 00 00 00 00 00 fa fa 00 00 00 00 00 00
=>0x0c087fff8910: fa fa 00 00 00 00 00[02]fa fa 00 00 00 00 00 01
0x0c087fff8920: fa fa fd fd fd fd fd fd fa fa fd fd fd fd fd fd
0x0c087fff8930: fa fa fd fd fd fd fd fd fa fa fd fd fd fd fd fd
0x0c087fff8940: fa fa fd fd fd fd fd fd fa fa fd fd fd fd fd fd
0x0c087fff8950: fa fa fd fd fd fd fd fd fa fa 00 00 00 00 00 fa
0x0c087fff8960: fa fa fd fd fd fd fd fd fa fa fd fd fd fd fd fd
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==3349==ABORTING
The text was updated successfully, but these errors were encountered:
E4ck
changed the title
AddressSanitizer: heap-buffer-overflow /home/eack/libsass/src/prelexer.hpp:69:14 in char const* Sass::Prelexer::skip_over_scopes<&(char const* Sass::Prelexer::exactly<(char)40>(char const*)), &(char const* Sass::Prelexer::exactly<(char)41>(char const*))>(char const*, char const*)
AddressSanitizer: heap-buffer-overflow
Jan 14, 2019
A heap-buffer-overflow in prelexer.hpp:69:14 in char const* Sass::Prelexer::skip_over_scopes<&(char const* Sass::Prelexer::exactly<(char)40>(char const*)), &(char const* Sass::Prelexer::exactly<(char)41>(char const*))>(char const*, char const*)
Compile and reproduce:
CC=afl-clang-fast CXX=afl-clang-fast++ AFL_USE_ASAN=1 make -C sassc -j4ldd:
System information:
Linux ubuntu64 4.15.0-29-generic #31~16.04.1-Ubuntu SMP Wed Jul 18 08:54:04 UTC 2018 x86_64 x86_64 x86_64 GNU/LinuxVersion:
libsass-3.5.5、sassc-3.4.8Poc: crash46.zip
Run:
cat crash46 | ./sasscASAN:
The text was updated successfully, but these errors were encountered: