analysis ./sadf ./memset_oob
ASAN:DEADLYSIGNAL
=================================================================
==13962==ERROR: AddressSanitizer: SEGV on unknown address 0x6040fffff878 (pc 0x7efe5fec2fac bp 0x7fff532a4c80 sp 0x7fff532a43f8 T0)
==13962==The signal is caused by a WRITE memory access.
#0 0x7efe5fec2fab (/lib/x86_64-linux-gnu/libc.so.6+0x18efab)#1 0x7efe60183cde (/usr/lib/x86_64-linux-gnu/libasan.so.4+0x5ecde)#2 0x5613e7409deb in remap_struct /home/m4x/Projects/huawei/sysstat-12.1.1/sa_common.c:1298#3 0x5613e740aacd in read_file_stat_bunch /home/m4x/Projects/huawei/sysstat-12.1.1/sa_common.c:1646#4 0x5613e73c0955 in read_next_sample /home/m4x/Projects/huawei/sysstat-12.1.1/sadf.c:298#5 0x5613e73c2bcf in logic2_display_loop /home/m4x/Projects/huawei/sysstat-12.1.1/sadf.c:1173#6 0x5613e73c370c in read_stats_from_file /home/m4x/Projects/huawei/sysstat-12.1.1/sadf.c:1432#7 0x5613e73c4a10 in main /home/m4x/Projects/huawei/sysstat-12.1.1/sadf.c:1799#8 0x7efe5fd55b96 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b96)#9 0x5613e73c01c9 in _start (/home/m4x/Projects/huawei/analysis/sadf+0x41c9)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV (/lib/x86_64-linux-gnu/libc.so.6+0x18efab)
==13962==ABORTING
Check args before calling memmove() and memset() in remap_struct()
function to avoid out of bound reads which would possibly lead to
unknown code execution and/or sadf command crash.
Signed-off-by: Sebastien GODARD <sysstat@users.noreply.github.com>
Version
Description
The remap_struct function in sa_common.c(line 1298) has an out-of-bounds read during a memset call, as demonstrated by sadf.
Related code(sa_common.c:1298)
Additional Information
As the debug info shows, the args of memset points to an invalid address.
ASAN
analysis ./sadf ./memset_oob ASAN:DEADLYSIGNAL ================================================================= ==13962==ERROR: AddressSanitizer: SEGV on unknown address 0x6040fffff878 (pc 0x7efe5fec2fac bp 0x7fff532a4c80 sp 0x7fff532a43f8 T0) ==13962==The signal is caused by a WRITE memory access. #0 0x7efe5fec2fab (/lib/x86_64-linux-gnu/libc.so.6+0x18efab) #1 0x7efe60183cde (/usr/lib/x86_64-linux-gnu/libasan.so.4+0x5ecde) #2 0x5613e7409deb in remap_struct /home/m4x/Projects/huawei/sysstat-12.1.1/sa_common.c:1298 #3 0x5613e740aacd in read_file_stat_bunch /home/m4x/Projects/huawei/sysstat-12.1.1/sa_common.c:1646 #4 0x5613e73c0955 in read_next_sample /home/m4x/Projects/huawei/sysstat-12.1.1/sadf.c:298 #5 0x5613e73c2bcf in logic2_display_loop /home/m4x/Projects/huawei/sysstat-12.1.1/sadf.c:1173 #6 0x5613e73c370c in read_stats_from_file /home/m4x/Projects/huawei/sysstat-12.1.1/sadf.c:1432 #7 0x5613e73c4a10 in main /home/m4x/Projects/huawei/sysstat-12.1.1/sadf.c:1799 #8 0x7efe5fd55b96 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b96) #9 0x5613e73c01c9 in _start (/home/m4x/Projects/huawei/analysis/sadf+0x41c9) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV (/lib/x86_64-linux-gnu/libc.so.6+0x18efab) ==13962==ABORTINGpoc here
The text was updated successfully, but these errors were encountered: