Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

buffer overflow while testing #11

Open
frokaikan opened this issue Aug 13, 2018 · 1 comment
Open

buffer overflow while testing #11

frokaikan opened this issue Aug 13, 2018 · 1 comment

Comments

@frokaikan
Copy link

I run test.cc and get the following message...
Should I write something like "delete A" at somewhere?

==26390==ERROR: AddressSanitizer: global-buffer-overflow on address 0x0000014758c0 at pc 0x00000053d276 bp 0x7ffe260b12f0 sp 0x7ffe260b12e8
READ of size 8 at 0x0000014758c0 thread T0
#0 0x53d275 in yyparse() /opt/json/json.y:87:50
#1 0x53efb3 in parse_file(char const*) /opt/json/json.y:171:18
#2 0x51b058 in main /opt/json/test.cc:11:15
#3 0x7f842d19db96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310
#4 0x41e519 in _start (/opt/json/test+0x41e519)

0x0000014758c4 is located 0 bytes to the right of global variable 'yyleng' defined in '/opt/json/lex.yy.cc:290:5' (0x14758c0) of size 4
SUMMARY: AddressSanitizer: global-buffer-overflow /opt/json/json.y:87:50 in yyparse()
Shadow bytes around the buggy address:
0x000080286ac0: 00 00 00 00 00 00 00 00 00 00 00 00 01 f9 f9 f9
0x000080286ad0: f9 f9 f9 f9 00 00 00 00 01 f9 f9 f9 f9 f9 f9 f9
0x000080286ae0: 04 f9 f9 f9 f9 f9 f9 f9 00 00 00 00 00 f9 f9 f9
0x000080286af0: f9 f9 f9 f9 04 f9 f9 f9 f9 f9 f9 f9 00 00 f9 f9
0x000080286b00: f9 f9 f9 f9 04 f9 f9 f9 f9 f9 f9 f9 01 f9 f9 f9
=>0x000080286b10: f9 f9 f9 f9 00 00 00 00[04]f9 f9 f9 f9 f9 f9 f9
0x000080286b20: 00 f9 f9 f9 f9 f9 f9 f9 00 f9 f9 f9 f9 f9 f9 f9
0x000080286b30: 04 f9 f9 f9 f9 f9 f9 f9 00 f9 f9 f9 f9 f9 f9 f9
0x000080286b40: 01 f9 f9 f9 f9 f9 f9 f9 01 f9 f9 f9 f9 f9 f9 f9
0x000080286b50: 01 f9 f9 f9 f9 f9 f9 f9 00 f9 f9 f9 f9 f9 f9 f9
0x000080286b60: 00 f9 f9 f9 f9 f9 f9 f9 00 f9 f9 f9 f9 f9 f9 f9
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==26390==ABORTING

@abergmann
Copy link

CVE-2018-17072 was assigned to this issue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants