You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
==10916==ERROR: AddressSanitizer: SEGV on unknown address 0x630fffe080e0 (pc 0x000000556a20 bp 0x7ffebacfb550 sp 0x7ffebacfb1d8 T0)
#0 0x556a1f in set_le64(void*, unsigned long long) /home/dungnguyen/fuzz/upx_asan/src/bele_policy.h:202
#1 0x556a1f in N_BELE_RTP::LEPolicy::set64(void*, unsigned long long) const /home/dungnguyen/fuzz/upx_asan/src/bele_policy.h:203
#2 0x497d3a in Packer::set_te64(void*, unsigned long long) const /home/dungnguyen/fuzz/upx_asan/src/packer.h:300
#3 0x497d3a in PackLinuxElf64::unpack(OutputFile*) /home/dungnguyen/fuzz/upx_asan/src/p_lx_elf.cpp:4691
#4 0x517409 in Packer::doUnpack(OutputFile*) /home/dungnguyen/fuzz/upx_asan/src/packer.cpp:107
#5 0x557816 in do_one_file(char const*, char*) /home/dungnguyen/fuzz/upx_asan/src/work.cpp:160
#6 0x557cce in do_files(int, int, char**) /home/dungnguyen/fuzz/upx_asan/src/work.cpp:271
#7 0x403dbe in main /home/dungnguyen/fuzz/upx_asan/src/main.cpp:1539
#8 0x7f38f7ab482f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
#9 0x404b18 in _start (/home/dungnguyen/PoCs/upx_d7ba31c/upx.out+0x404b18)
Please tell us details about your environment.
UPX version used (upx --version): upx 3.96-git-d7ba31cab8ce
Host Operating System and version: Ubuntu 16.04 64-bit
Host CPU architecture: Intel Xeon CPU E3-1505M v6 @ 3.00GHz CPU with 32GB RAM
Target Operating System and version: same as Host
Target CPU architecture: same as Host
The text was updated successfully, but these errors were encountered:
What's the problem (or question)?
An invalid pointer dereference was discovered in the latest version 3.96, in set_le64(), that can cause a denial of service.
What should have happened?
Decompress a crafted/suspicious file.
Do you have an idea for a solution?
Add a proper sanity check when dereferencing pointers in the bug trace
How can we reproduce the issue?
upx.out -df PoC -o /dev/null
PoC: poc_set_le64.tar.gz
ASAN says:
Please tell us details about your environment.
upx --version
): upx 3.96-git-d7ba31cab8ceThe text was updated successfully, but these errors were encountered: