You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
==16655==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x631000024bb0 at pc 0x000000556c9d bp 0x7ffc86ca5dd0 sp 0x7ffc86ca5dc0
READ of size 8 at 0x631000024bb0 thread T0
#0 0x556c9c in get_le64(void const*) /home/dungnguyen/fuzz/upx_asan/src/bele.h:182
#1 0x556c9c in N_BELE_RTP::LEPolicy::get64(void const*) const /home/dungnguyen/fuzz/upx_asan/src/bele_policy.h:194
#2 0x497a62 in Packer::get_te64(void const*) const /home/dungnguyen/fuzz/upx_asan/src/packer.h:297
#3 0x497a62 in PackLinuxElf64::unpack(OutputFile*) /home/dungnguyen/fuzz/upx_asan/src/p_lx_elf.cpp:4678
#4 0x517739 in Packer::doUnpack(OutputFile*) /home/dungnguyen/fuzz/upx_asan/src/packer.cpp:107
#5 0x557b96 in do_one_file(char const*, char*) /home/dungnguyen/fuzz/upx_asan/src/work.cpp:160
#6 0x55804e in do_files(int, int, char**) /home/dungnguyen/fuzz/upx_asan/src/work.cpp:271
#7 0x403dbe in main /home/dungnguyen/fuzz/upx_asan/src/main.cpp:1538
#8 0x7f50332fa82f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
#9 0x404b18 in _start (/home/dungnguyen/PoCs/upx_294ed1b/upx.out+0x404b18)
Please tell us details about your environment.
UPX version used (upx --version): 4.0.0-git-294ed1b4ba35
Host Operating System and version: Ubuntu 16.04 64-bit
Host CPU architecture: Intel Xeon CPU E3-1505M v6 @ 3.00GHz CPU with 32GB RAM
Target Operating System and version: same as Host
Target CPU architecture: same as Host
The text was updated successfully, but these errors were encountered:
What's the problem (or question)?
A heap buffer overflow bug was discovered in the latest commit 294ed1b of the devel branch, in get_le64(), that can cause a denial of service.
What should have happened?
Decompress a crafted/suspicious file.
Do you have an idea for a solution?
Add bound checks.
How can we reproduce the issue?
upx.out -df PoC -o /dev/null
ASAN says:
Please tell us details about your environment.
upx --version
): 4.0.0-git-294ed1b4ba35The text was updated successfully, but these errors were encountered: