You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
==32685==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x62600000eff0 at pc 0x0000004942fc bp 0x7ffc8c7eb670 sp 0x7ffc8c7eb660
READ of size 8 at 0x62600000eff0 thread T0
#0 0x4942fb in get_le64(void const*) /home/dungnguyen/fuzz/upx_asan/src/bele.h:182
#1 0x4942fb in LE64::operator unsigned long long() const /home/dungnguyen/fuzz/upx_asan/src/bele.h:434
#2 0x4942fb in PackLinuxElf64::elf_find_dynamic(unsigned int) const /home/dungnguyen/fuzz/upx_asan/src/p_lx_elf.cpp:5227
#3 0x49d99c in PackLinuxElf64::PackLinuxElf64help1(InputFile*) /home/dungnguyen/fuzz/upx_asan/src/p_lx_elf.cpp:801
#4 0x49e305 in PackLinuxElf64Be::PackLinuxElf64Be(InputFile*) /home/dungnguyen/fuzz/upx_asan/src/p_lx_elf.h:419
#5 0x49e305 in PackLinuxElf64ppc::PackLinuxElf64ppc(InputFile*) /home/dungnguyen/fuzz/upx_asan/src/p_lx_elf.cpp:981
#6 0x521148 in PackMaster::visitAllPackers(Packer* (*)(Packer*, void*), InputFile*, options_t const*, void*) /home/dungnguyen/fuzz/upx_asan/src/packmast.cpp:199
#7 0x522c09 in PackMaster::getUnpacker(InputFile*) /home/dungnguyen/fuzz/upx_asan/src/packmast.cpp:248
#8 0x522d2f in PackMaster::unpack(OutputFile*) /home/dungnguyen/fuzz/upx_asan/src/packmast.cpp:266
#9 0x557b96 in do_one_file(char const*, char*) /home/dungnguyen/fuzz/upx_asan/src/work.cpp:160
#10 0x55804e in do_files(int, int, char**) /home/dungnguyen/fuzz/upx_asan/src/work.cpp:271
#11 0x403dbe in main /home/dungnguyen/fuzz/upx_asan/src/main.cpp:1538
#12 0x7efd5e6cd82f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
#13 0x404b18 in _start (/home/dungnguyen/PoCs/upx_294ed1b/upx.out+0x404b18)
Please tell us details about your environment.
UPX version used (upx --version): 4.0.0-git-294ed1b4ba35
Host Operating System and version: Ubuntu 16.04 64-bit
Host CPU architecture: Intel Xeon CPU E3-1505M v6 @ 3.00GHz CPU with 32GB RAM
Target Operating System and version: same as Host
Target CPU architecture: same as Host
The text was updated successfully, but these errors were encountered:
What's the problem (or question)?
A heap buffer overflow bug was discovered in the latest commit 294ed1b of the devel branch, in get_le64().
What should have happened?
Decompress or list a crafted/suspicious file.
Do you have an idea for a solution?
Add bound checks.
How can we reproduce the issue?
upx.out -df PoC -o /dev/null
upx.out -l PoC -o /dev/null
ASAN says:
Please tell us details about your environment.
upx --version
): 4.0.0-git-294ed1b4ba35The text was updated successfully, but these errors were encountered: