get_str_name returned an unreadable value and causing crash in strcmp
In this poc, get_str_name return 0xff
ASAN reports:
==7880==ERROR: AddressSanitizer: SEGV on unknown address 0x0000000000ff (pc 0x000000430045 bp 0x7fff7a4d5050 sp 0x7fff7a4d47f0 T0)
==7880==The signal is caused by a READ memory access.
==7880==Hint: address points to the zero page.
#0 0x430045 in strcmp (/out/upx-multi/upx-multi+0x430045)
#1 0x5b6c98 in PackLinuxElf64::adjABS(N_Elf64::Sym<N_Elf::ElfITypes<LE16, LE32, LE64, LE64, LE64> >*, unsigned int) /src/upx-multi/src/p_lx_elf.cpp:3137:14
#2 0x5d06a9 in PackLinuxElf64::unpack(OutputFile*) /src/upx-multi/src/p_lx_elf.cpp:4611:25
#3 0x6c82b0 in Packer::doUnpack(OutputFile*) /src/upx-multi/src/packer.cpp:107:5
#4 0x7589f8 in do_one_file(char const*, char*) /src/upx-multi/src/work.cpp:160:12
#5 0x759f42 in do_files(int, int, char**) /src/upx-multi/src/work.cpp:271:13
#6 0x555afd in main /src/upx-multi/src/main.cpp:1538:5
#7 0x7fb3d16be83f in __libc_start_main /build/glibc-e6zv40/glibc-2.23/csu/../csu/libc-start.c:291
#8 0x41ce98 in _start (/out/upx-multi/upx-multi+0x41ce98)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV (/out/upx-multi/upx-multi+0x430045) in strcmp
==7880==ABORTING
$ ./src/upx.out -d ./tests_7bc36b368db6594ef16f8abfd694fc11e4dc9acb_.tar.gz
Ultimate Packer for eXecutables
Copyright (C) 1996 - 2020
UPX git-8d1d60 Markus Oberhumer, Laszlo Molnar & John Reiser Jan 24th 2020
File size Ratio Format Name
-------------------- ------ ----------- -----------
Segmentation fault
Please tell us details about your environment.
UPX version used (upx --version):
upx 4.0.0-git-8d1d605b3d8c+
UCL data compression library 1.03
zlib data compression library 1.2.8
LZMA SDK version 4.43
Copyright (C) 1996-2020 Markus Franz Xaver Johannes Oberhumer
Copyright (C) 1996-2020 Laszlo Molnar
Copyright (C) 2000-2020 John F. Reiser
Copyright (C) 2002-2020 Jens Medoch
Copyright (C) 1995-2005 Jean-loup Gailly and Mark Adler
Copyright (C) 1999-2006 Igor Pavlov
UPX comes with ABSOLUTELY NO WARRANTY; for details type 'upx-multi -L'.
Host Operating System and version: Ubuntu 16.04.2 LTS
Host CPU architecture: x86_64
Target Operating System and version: same as Host
Target CPU architecture: same as Host
The text was updated successfully, but these errors were encountered:
Author: giantbranch of NSFOCUS Security Team
What's the problem (or question)?
Segmentation fault in PackLinuxElf64::adjABS of p_lx_elf.cpp in the latest commit of the devel branch
code:
get_str_name returned an unreadable value and causing crash in strcmp
In this poc, get_str_name return 0xff
ASAN reports:
What should have happened?
Check if the file is normal, exit if abnormal
Do you have an idea for a solution?
Add more checks
How can we reproduce the issue?
POC:
tests_7bc36b368db6594ef16f8abfd694fc11e4dc9acb_.tar.gz
Please tell us details about your environment.
upx --version):The text was updated successfully, but these errors were encountered: