Skip to content
This repository has been archived by the owner on Nov 28, 2022. It is now read-only.

A global buffer overflow issue has been detected #123

Open
fCorleone opened this issue Jul 24, 2018 · 0 comments
Open

A global buffer overflow issue has been detected #123

fCorleone opened this issue Jul 24, 2018 · 0 comments

Comments

@fCorleone
Copy link

When I ran the program addressbook. ASAN found a global buffer overflow:

=================================================================
==545==ERROR: AddressSanitizer: global-buffer-overflow on address 0x0000004391a7 at pc 0x00000041ade3 bp 0x7ffcea768b30 sp 0x7ffcea768b20
READ of size 1 at 0x0000004391a7 thread T0
    #0 0x41ade2 in pbc_wmessage_string src/wmessage.c:300
    #1 0x4022a8 in test_wmessage ../test/addressbook.c:78
    #2 0x402500 in main ../test/addressbook.c:105
    #3 0x7f034e49982f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
    #4 0x401618 in _start (/home/mfc_fuzz/pbc/build/addressbook+0x401618)

0x0000004391a7 is located 0 bytes to the right of global variable '*.LC25' defined in '../test/addressbook.c' (0x4391a0) of size 7
  '*.LC25' is ascii string 'MOBILE'
SUMMARY: AddressSanitizer: global-buffer-overflow src/wmessage.c:300 pbc_wmessage_string
Shadow bytes around the buggy address:
  0x00008007f1e0: f9 f9 f9 f9 05 f9 f9 f9 f9 f9 f9 f9 00 00 f9 f9
  0x00008007f1f0: f9 f9 f9 f9 05 f9 f9 f9 f9 f9 f9 f9 00 07 f9 f9
  0x00008007f200: f9 f9 f9 f9 00 00 02 f9 f9 f9 f9 f9 00 00 00 f9
  0x00008007f210: f9 f9 f9 f9 06 f9 f9 f9 f9 f9 f9 f9 00 05 f9 f9
  0x00008007f220: f9 f9 f9 f9 00 01 f9 f9 f9 f9 f9 f9 00 04 f9 f9
=>0x00008007f230: f9 f9 f9 f9[07]f9 f9 f9 f9 f9 f9 f9 00 00 00 00
  0x00008007f240: 00 07 f9 f9 f9 f9 f9 f9 00 00 00 00 00 00 00 00
  0x00008007f250: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x00008007f260: 00 00 00 00 00 00 00 00 06 f9 f9 f9 f9 f9 f9 f9
  0x00008007f270: 05 f9 f9 f9 f9 f9 f9 f9 07 f9 f9 f9 f9 f9 f9 f9
  0x00008007f280: 01 f9 f9 f9 f9 f9 f9 f9 05 f9 f9 f9 f9 f9 f9 f9
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Heap right redzone:      fb
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack partial redzone:   f4
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
==545==ABORTING

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant