[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#25011: Bugs in PTX Utility
From: |
Marcel Böhme |
Subject: |
bug#25011: Bugs in PTX Utility |
Date: |
Thu, 24 Nov 2016 16:57:54 +0800 |
Dear all,
The following produces a crash for the version in trunk and preinstalled
version 8.21 on Ubuntu 14.04 x86_64.
Below is also heap-buffer-overflow that doesn’t actually crash but is flagged
by ASAN as an invalid read of size 1.
Both bugs were found by AFLFast, a fork of AFL. Thanks goes out to Van-Thuan
Pham.
$ ptx ptx ptx > /dev/null
Segmentation fault
ASAN says:
==47034==ERROR: AddressSanitizer: heap-use-after-free on address 0x7f2b49433093
at pc 0x000000407b8b bp 0x7ffcfc738bb0 sp 0x7ffcfc738ba8
READ of size 1 at 0x7f2b49433093 thread T0
#0 0x407b8a in define_all_fields ../src/ptx.c:1432
#1 0x407b8a in generate_all_output ../src/ptx.c:1778
#2 0x407b8a in main ../src/ptx.c:2153
#3 0x7f2b4db9af44 in __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
#4 0x409379 (/home/ubuntu/subjects/coreutils/obj-asan/src/ptx+0x409379)
0x7f2b49433093 is located 10387 bytes inside of 8388576-byte region
[0x7f2b49430800,0x7f2b49c307e0)
freed by thread T0 here:
#0 0x7f2b4ed17710 in __interceptor_realloc
(/usr/lib/x86_64-linux-gnu/libasan.so.3+0xc2710)
#1 0x414a75 in xrealloc ../lib/xmalloc.c:61
previously allocated by thread T0 here:
#0 0x7f2b4ed17710 in __interceptor_realloc
(/usr/lib/x86_64-linux-gnu/libasan.so.3+0xc2710)
#1 0x414a75 in xrealloc ../lib/xmalloc.c:61
SUMMARY: AddressSanitizer: heap-use-after-free ../src/ptx.c:1432 in
define_all_fields
This is the other one:
$ echo a > ~/a
$ ptx -w1 -A ~/a
=================================================================
==44013==ERROR: AddressSanitizer: heap-buffer-overflow on address
0x60200000e818 at pc 0x0000004085cd bp 0x7ffc327adb70 sp 0x7ffc327adb68
READ of size 1 at 0x60200000e818 thread T0
#0 0x4085cc in define_all_fields ../src/ptx.c:1411
#1 0x4085cc in generate_all_output ../src/ptx.c:1778
#2 0x4085cc in main ../src/ptx.c:2153
#3 0x7f9ef7044f44 in __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
#4 0x409379 (/home/ubuntu/subjects/coreutils/obj-asan/src/ptx+0x409379)
0x60200000e818 is located 5 bytes to the right of 3-byte region
[0x60200000e810,0x60200000e813)
allocated by thread T0 here:
#0 0x7f9ef81c13a8 in __interceptor_malloc
(/usr/lib/x86_64-linux-gnu/libasan.so.3+0xc23a8)
#1 0x4121ed in fread_file ../lib/read-file.c:73
SUMMARY: AddressSanitizer: heap-buffer-overflow ../src/ptx.c:1411 in
define_all_fields
Best regards,
- Marcel
- bug#25011: Bugs in PTX Utility,
Marcel Böhme <=