bug-coreutils
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#25011: Bugs in PTX Utility

From: Marcel Böhme
Subject: bug#25011: Bugs in PTX Utility
Date: Thu, 24 Nov 2016 16:57:54 +0800 
Dear all,

The following produces a crash for the version in trunk and preinstalled 
version 8.21 on Ubuntu 14.04 x86_64.
Below is also heap-buffer-overflow that doesn’t actually crash but is flagged 
by ASAN as an invalid read of size 1.

Both bugs were found by AFLFast, a fork of AFL. Thanks goes out to Van-Thuan 
Pham.


$ ptx ptx ptx > /dev/null
Segmentation fault

ASAN says:
==47034==ERROR: AddressSanitizer: heap-use-after-free on address 0x7f2b49433093 
at pc 0x000000407b8b bp 0x7ffcfc738bb0 sp 0x7ffcfc738ba8
READ of size 1 at 0x7f2b49433093 thread T0
    #0 0x407b8a in define_all_fields ../src/ptx.c:1432
    #1 0x407b8a in generate_all_output ../src/ptx.c:1778
    #2 0x407b8a in main ../src/ptx.c:2153
    #3 0x7f2b4db9af44 in __libc_start_main 
(/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
    #4 0x409379  (/home/ubuntu/subjects/coreutils/obj-asan/src/ptx+0x409379)

0x7f2b49433093 is located 10387 bytes inside of 8388576-byte region 
[0x7f2b49430800,0x7f2b49c307e0)
freed by thread T0 here:
    #0 0x7f2b4ed17710 in __interceptor_realloc 
(/usr/lib/x86_64-linux-gnu/libasan.so.3+0xc2710)
    #1 0x414a75 in xrealloc ../lib/xmalloc.c:61

previously allocated by thread T0 here:
    #0 0x7f2b4ed17710 in __interceptor_realloc 
(/usr/lib/x86_64-linux-gnu/libasan.so.3+0xc2710)
    #1 0x414a75 in xrealloc ../lib/xmalloc.c:61

SUMMARY: AddressSanitizer: heap-use-after-free ../src/ptx.c:1432 in 
define_all_fields


This is the other one:
$ echo a > ~/a
$ ptx -w1 -A ~/a
=================================================================
==44013==ERROR: AddressSanitizer: heap-buffer-overflow on address 
0x60200000e818 at pc 0x0000004085cd bp 0x7ffc327adb70 sp 0x7ffc327adb68
READ of size 1 at 0x60200000e818 thread T0
    #0 0x4085cc in define_all_fields ../src/ptx.c:1411
    #1 0x4085cc in generate_all_output ../src/ptx.c:1778
    #2 0x4085cc in main ../src/ptx.c:2153
    #3 0x7f9ef7044f44 in __libc_start_main 
(/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
    #4 0x409379  (/home/ubuntu/subjects/coreutils/obj-asan/src/ptx+0x409379)

0x60200000e818 is located 5 bytes to the right of 3-byte region 
[0x60200000e810,0x60200000e813)
allocated by thread T0 here:
    #0 0x7f9ef81c13a8 in __interceptor_malloc 
(/usr/lib/x86_64-linux-gnu/libasan.so.3+0xc23a8)
    #1 0x4121ed in fread_file ../lib/read-file.c:73

SUMMARY: AddressSanitizer: heap-buffer-overflow ../src/ptx.c:1411 in 
define_all_fields

Best regards,
- Marcel
reply via email to
[Prev in Thread] Current Thread [Next in Thread]