[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: nucobol-3.1-rc1 and Asan findings
From: |
Jeffrey Walton |
Subject: |
Re: nucobol-3.1-rc1 and Asan findings |
Date: |
Tue, 14 Jul 2020 06:06:54 -0400 |
On Mon, Jul 13, 2020 at 7:57 PM Jeffrey Walton <noloader@gmail.com> wrote:
>
> Hi Everyone,
>
> Here's the result of a 'make check' when using '-fsanitize=address'.
> It looks like there are a few new failures.
>
> This is a good result. I usually see a lot more Asan findings. The 577
> test result looks important. It is a use-after-free.
The 660 test is also interesting. It is a heap-based buffer overflow.
$ cat gnucobol-3.1-rc1/tests/testsuite.dir/0660/testsuite.log
# -*- compilation -*-
660. run_misc.at:6880: testing Trace feature with subroutine ...
./run_misc.at:6909: $COMPILE_MODULE callsub.cob
./run_misc.at:7514: $COMPILE -ftraceall prog.cob
./run_misc.at:7517: $COBCRUN_DIRECT ./prog
--- /dev/null 2020-07-10 09:37:43.139999945 -0400
+++
/home/jwalton/Build-Scripts/gnucobol-3.1-rc1/tests/testsuite.dir/at-groups/660/stderr
2020-07-14 06:03:33.402343655 -0400
@@ -0,0 +1,48 @@
+=================================================================
+==28657==ERROR: AddressSanitizer: heap-buffer-overflow on address
0x6020000039ec at pc 0x7f3806d2c733 bp 0x7ffed48975c0 sp
0x7ffed4896d68
+READ of size 8 at 0x6020000039ec thread T0
+ #0 0x7f3806d2c732 (/usr/lib/x86_64-linux-gnu/libasan.so.4+0x79732)
+ #1 0x7f3806a0d8f9 in bdb_savekey
/home/jwalton/Build-Scripts/gnucobol-3.1-rc1/libcob/fileio.c:757
+ #2 0x7f3806a0d8f9 in indexed_delete_internal
/home/jwalton/Build-Scripts/gnucobol-3.1-rc1/libcob/fileio.c:3074
+ #3 0x7f3806a1052f in indexed_rewrite
/home/jwalton/Build-Scripts/gnucobol-3.1-rc1/libcob/fileio.c:4924
+ #4 0x7f3806a1c3d0 in cob_rewrite
/home/jwalton/Build-Scripts/gnucobol-3.1-rc1/libcob/fileio.c:5547
+ #5 0x55f1897cbe6c in prog_ /home/jwalton/tmp/cob28633_0.c:1441
+ #6 0x55f1897c0b40 in prog /home/jwalton/tmp/cob28633_0.c:46
+ #7 0x55f1897c0b24 in main /home/jwalton/tmp/cob28633_0.c:34
+ #8 0x7f38065d2b96 in __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x21b96)
+ #9 0x55f1897c0a19 in _start
(/home/jwalton/Build-Scripts/gnucobol-3.1-rc1/tests/testsuite.dir/0660/prog+0x9a19)
+
+Address 0x6020000039ec is a wild pointer.
+SUMMARY: AddressSanitizer: heap-buffer-overflow
(/usr/lib/x86_64-linux-gnu/libasan.so.4+0x79732)
+Shadow bytes around the buggy address:
+ 0x0c047fff86e0: fa fa 00 01 fa fa 00 00 fa fa 00 01 fa fa 00 04
+ 0x0c047fff86f0: fa fa 00 04 fa fa fd fd fa fa 00 03 fa fa 00 02
+ 0x0c047fff8700: fa fa 00 02 fa fa 00 01 fa fa 00 fa fa fa 00 fa
+ 0x0c047fff8710: fa fa 00 02 fa fa 00 04 fa fa 00 02 fa fa fd fa
+ 0x0c047fff8720: fa fa fd fa fa fa 00 02 fa fa 00 04 fa fa fa fa
+=>0x0c047fff8730: fa fa fa fa fa fa fa fa fa fa fa fa fa[fa]fa fa
+ 0x0c047fff8740: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
+ 0x0c047fff8750: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
+ 0x0c047fff8760: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
+ 0x0c047fff8770: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
+ 0x0c047fff8780: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
+Shadow byte legend (one shadow byte represents 8 application bytes):
+ Addressable: 00
+ Partially addressable: 01 02 03 04 05 06 07
+ Heap left redzone: fa
+ Freed heap region: fd
+ Stack left redzone: f1
+ Stack mid redzone: f2
+ Stack right redzone: f3
+ Stack after return: f5
+ Stack use after scope: f8
+ Global redzone: f9
+ Global init order: f6
+ Poisoned by user: f7
+ Container overflow: fc
+ Array cookie: ac
+ Intra object redzone: bb
+ ASan internal: fe
+ Left alloca redzone: ca
+ Right alloca redzone: cb
+==28657==ABORTING
--- - 2020-07-14 06:03:33.407177292 -0400
+++
/home/jwalton/Build-Scripts/gnucobol-3.1-rc1/tests/testsuite.dir/at-groups/660/stdout
2020-07-14 06:03:33.402343655 -0400
@@ -33,6 +33,4 @@
Read: GAM00000 got 00 as expected 00075 terminals
ReWrite: GAM00000 got 00 as expected 00080 terminals
Read: BET00000 got 00 as expected 00034 terminals
-ReWrite: GAM00000 got 00/02 as expected
-ReWrite: FOR00000 got 00/02 as expected
./run_misc.at:7517: exit code was 1, expected 0
660. run_misc.at:6880: 660. Trace feature with subroutine
(run_misc.at:6880): FAILED (run_misc.at:7517)