bug-gnucobol
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: nucobol-3.1-rc1 and Asan findings

From: Jeffrey Walton
Subject: Re: nucobol-3.1-rc1 and Asan findings
Date: Tue, 14 Jul 2020 06:08:29 -0400 
On Mon, Jul 13, 2020 at 7:57 PM Jeffrey Walton <noloader@gmail.com> wrote:
>
> Hi Everyone,
>
> Here's the result of a 'make check' when using '-fsanitize=address'.
> It looks like there are a few new failures.
>
> This is a good result. I usually see a lot more Asan findings. The 577
> test result looks important. It is a use-after-free.

And the 773 test is also a heap-based buffer overflow.

$ cat gnucobol-3.1-rc1/tests/testsuite.dir/0763/testsuite.log
#                             -*- compilation -*-
763. run_file.at:6427: testing EXTFH: using ISAM callback ...
./run_file.at:7082: $COMPILE -fcallfh=TSTFH prog.cob cmod.c
./run_file.at:7084: $COBCRUN_DIRECT ./prog
--- /dev/null    2020-07-10 09:37:43.139999945 -0400
+++ 
/home/jwalton/Build-Scripts/gnucobol-3.1-rc1/tests/testsuite.dir/at-groups/763/stderr
   2020-07-14 06:03:51.758631054 -0400
@@ -0,0 +1,51 @@
+=================================================================
+==1153==ERROR: AddressSanitizer: heap-buffer-overflow on address
0x6020000036ec at pc 0x7fdd00108733 bp 0x7ffc1fa6b7e0 sp
0x7ffc1fa6af88
+READ of size 8 at 0x6020000036ec thread T0
+    #0 0x7fdd00108732  (/usr/lib/x86_64-linux-gnu/libasan.so.4+0x79732)
+    #1 0x7fdcffde98f9 in bdb_savekey
/home/jwalton/Build-Scripts/gnucobol-3.1-rc1/libcob/fileio.c:757
+    #2 0x7fdcffde98f9 in indexed_delete_internal
/home/jwalton/Build-Scripts/gnucobol-3.1-rc1/libcob/fileio.c:3074
+    #3 0x7fdcffdec52f in indexed_rewrite
/home/jwalton/Build-Scripts/gnucobol-3.1-rc1/libcob/fileio.c:4924
+    #4 0x7fdcffdf83d0 in cob_rewrite
/home/jwalton/Build-Scripts/gnucobol-3.1-rc1/libcob/fileio.c:5547
+    #5 0x7fdcffe08232 in EXTFH
/home/jwalton/Build-Scripts/gnucobol-3.1-rc1/libcob/fileio.c:8257
+    #6 0x560639ba2657 in TSTFH
/home/jwalton/Build-Scripts/gnucobol-3.1-rc1/tests/testsuite.dir/0763/cmod.c:50
+    #7 0x7fdcffe044d5 in cob_extfh_rewrite
/home/jwalton/Build-Scripts/gnucobol-3.1-rc1/libcob/fileio.c:7924
+    #8 0x560639b9a2ee in prog_ /home/jwalton/tmp/cob1111_0.c:1489
+    #9 0x560639b8ea60 in prog /home/jwalton/tmp/cob1111_0.c:47
+    #10 0x560639b8ea44 in main /home/jwalton/tmp/cob1111_0.c:35
+    #11 0x7fdcff9aeb96 in __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x21b96)
+    #12 0x560639b8e939 in _start
(/home/jwalton/Build-Scripts/gnucobol-3.1-rc1/tests/testsuite.dir/0763/prog+0x9939)
+
+Address 0x6020000036ec is a wild pointer.
+SUMMARY: AddressSanitizer: heap-buffer-overflow
(/usr/lib/x86_64-linux-gnu/libasan.so.4+0x79732)
+Shadow bytes around the buggy address:
+  0x0c047fff8680: fa fa 00 01 fa fa 00 00 fa fa 00 01 fa fa 00 04
+  0x0c047fff8690: fa fa 00 04 fa fa fd fd fa fa 00 03 fa fa 00 02
+  0x0c047fff86a0: fa fa 00 02 fa fa 00 01 fa fa 00 fa fa fa 00 fa
+  0x0c047fff86b0: fa fa 00 02 fa fa 00 04 fa fa 00 02 fa fa fd fa
+  0x0c047fff86c0: fa fa fd fa fa fa 00 02 fa fa 00 04 fa fa fa fa
+=>0x0c047fff86d0: fa fa fa fa fa fa fa fa fa fa fa fa fa[fa]fa fa
+  0x0c047fff86e0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
+  0x0c047fff86f0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
+  0x0c047fff8700: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
+  0x0c047fff8710: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
+  0x0c047fff8720: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
+Shadow byte legend (one shadow byte represents 8 application bytes):
+  Addressable:           00
+  Partially addressable: 01 02 03 04 05 06 07
+  Heap left redzone:       fa
+  Freed heap region:       fd
+  Stack left redzone:      f1
+  Stack mid redzone:       f2
+  Stack right redzone:     f3
+  Stack after return:      f5
+  Stack use after scope:   f8
+  Global redzone:          f9
+  Global init order:       f6
+  Poisoned by user:        f7
+  Container overflow:      fc
+  Array cookie:            ac
+  Intra object redzone:    bb
+  ASan internal:           fe
+  Left alloca redzone:     ca
+  Right alloca redzone:    cb
+==1153==ABORTING
--- -    2020-07-14 06:03:51.762580790 -0400
+++ 
/home/jwalton/Build-Scripts/gnucobol-3.1-rc1/tests/testsuite.dir/at-groups/763/stdout
   2020-07-14 06:03:51.758631054 -0400
@@ -32,7 +32,4 @@
    Read: GAM00000 got 00 as expected 00075 terminals
 ReWrite: GAM00000 got 00/02 as expected 00080 terminals
    Read: BET00000 got 00 as expected 00034 terminals
-ReWrite: GAM00000 got 00/02 as expected
-ReWrite: FOR00000 got 00/02 as expected
-Expected ERROR 39 opening TSTFILE, Record size different

./run_file.at:7084: exit code was 1, expected 0
763. run_file.at:6427: 763. EXTFH: using ISAM callback
(run_file.at:6427): FAILED (run_file.at:7084)
reply via email to
[Prev in Thread] Current Thread [Next in Thread]