Closed kinzhong closed 3 years ago
I can't reproduce on master (configured with ./configure.sh --asan
, and not with ./configure.sh -g --asan
-- neither with gcc or clang). Which version of Boolector did you compile? If it was master, which commit? How did you configure Boolector?
This is strange, I tried recreating it again on the latest commit (aa1ff92c51df47ba6f4100cac10d32bc7041ab1a) of master and it works on my side. I used gcc version 7.5.0.
./configure.sh --asan cd build make
I have attached all the relevant logs for your reference. Thank you.
I'm an idiot, I had it parsed as smt2. Now I can reproduce, too.
Hi,
There is a null pointer dereference in btor_bv_to_char() from btorbv.c.
To recreate: compile with ASAN enabled ./boolector poc
poc.zip
ASAN Logs: ==19782==ERROR: AddressSanitizer: SEGV on unknown address 0x602100004d4e (pc 0x7fc8ec1ec260 bp 0x7ffe0e3ccf60 sp 0x7ffe0e3ccf20 T0) ==19782==The signal is caused by a WRITE memory access.
0 0x7fc8ec1ec25f in btor_bv_to_char /home/kinzhong/Downloads/boolector/src/btorbv.c:660
AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV /home/kinzhong/Downloads/boolector/src/btorbv.c:660 in btor_bv_to_char ==19782==ABORTING
Please let me know if you have any issues with recreating the vulnerability. Thank you!
Best regards, Kin Zhong