search

LukasKava / Minishell

0 stars 0 forks source link

fsanitize shows heap buffer overflow after entering those commands #44

Closed Gotr-byte closed 1 year ago

Gotr-byte commented 1 year ago

$> export HOLA=p $> export BYE=w $> $"HOLA"$"BYE"d

BiebianOS> "HOLA"$"BYE"d

==4868==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60200000650f at pc 0x56039ce1e842 bp 0x7ffd16f9c1e0 sp 0x7ffd16f9c1d0 READ of size 1 at 0x60200000650f thread T0

0 0x56039ce1e841 in quotes src/parsing/lexer_cases.c:40

#1 0x56039ce22086 in lexer src/parsing/lexer.c:97
#2 0x56039ce19ce4 in parsing_and_execution src/parsing/main.c:116
#3 0x56039ce1a0f6 in main src/parsing/main.c:155
#4 0x7f14a1f0ed8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
#5 0x7f14a1f0ee3f in __libc_start_main_impl ../csu/libc-start.c:392
#6 0x56039ce195e4 in _start (/home/piotr/code/mini/minishell+0x45e4)

0x60200000650f is located 1 bytes to the left of 14-byte region [0x602000006510,0x60200000651e) allocated by thread T0 here:

0 0x7f14a2215867 in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:145

#1 0x7f14a2146bac in xmalloc (/lib/x86_64-linux-gnu/libreadline.so.8+0x39bac)

SUMMARY: AddressSanitizer: heap-buffer-overflow src/parsing/lexer_cases.c:40 in quotes Shadow bytes around the buggy address: 0x0c047fff8c50: fa fa 07 fa fa fa 05 fa fa fa 00 04 fa fa 00 06 0x0c047fff8c60: fa fa fd fd fa fa fd fd fa fa fd fa fa fa fd fd 0x0c047fff8c70: fa fa fd fa fa fa fd fa fa fa fd fa fa fa 04 fa 0x0c047fff8c80: fa fa 06 fa fa fa 06 fa fa fa 04 fa fa fa 00 04 0x0c047fff8c90: fa fa 00 05 fa fa 00 04 fa fa 00 04 fa fa 00 fa =>0x0c047fff8ca0: fa[fa]00 06 fa fa fa fa fa fa fa fa fa fa fa fa 0x0c047fff8cb0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c047fff8cc0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c047fff8cd0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c047fff8ce0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c047fff8cf0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb Shadow gap: cc ==4868==ABORTING

LukasKava commented 1 year ago

fixed the quotes because it was trying to read -1