Open EnchantedJohn opened 6 years ago
then I want to provide GDB information.
Program received signal SIGSEGV, Segmentation fault.
0x0000000000403d0a in _pbcB_register_fields ()
(gdb) bt
#0 0x0000000000403d0a in _pbcB_register_fields ()
#1 0x0000000000401c42 in pbc_register ()
#2 0x0000000000400ff5 in test_decode ()
#3 0x0000000000400bed in main ()
(gdb) i r
rax 0x0 0
rbx 0x0 0
rcx 0x60ff78 6356856
rdx 0x8167a454b114d488 -9122141836560509816
rsi 0x0 0
rdi 0x6130fd 6369533
rbp 0x60ff60 0x60ff60
rsp 0x7fffffffe000 0x7fffffffe000
r8 0x2 2
r9 0x7fffffffe0d0 140737488347344
r10 0xfffffffffffff20e -3570
r11 0x7ffff7b9bb01 140737349532417
r12 0xf 15
r13 0x7fffffffe0d0 140737488347344
r14 0x7fffffffe010 140737488347152
r15 0x60d010 6344720
rip 0x403d0a 0x403d0a <_pbcB_register_fields+122>
eflags 0x10246 [ PF ZF IF RF ]
cs 0x33 51
ss 0x2b 43
ds 0x0 0
es 0x0 0
fs 0x0 0
gs 0x0 0
(gdb) x/10i $pc
=> 0x403d0a <_pbcB_register_fields+122>: mov 0x18(%rax),%rdx
0x403d0e <_pbcB_register_fields+126>: add $0x1,%ebx
0x403d11 <_pbcB_register_fields+129>: cmp %r12d,%ebx
0x403d14 <_pbcB_register_fields+132>: mov %rdx,(%rcx)
0x403d17 <_pbcB_register_fields+135>: mov 0x20(%rax),%rax
0x403d1b <_pbcB_register_fields+139>: mov %rax,0x8(%rcx)
0x403d1f <_pbcB_register_fields+143>: jne 0x403cc8 <_pbcB_register_fields+56>
0x403d21 <_pbcB_register_fields+145>: nopl 0x0(%rax)
0x403d28 <_pbcB_register_fields+152>: add $0x28,%rsp
0x403d2c <_pbcB_register_fields+156>: pop %rbx
then I want to provide ASAN information:
==33963==ERROR: AddressSanitizer: global-buffer-overflow on address 0x000000421541 at pc 0x7fd8ace8e2a8 bp 0x7ffc95022120 sp 0x7ffc950220f8
READ of size 1 at 0x000000421541 thread T0
#0 0x7fd8ace8e2a7 in __interceptor_strlen (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x322a7)
#1 0x405c0f in calc_hash src/map.c:35
#2 0x40865d in _pbcM_sp_query src/map.c:384
#3 0x404bc1 in _pbcP_push_message src/proto.c:94
#4 0x4033ed in _register_extension src/register.c:168
#5 0x4037a7 in _register_message src/register.c:203
#6 0x403b66 in _register src/register.c:241
#7 0x404044 in _register_no_dependency src/register.c:296
#8 0x404310 in pbc_register src/register.c:329
#9 0x401e42 in test_decode ../test/decode.c:67
#10 0x401f10 in main ../test/decode.c:79
#11 0x7fd8acab4f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
#12 0x401408 (/home/lx/github/6_27/pbc/pbc-master/build/decode+0x401408)
0x000000421541 is located 0 bytes to the right of global variable '*.LC5' from 'src/bootstrap.c' (0x421540) of size 1
'*.LC5' is ascii string ''
SUMMARY: AddressSanitizer: global-buffer-overflow ??:0 __interceptor_strlen
Shadow bytes around the buggy address:
0x00008007c250: 00 00 00 00 02 f9 f9 f9 f9 f9 f9 f9 00 00 00 00
0x00008007c260: 04 f9 f9 f9 f9 f9 f9 f9 00 00 00 03 f9 f9 f9 f9
0x00008007c270: 00 00 00 00 00 00 f9 f9 f9 f9 f9 f9 00 00 00 00
0x00008007c280: 00 00 00 04 f9 f9 f9 f9 00 00 00 00 00 00 00 00
0x00008007c290: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x00008007c2a0: 00 00 00 00 00 00 00 00[01]f9 f9 f9 f9 f9 f9 f9
0x00008007c2b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x00008007c2c0: 00 f9 f9 f9 f9 f9 f9 f9 00 f9 f9 f9 f9 f9 f9 f9
0x00008007c2d0: 05 f9 f9 f9 f9 f9 f9 f9 00 f9 f9 f9 f9 f9 f9 f9
0x00008007c2e0: 05 f9 f9 f9 f9 f9 f9 f9 07 f9 f9 f9 f9 f9 f9 f9
0x00008007c2f0: 00 f9 f9 f9 f9 f9 f9 f9 00 f9 f9 f9 f9 f9 f9 f9
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap right redzone: fb
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Contiguous container OOB:fc
ASan internal: fe
==33963==ABORTING
Is there a plan to fix this ? could you give more information? thanks.
ASSIGNED : CVE-2018-12915
Hello.I use my company tool.I found two heapoverflow.There is first one.Then I want to provide more information.I hope will hope your guys.