When I ran the program pattern. A issue occurred, it's a heap use after free issue.
Details:
=================================================================
==16823==ERROR: AddressSanitizer: heap-use-after-free on address 0x619000002219 at pc 0x7f115cdc32d5 bp 0x7ffc43fae170 sp 0x7ffc43fad918
READ of size 16 at 0x619000002219 thread T0
#0 0x7f115cdc32d4 (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x472d4)
#1 0x41f8f4 in _pbcM_sp_query src/map.c:391
#2 0x417e53 in _pbcP_get_message src/proto.c:21
#3 0x4131fa in pbc_pattern_new src/pattern.c:1070
#4 0x402b8a in main ../test/pattern.c:149
#5 0x7f115c9d282f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
#6 0x401678 in _start (/home/mfc_fuzz/pbc/build/pattern+0x401678)
0x619000002219 is located 921 bytes inside of 1032-byte region [0x619000001e80,0x619000002288)
freed by thread T0 here:
#0 0x7f115ce142ca in __interceptor_free (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x982ca)
#1 0x4210d2 in _pbcM_free src/alloc.c:14
#2 0x42151e in _pbcH_delete src/alloc.c:55
#3 0x4268b3 in pbc_rmessage_delete src/rmessage.c:333
#4 0x41778f in pbc_register src/register.c:337
#5 0x402b43 in main ../test/pattern.c:145
#6 0x7f115c9d282f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
previously allocated by thread T0 here:
#0 0x7f115ce14602 in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x98602)
#1 0x42102e in _pbcM_malloc src/alloc.c:8
#2 0x4216dc in _pbcH_alloc src/alloc.c:70
#3 0x4227ff in read_string src/rmessage.c:53
#4 0x4237b7 in read_value src/rmessage.c:140
#5 0x425da7 in _pbc_rmessage_new src/rmessage.c:297
#6 0x424b6f in push_value_array src/rmessage.c:228
#7 0x425ba2 in _pbc_rmessage_new src/rmessage.c:290
#8 0x424b6f in push_value_array src/rmessage.c:228
#9 0x425ba2 in _pbc_rmessage_new src/rmessage.c:290
#10 0x424b6f in push_value_array src/rmessage.c:228
#11 0x425ba2 in _pbc_rmessage_new src/rmessage.c:290
#12 0x4265a6 in pbc_rmessage_new src/rmessage.c:319
#13 0x41734e in pbc_register src/register.c:307
#14 0x402b43 in main ../test/pattern.c:145
#15 0x7f115c9d282f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
SUMMARY: AddressSanitizer: heap-use-after-free ??:0 ??
Shadow bytes around the buggy address:
0x0c327fff83f0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c327fff8400: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c327fff8410: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c327fff8420: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c327fff8430: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
=>0x0c327fff8440: fd fd fd[fd]fd fd fd fd fd fd fd fd fd fd fd fd
0x0c327fff8450: fd fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c327fff8460: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c327fff8470: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c327fff8480: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c327fff8490: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap right redzone: fb
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
==16823==ABORTING
When I ran the program pattern. A issue occurred, it's a heap use after free issue. Details:
The command line I used is just: ./pattern testcase. The testcase of this issue has been put at:https://github.com/fCorleone/fuzz_programs/blob/master/pbc/testcase3