AddressSanitizer report heap-buffer-overflow when use the packJPG

[ConcoctionSec]

Version

packJPG v2.5k (01/22/2016)

Environment

Ubuntu 18.04，64 bit

Command

Compile test program:

$ make clean all

Compile test program with address sanitizer with this command:

• Update Makefile:

CC = afl-gcc
CPP = afl-g++ 
LDFLAGS  =  -static-libgcc -static-libstdc++ -lstdc++fs

• Compile program:

$ export AFL_USE_ASAN=1
$ make clean all

Result

The result of running without ASAN:

$ ./packJPG $poc

--> packJPG v2.5k (01/22/2016) by Matthias Stirner / Se <--
Copyright 2006-2016 HTW Aalen University & Matthias Stirner
All rights reserved

Segmentation fault (core dumped) 

Information obtained by using ASAN:

$ ./packJPG_asan $poc

--> packJPG v2.5k (01/22/2016) by Matthias Stirner / Se <--
Copyright 2006-2016 HTW Aalen University & Matthias Stirner
All rights reserved

=================================================================
==44==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x603000000068 at pc 0x55e6a343e293 bp 0x7ffce0a8a370 sp 0x7ffce0a8a360
READ of size 8 at 0x603000000068 thread T0
    #0 0x55e6a343e292  (/docker/packJPG-master/source/packJPG_asan+0x44292)
    #1 0x55e6a34a289a  (/docker/packJPG-master/source/packJPG_asan+0xa889a)
    #2 0x55e6a34a33cc  (/docker/packJPG-master/source/packJPG_asan+0xa93cc)
    #3 0x55e6a34cacc0  (/docker/packJPG-master/source/packJPG_asan+0xd0cc0)
    #4 0x55e6a341e6f4  (/docker/packJPG-master/source/packJPG_asan+0x246f4)
    #5 0x7fea091ed0b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2)
    #6 0x55e6a3420c7d  (/docker/packJPG-master/source/packJPG_asan+0x26c7d)

0x603000000068 is located 8 bytes to the left of 32-byte region [0x603000000070,0x603000000090)
allocated by thread T0 here:
    #0 0x7fea0946e5a7 in operator new(unsigned long) ../../../../src/libsanitizer/asan/asan_new_delete.cpp:99
    #1 0x55e6a3424d57  (/docker/packJPG-master/source/packJPG_asan+0x2ad57)

SUMMARY: AddressSanitizer: heap-buffer-overflow (/docker/packJPG-master/source/packJPG_asan+0x44292) 
Shadow bytes around the buggy address:
  0x0c067fff7fb0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c067fff7fc0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c067fff7fd0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c067fff7fe0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c067fff7ff0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0c067fff8000: fa fa 00 00 00 00 fa fa 00 00 00 00 fa[fa]00 00
  0x0c067fff8010: 00 00 fa fa fd fd fd fd fa fa fa fa fa fa fa fa
  0x0c067fff8020: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c067fff8030: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c067fff8040: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c067fff8050: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
  Shadow gap:              cc
==44==ABORTING
==========================================================================

Description

When we execute the command, asan reports the error: AddressSanitizer: heap-buffer-overflow on address 0x603000000068 at pc 0x55e6a343e293 bp 0x7ffce0a8a370 sp 0x7ffce0a8a360.

Poc

Poc file is this.