AddressSanitizer: heap-buffer-overflow READ of size 1 shlr/sdb/src/base64.c:15

ghost commented 8 years ago

r2 -A f27eba441ffa931b936c189bbd0e45f6                                                            
=================================================================
==6325==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x61500000f4f8 at pc 0x7f0254db0596 bp 0x7ffe142d9cf0 sp 0x7ffe142d9ce0
READ of size 1 at 0x61500000f4f8 thread T0
    #0 0x7f0254db0595 in b64_encode /home/fuzzer/radare2/shlr/sdb/src/base64.c:15
    #1 0x7f0254db0e82 in sdb_encode_raw /home/fuzzer/radare2/shlr/sdb/src/base64.c:41
    #2 0x7f0254db0fd8 in sdb_encode /home/fuzzer/radare2/shlr/sdb/src/base64.c:64
    #3 0x7f025829d35d in Pe_r_bin_store_string /home/fuzzer/radare2/libr/..//libr/bin/p/../format/pe/pe.c:1622
    #4 0x7f025829d5c6 in Pe_r_bin_store_string_table /home/fuzzer/radare2/libr/..//libr/bin/p/../format/pe/pe.c:1649
    #5 0x7f025829d82a in Pe_r_bin_store_string_file_info /home/fuzzer/radare2/libr/..//libr/bin/p/../format/pe/pe.c:1664
    #6 0x7f025829df24 in Pe_r_bin_store_resource_version_info /home/fuzzer/radare2/libr/..//libr/bin/p/../format/pe/pe.c:1702
    #7 0x7f025829e9ba in Pe32_r_bin_store_all_resource_version_info /home/fuzzer/radare2/libr/..//libr/bin/p/../format/pe/pe.c:1787
    #8 0x7f025829eeb6 in bin_pe_init /home/fuzzer/radare2/libr/..//libr/bin/p/../format/pe/pe.c:1824
    #9 0x7f02582a4c94 in Pe32_r_bin_pe_new_buf /home/fuzzer/radare2/libr/..//libr/bin/p/../format/pe/pe.c:2585
    #10 0x7f025828e251 in load_bytes /home/fuzzer/radare2/libr/..//libr/bin/p/bin_pe.c:26
    #11 0x7f02581b9fad in r_bin_object_new /home/fuzzer/radare2/libr/bin/bin.c:972
    #12 0x7f02581bae31 in r_bin_file_new_from_bytes /home/fuzzer/radare2/libr/bin/bin.c:1121
    #13 0x7f02581b8a50 in r_bin_load_io_at_offset_as_sz /home/fuzzer/radare2/libr/bin/bin.c:740
    #14 0x7f02581b8add in r_bin_load_io_at_offset_as /home/fuzzer/radare2/libr/bin/bin.c:753
    #15 0x7f02581b7fcd in r_bin_load_io /home/fuzzer/radare2/libr/bin/bin.c:646
    #16 0x7f02590751cf in r_core_file_do_load_for_io_plugin /home/fuzzer/radare2/libr/core/file.c:383
    #17 0x7f0259075e49 in r_core_bin_load /home/fuzzer/radare2/libr/core/file.c:462
    #18 0x55d9d52950dd in main /home/fuzzer/radare2/binr/radare2/radare2.c:658
    #19 0x7f0253c7da3f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x20a3f)
    #20 0x55d9d5291c68 in _start (/home/fuzzer/radare2/binr/radare2/radare2+0x5c68)

ASAN:SIGSEGV

radare2 0.10.2-git 10883 @ linux-little-x86-64 git.0.10.1-429-g4476720 commit: 4476720 build: 2016-04-08

file: http://revskills.cz/r2/f27eba441ffa931b936c189bbd0e45f6

alvarofe commented 8 years ago

fixed in local. need to be cleaned before to submit the patch

radare commented 8 years ago

f this is an issue in sdb please fix it in the other repo first. Anyways my guess is that the issue is some layers above

alvarofe commented 8 years ago

should be fixed now

radareorg / radare2

AddressSanitizer: heap-buffer-overflow READ of size 1 shlr/sdb/src/base64.c:15 #4582