AddressSanitizer: heap-buffer-overflow READ of size 1 shlr/sdb/src/base64.c:16

ghost commented 8 years ago

r2 -A 4623193e33c292af2bb624563b568faa                                                                 
=================================================================
==16306==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x602000011ab1 at pc 0x7f55b5d75688 bp 0x7fffe8316d90 sp 0x7fffe8316d80
READ of size 1 at 0x602000011ab1 thread T0
    #0 0x7f55b5d75687 in b64_encode /home/fuzzer/radare2/shlr/sdb/src/base64.c:16
    #1 0x7f55b5d75e82 in sdb_encode_raw /home/fuzzer/radare2/shlr/sdb/src/base64.c:41
    #2 0x7f55b5d75fd8 in sdb_encode /home/fuzzer/radare2/shlr/sdb/src/base64.c:64
    #3 0x7f55b926235d in Pe_r_bin_store_string /home/fuzzer/radare2/libr/..//libr/bin/p/../format/pe/pe.c:1622
    #4 0x7f55b92625c6 in Pe_r_bin_store_string_table /home/fuzzer/radare2/libr/..//libr/bin/p/../format/pe/pe.c:1649
    #5 0x7f55b926282a in Pe_r_bin_store_string_file_info /home/fuzzer/radare2/libr/..//libr/bin/p/../format/pe/pe.c:1664
    #6 0x7f55b9262f24 in Pe_r_bin_store_resource_version_info /home/fuzzer/radare2/libr/..//libr/bin/p/../format/pe/pe.c:1702
    #7 0x7f55b92639ba in Pe32_r_bin_store_all_resource_version_info /home/fuzzer/radare2/libr/..//libr/bin/p/../format/pe/pe.c:1787
    #8 0x7f55b9263eb6 in bin_pe_init /home/fuzzer/radare2/libr/..//libr/bin/p/../format/pe/pe.c:1824
    #9 0x7f55b9269c94 in Pe32_r_bin_pe_new_buf /home/fuzzer/radare2/libr/..//libr/bin/p/../format/pe/pe.c:2585
    #10 0x7f55b9253251 in load_bytes /home/fuzzer/radare2/libr/..//libr/bin/p/bin_pe.c:26
    #11 0x7f55b917efad in r_bin_object_new /home/fuzzer/radare2/libr/bin/bin.c:972
    #12 0x7f55b917fe31 in r_bin_file_new_from_bytes /home/fuzzer/radare2/libr/bin/bin.c:1121
    #13 0x7f55b917da50 in r_bin_load_io_at_offset_as_sz /home/fuzzer/radare2/libr/bin/bin.c:740
    #14 0x7f55b917dadd in r_bin_load_io_at_offset_as /home/fuzzer/radare2/libr/bin/bin.c:753
    #15 0x7f55b917cfcd in r_bin_load_io /home/fuzzer/radare2/libr/bin/bin.c:646
    #16 0x7f55ba03a1cf in r_core_file_do_load_for_io_plugin /home/fuzzer/radare2/libr/core/file.c:383
    #17 0x7f55ba03ae49 in r_core_bin_load /home/fuzzer/radare2/libr/core/file.c:462
    #18 0x55dcded4f0dd in main /home/fuzzer/radare2/binr/radare2/radare2.c:658
    #19 0x7f55b4c42a3f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x20a3f)
    #20 0x55dcded4bc68 in _start (/home/fuzzer/radare2/binr/radare2/radare2+0x5c68)

ASAN:SIGSEGV

radare2 0.10.2-git 10883 @ linux-little-x86-64 git.0.10.1-429-g4476720 commit: 4476720aa8ce09e2aa13a9d08cc870b2b9886cb9 build: 2016-04-08

file: http://revskills.cz/r2/4623193e33c292af2bb624563b568faa

alvarofe commented 8 years ago

fixed in local but the whole versioninfo code for pe is totally fucked up. I will clean it tomorrow morning before to commit.

alvarofe commented 8 years ago

fixed, thx!

radareorg / radare2

AddressSanitizer: heap-buffer-overflow READ of size 1 shlr/sdb/src/base64.c:16 #4586