search

shinyblink / sled

Satanic/Sexy/Stupid/Silly/Shiny LED matrix controller
https://shinyblink.github.io/sled/
ISC License
122 stars 25 forks source link

gfx_ip heap-buffer-overflow #37

Closed vifino closed 6 years ago

vifino commented 6 years ago

-fsanitize=address found this.

>> Now drawing ip=================================================================
==14656==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6060000888c0 at pc 0x0001038fe258 bp 0x7ffeedb2f030 sp 0x7ffeedb2f028
WRITE of size 8 at 0x6060000888c0 thread T0
    #0 0x1038fe257 in reset (gfx_ip.so:x86_64+0x1257)
    #1 0x1020d1db3 in sled_main main.c:271
    #2 0x7fff707b0114 in start (libdyld.dylib:x86_64+0x1114)

0x6060000888c0 is located 0 bytes to the right of 64-byte region [0x606000088880,0x6060000888c0)
allocated by thread T0 here:
    #0 0x10214be27 in wrap_calloc (libclang_rt.asan_osx_dynamic.dylib:x86_64+0x56e27)
    #1 0x1038fdd9e in init (gfx_ip.so:x86_64+0xd9e)
    #2 0x1020d63fc in modules_init modloader.c:180
    #3 0x1020d1a8b in sled_main main.c:238
    #4 0x7fff707b0114 in start (libdyld.dylib:x86_64+0x1114)

SUMMARY: AddressSanitizer: heap-buffer-overflow (gfx_ip.so:x86_64+0x1257) in reset
Shadow bytes around the buggy address:
  0x1c0c000110c0: 00 00 00 fa fa fa fa fa 00 00 00 00 00 00 00 fa
  0x1c0c000110d0: fa fa fa fa 00 00 00 00 00 00 00 fa fa fa fa fa
  0x1c0c000110e0: 00 00 00 00 00 00 00 fa fa fa fa fa 00 00 00 00
  0x1c0c000110f0: 00 00 00 fa fa fa fa fa 00 00 00 00 00 00 00 00
  0x1c0c00011100: fa fa fa fa fd fd fd fd fd fd fd fd fa fa fa fa
=>0x1c0c00011110: 00 00 00 00 00 00 00 00[fa]fa fa fa 00 00 00 00
  0x1c0c00011120: 00 00 04 fa fa fa fa fa fd fd fd fd fd fd fd fa
  0x1c0c00011130: fa fa fa fa 00 00 00 00 00 00 00 fa fa fa fa fa
  0x1c0c00011140: 00 00 00 00 00 00 00 fa fa fa fa fa 00 00 00 00
  0x1c0c00011150: 00 00 00 fa fa fa fa fa 00 00 00 00 00 00 00 fa
  0x1c0c00011160: fa fa fa fa 00 00 00 00 00 00 00 fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==14656==ABORTING
zsh: abort      ./sled
fridtjof commented 6 years ago

Fixed by 1a1f7a1bb291893eb9f9616af59675c31c63b53f