ASAN:DEADLYSIGNAL
=================================================================
==19700==ERROR: AddressSanitizer: SEGV on unknown address 0x00000028 (pc 0xb7532ca3 bp 0xbf86ecf8 sp 0xbf86e820 T0)
==19700==The signal is caused by a WRITE memory access.
==19700==Hint: address points to the zero page.
#0 0xb7532ca2 in _IO_vfprintf /build/glibc-4TWal_/glibc-2.24/stdio-common/vfprintf.c:1636
#1 0xb75d4093 in __vsyslog_chk /build/glibc-4TWal_/glibc-2.24/misc/../misc/syslog.c:220
#2 0xb75d4166 in syslog /build/glibc-4TWal_/glibc-2.24/misc/../misc/syslog.c:117
#3 0x8155bcb in stats_vlog /home/karas/gwanyeong/statsrelay/src/log.c:76:2
#4 0x8156070 in stats_error_log /home/karas/gwanyeong/statsrelay/src/log.c:116:3
#5 0x8169d1f in parse_config /home/karas/gwanyeong/statsrelay/src/yaml_config.c:134:6
#6 0x816c15c in load_config /home/karas/gwanyeong/statsrelay/src/main.c:59:23
#7 0x816b6e0 in main /home/karas/gwanyeong/statsrelay/src/main.c:140:8
#8 0xb7507275 in __libc_start_main /build/glibc-4TWal_/glibc-2.24/csu/../csu/libc-start.c:291
#9 0x8060667 in _start (/home/karas/gwanyeong/statsrelay/src/statsrelay+0x8060667)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /build/glibc-4TWal_/glibc-2.24/stdio-common/vfprintf.c:1636 in _IO_vfprintf
==19700==ABORTING
-----------
gdb log
-----------
Program received signal SIGABRT, Aborted.
0xb7fd9cf9 in __kernel_vsyscall ()
(gdb) bt
#0 0xb7fd9cf9 in __kernel_vsyscall ()
#1 0xb7866050 in __libc_signal_restore_set (set=0xbfffe2f0)
at ../sysdeps/unix/sysv/linux/nptl-signals.h:79
#2 __GI_raise (sig=6) at ../sysdeps/unix/sysv/linux/raise.c:55
#3 0xb7867577 in __GI_abort () at abort.c:89
#4 0xb78a1f4f in __libc_message (do_abort=<optimized out>,
fmt=<optimized out>) at ../sysdeps/posix/libc_fatal.c:175
#5 0xb78a1f8c in __GI___libc_fatal (
message=0xb799d684 "*** %n in writable segment detected ***\n")
at ../sysdeps/posix/libc_fatal.c:185
#6 0xb787eb55 in _IO_vfprintf_internal (s=<optimized out>,
format=<optimized out>, ap=0xbfffec0c "(") at vfprintf.c:1636
#7 0xb7931f65 in ___vfprintf_chk (fp=0xb6003840, flag=1,
format=0xb6203ec0 "unexpectedly got map value: \"carbon:%nd\"",
ap=0xbfffec0c "(") at vfprintf_chk.c:33
#8 0xb791ed7d in __GI___vsyslog_chk (pri=<optimized out>,
flag=<optimized out>, fmt=<optimized out>, ap=<optimized out>)
at ../misc/syslog.c:222
#9 0xb791f189 in __syslog_chk (pri=6, flag=1,
fmt=0xb6203ec0 "unexpectedly got map value: \"carbon:%nd\"")
at ../misc/syslog.c:129
#10 0x0804be82 in syslog (__fmt=<optimized out>, __pri=6)
at /usr/include/i386-linux-gnu/bits/syslog.h:31
---Type <return> to continue, or q <return> to quit---
#11 stats_vlog (prefix=0x8057b20 "ERROR: ",
format=0x805b2c0 "unexpectedly got map value: \"%s\"",
ap=0xbfffec64 "\220\006\300\265c") at log.c:76
#12 0x0804c008 in stats_error_log (
format=0x805b2c0 "unexpectedly got map value: \"%s\"") at log.c:116
#13 0x08057724 in parse_config (input=<optimized out>) at yaml_config.c:134
#14 0x08049c69 in load_config (filename=<optimized out>) at main.c:59
#15 main (argc=<optimized out>, argv=<optimized out>) at main.c:140
Hi.
I found a Null pointer dereference testcase.
Please confirm.
Thanks.
Version : statsrelay 1.6.8 OS: Ubuntu 16.04.2 32bit Command: ./statsrelay -c $FILE PoC: PoC