Steps to reproduce:
1.Download the .POC files.
2.Compile the source code with ASan.
3.Execute the following command
: ./mdp $FILE
=================================================================
==549==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x604000000148 at pc 0x00000051ae74 bp 0x7ffc68df3100 sp 0x7ffc68df30f8
READ of size 4 at 0x604000000148 thread T0
#0 0x51ae73 in markdown_analyse /home/hkaras/mdp/src/parser.c:578:20
#1 0x5175ba in markdown_load /home/hkaras/mdp/src/parser.c:132:20
#2 0x516472 in main /home/hkaras/mdp/src/main.c:147:16
#3 0x7fdf681c7c04 in __libc_start_main (/lib64/libc.so.6+0x21c04)
#4 0x41b9bb in _start (/home/hkaras/mdp/mdp+0x41b9bb)
0x604000000148 is located 8 bytes to the left of 40-byte region [0x604000000150,0x604000000178)
allocated by thread T0 here:
#0 0x4df70d in realloc /home/hwuser/karas/src/llvm/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:79
#1 0x5150eb in cstring_expand /home/hkaras/mdp/src/cstring.c:48:27
SUMMARY: AddressSanitizer: heap-buffer-overflow /home/hkaras/mdp/src/parser.c:578:20 in markdown_analyse
Shadow bytes around the buggy address:
0x0c087fff7fd0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c087fff7fe0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c087fff7ff0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c087fff8000: fa fa 00 00 00 00 07 fa fa fa 00 00 00 00 00 fa
0x0c087fff8010: fa fa 00 00 00 00 00 fa fa fa fd fd fd fd fd fa
=>0x0c087fff8020: fa fa 00 00 00 00 00 fa fa[fa]00 00 00 00 00 fa
0x0c087fff8030: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c087fff8040: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c087fff8050: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c087fff8060: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c087fff8070: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==549==ABORTING
=================
[Acknowledgement]
This work was supported by ICT R&D program of MSIP/IITP. [R7518-16-1001, Innovation hub for high Performance Computing]
Hello.
I found a heap-buffer-overflow bug in mdp.
Please confirm.
Thanks.
Summary: heap-buffer-overflow OS: CentOS 7 64bit Version: git master PoC Download: heap_overflow.zip
Steps to reproduce: 1.Download the .POC files. 2.Compile the source code with ASan. 3.Execute the following command : ./mdp $FILE
================= [Acknowledgement] This work was supported by ICT R&D program of MSIP/IITP. [R7518-16-1001, Innovation hub for high Performance Computing]