[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#50611: one-byte (write) heap-buffer-underrun
|
From: |
Jim Meyering |
|
Subject: |
bug#50611: one-byte (write) heap-buffer-underrun |
|
Date: |
Wed, 15 Sep 2021 17:29:00 -0700 |
Thanks for all your recent changes! I built+tested with ASAN on Fedora 34:
Configure and build as usual, then "make clean" and do this:
> san='-fsanitize-address-use-after-scope -fsanitize=address -static-libasan';
> ASAN_OPTIONS=detect_leaks=0 , CFLAGS='-O -ggdb3' AM_CFLAGS="$san"
> AM_LDFLAGS="$san" check
(but that first -f option may be obsolete, because it seems to provoke
spurious failure of the stdbuf test and help-version tests)
That exposed this (and similar in an md5sum tests):
md5sum: test ck-strict-1: stderr mismatch, comparing ck-strict-1.2
(expected) and ck-strict-1.E (actual)
*** ck-strict-1.2 Wed Sep 15 17:16:39 2021
--- ck-strict-1.E Wed Sep 15 17:16:39 2021
***************
*** 1 ****
! md5sum: WARNING: 1 line is improperly formatted
--- 1,47 ----
! =================================================================
! ==1752792==ERROR: AddressSanitizer: heap-buffer-overflow on address
0x60c00000003f at pc 0x0000004d7387 bp 0x7fff29bac390 sp
0x7fff29bac388
! READ of size 1 at 0x60c00000003f thread T0
! #0 0x4d7386 in digest_check src/digest.c:1076
! #1 0x4d7386 in main src/digest.c:1492
! #2 0x7ff1f089db74 in __libc_start_main (/lib64/libc.so.6+0x27b74)
! #3 0x40754d in _start (/home/j/w/co/cu/src/md5sum+0x40754d)
!
! 0x60c00000003f is located 1 bytes to the left of 120-byte region
[0x60c000000040,0x60c0000000b8)
! allocated by thread T0 here:
! #0 0x492417 in __interceptor_malloc
/home/j/w/co/gcc/libsanitizer/asan/asan_malloc_linux.cpp:129
! #1 0x7ff1f08ec903 in _IO_getdelim (/lib64/libc.so.6+0x76903)
! #2 0x49208f (/home/j/w/co/cu/src/md5sum+0x49208f)
!
! SUMMARY: AddressSanitizer: heap-buffer-overflow src/digest.c:1076 in
digest_check
! Shadow bytes around the buggy address:
! 0x0c187fff7fb0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
! 0x0c187fff7fc0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
! 0x0c187fff7fd0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
! 0x0c187fff7fe0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
! 0x0c187fff7ff0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
! =>0x0c187fff8000: fa fa fa fa fa fa fa[fa]00 00 00 00 00 00 00 00
! 0x0c187fff8010: 00 00 00 00 00 00 00 fa fa fa fa fa fa fa fa fa
! 0x0c187fff8020: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
! 0x0c187fff8030: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
! 0x0c187fff8040: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
! 0x0c187fff8050: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
! Shadow byte legend (one shadow byte represents 8 application bytes):
! Addressable: 00
! Partially addressable: 01 02 03 04 05 06 07
! Heap left redzone: fa
! Freed heap region: fd
! Stack left redzone: f1
! Stack mid redzone: f2
! Stack right redzone: f3
! Stack after return: f5
! Stack use after scope: f8
! Global redzone: f9
! Global init order: f6
! Poisoned by user: f7
! Container overflow: fc
! Array cookie: ac
! Intra object redzone: bb
! ASan internal: fe
! Left alloca redzone: ca
! Right alloca redzone: cb
! ==1752792==ABORTING
- bug#50611: one-byte (write) heap-buffer-underrun,
Jim Meyering <=