|
From: | 乐泰 |
Subject: | A heap-buffer-overflow in convert_strings |
Date: | Thu, 20 Aug 2020 11:10:42 +0800 (GMT+08:00) |
=================================================================
==10095==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x616000036add at pc 0x00000040278c bp 0x7ffdd40b20d0 sp 0x7ffdd40b20c0
READ of size 1 at 0x616000036add thread T0
#0 0x40278b in convert_strings ../../ncurses/tinfo/read_entry.c:164
#1 0x41523c in _nc_read_termtype ../../ncurses/tinfo/read_entry.c:371
#2 0x41523c in _nc_read_file_entry ../../ncurses/tinfo/read_entry.c:567
#3 0x407914 in typelist ../../progs/toe.c:438
#4 0x404359 in main ../../progs/toe.c:735
#5 0x7fc3756b782f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
#6 0x4056b8 in _start (/home/ubuntu/yuetai/test_programs/ncurses-6.2/asan-ins/bin/bin/toe+0x4056b8)
AddressSanitizer can not describe address in more detail (wild memory access suspected).
SUMMARY: AddressSanitizer: heap-buffer-overflow ../../ncurses/tinfo/read_entry.c:164 convert_strings
Shadow bytes around the buggy address:
0x0c2c7fffed00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c2c7fffed10: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c2c7fffed20: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c2c7fffed30: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c2c7fffed40: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
=>0x0c2c7fffed50: fa fa fa fa fa fa fa fa fa fa fa[fa]fa fa fa fa
0x0c2c7fffed60: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c2c7fffed70: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c2c7fffed80: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c2c7fffed90: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c2c7fffeda0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap right redzone: fb
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
==10095==ABORTING
[Prev in Thread] | Current Thread | [Next in Thread] |