Re: nucobol-3.1-rc1 and Asan findings

bug-gnucobol

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: nucobol-3.1-rc1 and Asan findings

From:	Jeffrey Walton
Subject:	Re: nucobol-3.1-rc1 and Asan findings
Date:	Tue, 14 Jul 2020 06:10:57 -0400

On Mon, Jul 13, 2020 at 7:57 PM Jeffrey Walton <noloader@gmail.com> wrote:
>
> Hi Everyone,
>
> Here's the result of a 'make check' when using '-fsanitize=address'.
> It looks like there are a few new failures.
>
> This is a good result. I usually see a lot more Asan findings. The 577
> test result looks important. It is a use-after-free.

And the 766 test is also a heap-based buffer overflow.

$ cat gnucobol-3.1-rc1/tests/testsuite.dir/0766/testsuite.log
#                             -*- compilation -*-
766. run_file.at:7719: testing INDEXED File READ/DELETE/READ ...
./run_file.at:8396: $COBC -x -std=mf -w prog.cob
./run_file.at:8398: $COBCRUN_DIRECT ./prog
--- /dev/null    2020-07-10 09:37:43.139999945 -0400
+++ 
/home/jwalton/Build-Scripts/gnucobol-3.1-rc1/tests/testsuite.dir/at-groups/766/stderr
   2020-07-14 06:03:52.370640624 -0400
@@ -0,0 +1,47 @@
+=================================================================
+==1355==ERROR: AddressSanitizer: heap-buffer-overflow on address
0x60200000254c at pc 0x7f29cf524733 bp 0x7ffee9768ba0 sp
0x7ffee9768348
+READ of size 8 at 0x60200000254c thread T0
+    #0 0x7f29cf524732  (/usr/lib/x86_64-linux-gnu/libasan.so.4+0x79732)
+    #1 0x7f29cf2050b3 in bdb_savekey
/home/jwalton/Build-Scripts/gnucobol-3.1-rc1/libcob/fileio.c:750
+    #2 0x7f29cf2050b3 in indexed_delete_internal
/home/jwalton/Build-Scripts/gnucobol-3.1-rc1/libcob/fileio.c:3074
+    #3 0x7f29cf214c00 in cob_delete
/home/jwalton/Build-Scripts/gnucobol-3.1-rc1/libcob/fileio.c:5569
+    #4 0x563c412508ca in prog_ /home/jwalton/tmp/cob1324_0.c:457
+    #5 0x563c4124df70 in prog /home/jwalton/tmp/cob1324_0.c:46
+    #6 0x563c4124df54 in main /home/jwalton/tmp/cob1324_0.c:34
+    #7 0x7f29cedcab96 in __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x21b96)
+    #8 0x563c4124de49 in _start
(/home/jwalton/Build-Scripts/gnucobol-3.1-rc1/tests/testsuite.dir/0766/prog+0x7e49)
+
+Address 0x60200000254c is a wild pointer.
+SUMMARY: AddressSanitizer: heap-buffer-overflow
(/usr/lib/x86_64-linux-gnu/libasan.so.4+0x79732)
+Shadow bytes around the buggy address:
+  0x0c047fff8450: fa fa 00 02 fa fa fd fd fa fa fd fd fa fa fd fd
+  0x0c047fff8460: fa fa 00 01 fa fa 00 00 fa fa 00 01 fa fa 00 04
+  0x0c047fff8470: fa fa 00 04 fa fa fd fd fa fa 00 02 fa fa 00 00
+  0x0c047fff8480: fa fa 00 00 fa fa 00 fa fa fa 00 fa fa fa 00 fa
+  0x0c047fff8490: fa fa 00 02 fa fa 00 04 fa fa fa fa fa fa fa fa
+=>0x0c047fff84a0: fa fa fa fa fa fa fa fa fa[fa]fa fa fa fa fa fa
+  0x0c047fff84b0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
+  0x0c047fff84c0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
+  0x0c047fff84d0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
+  0x0c047fff84e0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
+  0x0c047fff84f0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
+Shadow byte legend (one shadow byte represents 8 application bytes):
+  Addressable:           00
+  Partially addressable: 01 02 03 04 05 06 07
+  Heap left redzone:       fa
+  Freed heap region:       fd
+  Stack left redzone:      f1
+  Stack mid redzone:       f2
+  Stack right redzone:     f3
+  Stack after return:      f5
+  Stack use after scope:   f8
+  Global redzone:          f9
+  Global init order:       f6
+  Poisoned by user:        f7
+  Container overflow:      fc
+  Array cookie:            ac
+  Intra object redzone:    bb
+  ASan internal:           fe
+  Left alloca redzone:     ca
+  Right alloca redzone:    cb
+==1355==ABORTING
--- -    2020-07-14 06:03:52.375329557 -0400
+++ 
/home/jwalton/Build-Scripts/gnucobol-3.1-rc1/tests/testsuite.dir/at-groups/766/stdout
   2020-07-14 06:03:52.370640624 -0400
@@ -37,77 +37,4 @@
 Ph=8787458374 Key: OLD00000 is OLD TYME PIZZA MFG. CO.  .
 Hit End of File
 Test Read/Delete
- Delete: INC00000 random
- Delete: ALP00000 random
-   Read: BET00000 4169898509
- Delete: PRE00000 random
-Expected 10 after delete PRE00000
-Initial: BET00000 4169898509
-Initial: DEL00000 4169898509
-Initial: MOR00000 4169898509
-Initial: EPS00000 5292398745
-  Start: BET00000 4169898509
-   Next: DEL00000 4169898509
- Delete: DEL00000 sequential
-   Next: MOR00000 4169898509
-   Next: EPS00000 5292398745
- Delete: EPS00000 sequential
-List sample data file by Phone
-Ph=4169898509 Key: BET00000 is BETA SHOE MFG. INC.      .
-Ph=4169898509 Key: MOR00000 is MORNINGSIDE CARPENTRY.   .
-Ph=6456445643 Key: GIB00000 is GIBRALTER LIFE INSURANCE .
-Ph=6456445643 Key: JOH00000 is JOHNSON BOATING SUPPLIES .
-Ph=6546456333 Key: H&J00000 is H & J PLUMBING SUPPLIES  .
-Ph=6554456433 Key: LEW00000 is LEWISTON GRAPHICS LTD.   .
-Ph=7456434355 Key: KON00000 is KONFLAB PLASTIC PRODUCTS..
-Ph=7534587453 Key: NEW00000 is NEW WAVE SURF SHOPS INC. .
-Ph=8009329492 Key: FOR00000 is FORTUNE COOKIE COMPANY   .
-Ph=8372487274 Key: GAM00000 is GAMMA X-RAY TECHNOLOGY   .
-Ph=8787458374 Key: OLD00000 is OLD TYME PIZZA MFG. CO.  .
-Hit End of File
-List sample data file by Phone
-Ph=3131234432 Key: ALP00000 is ALPHA ELECTRICAL CO. LTD..
-Ph=3455445444 Key: INC00000 is INCREMENTAL BACKUP CORP. .
-Ph=4169898509 Key: BET00000 is BETA SHOE MFG. INC.      .
-Ph=4169898509 Key: DEL00000 is DELTA LUGGAGE REPAIRS    .
-Ph=4169898509 Key: MOR00000 is MORNINGSIDE CARPENTRY.   .
-Ph=4169898509 Key: PRE00000 is PRESTIGE OFFICE FURNITURE.
-Ph=5292398745 Key: EPS00000 is EPSILON EQUIPMENT SUPPLY .
-Ph=6456445643 Key: GIB00000 is GIBRALTER LIFE INSURANCE .
-Ph=6456445643 Key: JOH00000 is JOHNSON BOATING SUPPLIES .
-Ph=6546456333 Key: H&J00000 is H & J PLUMBING SUPPLIES  .
-Ph=6554456433 Key: LEW00000 is LEWISTON GRAPHICS LTD.   .
-Ph=7456434355 Key: KON00000 is KONFLAB PLASTIC PRODUCTS..
-Ph=7534587453 Key: NEW00000 is NEW WAVE SURF SHOPS INC. .
-Ph=8009329492 Key: FOR00000 is FORTUNE COOKIE COMPANY   .
-Ph=8372487274 Key: GAM00000 is GAMMA X-RAY TECHNOLOGY   .
-Ph=8787458374 Key: OLD00000 is OLD TYME PIZZA MFG. CO.  .
-Hit End of File
-Read Prev/Delete
-00000001 Initial: PRE00000 4169898509
-00000002 Initial: MOR00000 4169898509
-00000003 Initial: DEL00000 4169898509
-00000004 Initial: BET00000 4169898509
-  Start: PRE00000 4169898509
-   Prev: MOR00000 4169898509
- Delete: MOR00000 sequential
-   Prev: DEL00000 4169898509
-   Prev: BET00000 4169898509
- Delete: BET00000 sequential
-List sample data file by Phone
-Ph=3131234432 Key: ALP00000 is ALPHA ELECTRICAL CO. LTD..
-Ph=3455445444 Key: INC00000 is INCREMENTAL BACKUP CORP. .
-Ph=4169898509 Key: DEL00000 is DELTA LUGGAGE REPAIRS    .
-Ph=4169898509 Key: PRE00000 is PRESTIGE OFFICE FURNITURE.
-Ph=5292398745 Key: EPS00000 is EPSILON EQUIPMENT SUPPLY .
-Ph=6456445643 Key: GIB00000 is GIBRALTER LIFE INSURANCE .
-Ph=6456445643 Key: JOH00000 is JOHNSON BOATING SUPPLIES .
-Ph=6546456333 Key: H&J00000 is H & J PLUMBING SUPPLIES  .
-Ph=6554456433 Key: LEW00000 is LEWISTON GRAPHICS LTD.   .
-Ph=7456434355 Key: KON00000 is KONFLAB PLASTIC PRODUCTS..
-Ph=7534587453 Key: NEW00000 is NEW WAVE SURF SHOPS INC. .
-Ph=8009329492 Key: FOR00000 is FORTUNE COOKIE COMPANY   .
-Ph=8372487274 Key: GAM00000 is GAMMA X-RAY TECHNOLOGY   .
-Ph=8787458374 Key: OLD00000 is OLD TYME PIZZA MFG. CO.  .
-Hit End of File

./run_file.at:8398: exit code was 1, expected 0
766. run_file.at:7719: 766. INDEXED File READ/DELETE/READ
(run_file.at:7719): FAILED (run_file.at:8398)

[Prev in Thread]

Current Thread

[Next in Thread]

nucobol-3.1-rc1 and Asan findings, Jeffrey Walton, 2020/07/13
- Re: nucobol-3.1-rc1 and Asan findings, Jeffrey Walton, 2020/07/14
- Re: nucobol-3.1-rc1 and Asan findings, Jeffrey Walton, 2020/07/14
- Re: nucobol-3.1-rc1 and Asan findings, Jeffrey Walton <=

Prev by Date: Re: nucobol-3.1-rc1 and Asan findings
Next by Date: Re: gnucobol-3.1-rc1 and -U_FORTIFY_SOURCE
Previous by thread: Re: nucobol-3.1-rc1 and Asan findings
Next by thread: MAX_PATH (or PATH_MAX) assumed to be ~255
Index(es):
- Date
- Thread