[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Bug: heap-buffer-overflow of function one_one_mapping
|
From: |
address@hidden |
|
Subject: |
Re: Bug: heap-buffer-overflow of function one_one_mapping |
|
Date: |
Sat, 12 Oct 2019 10:40:46 +0800 |
Sorry that I wrongly post the valgrind report for poc1 to the mail for poc5, I will post it again (removing useless lines) for better tracking.
Step 13/19 : RUN valgrind -v /tmp/noasan/infotocap fuzzpoc/infotocap_poc1 || exit 0
---> Running in bce32ed27872
==6== Invalid read of size 1
==6== at 0x4409DC: one_one_mapping (dump_entry.c:1399)
==6== by 0x4409DC: purged_acs (dump_entry.c:1425)
==6== by 0x4409DC: dump_entry (dump_entry.c:1587)
==6== by 0x4045BA: main (tic.c:1039)
==6== Address 0x520c54e is 0 bytes after a block of size 1,742 alloc'd
==6== at 0x4C2DB8F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==6== by 0x4F847F: _nc_wrap_entry (alloc_entry.c:177)
==6== by 0x4BB4F5: _nc_parse_entry (parse_entry.c:601)
==6== by 0x4A892B: _nc_read_entry_source (comp_parse.c:225)
==6== by 0x4037C8: main (tic.c:961)
==6==
infotocap: JE10JPYZY0KHHP5FIR1DBKQT1E66TKOBH3SH7ZYOREACE6FN24I0ZBGMQM2XLEDU3I6H5YUWJE5SDR4DVG3W6WU5I82SHPLZCC6W2HLWKPAM5FJFDWZZJIF6UKF8WW4CXU1Y4G29DRZ1A2ECW9OC8E9YZS7JGCQ0W64123X6QQQIBXL7KQ3DXM0BFY6Q812JEJ3E2FJPGJ9P4TQJ33Z6HKCDV49L4GYY2DIH9614IFMKHNSKEBLC9WVAANHM0EH0J81MAKX3D48DVAX0LR2SMRA5Q8NCN9MAEKXCBIK8GGBCIPJ325R33I5XPCX1R3239A0MHC2E480GFJFRDM2GNJR2B22O6R8DN9X7ZPD8XX9YJLNF083ZZWAVEI7Y4AHBX8TCLMA5KYOCJ4O5ASVERDE0J0KNMVDO437HEU3AWJEO89ZCM512BNMGB9VNDB3J95ZPZ7J409YF7C1ZX7UVQJ9VBZX3KYINC52TI7PV2N1NFUJFJIHVTOMSAWS7219X entry is 1684 bytes long
==6== Invalid read of size 8
==6== at 0x44F5E7: _nc_find_entry (comp_hash.c:70)
==6== by 0x42D90D: nametrans (dump_entry.c:174)
==6== by 0x40556F: put_translate (tic.c:339)
==6== by 0x40556F: main (tic.c:1033)
==6== Address 0x524ac70 is 206,112 bytes inside an unallocated block of size 4,110,480 in arena "client"
==6==
==6== Invalid read of size 1
==6== at 0x4ED9570: __strcmp_sse2_unaligned (strcmp-sse2-unaligned.S:24)
==6== by 0x44CF30: compare_info_names (comp_captab.c:3393)
==6== by 0x44F5ED: _nc_find_entry (comp_hash.c:70)
==6== by 0x42D90D: nametrans (dump_entry.c:174)
==6== by 0x40556F: put_translate (tic.c:339)
==6== by 0x40556F: main (tic.c:1033)
==6== Address 0x0 is not stack'd, malloc'd or (recently) free'd
==6==
==6==
==6== Process terminating with default action of signal 11 (SIGSEGV)
==6== Access not within mapped region at address 0x0
==6== at 0x4ED9570: __strcmp_sse2_unaligned (strcmp-sse2-unaligned.S:24)
==6== by 0x44CF30: compare_info_names (comp_captab.c:3393)
==6== by 0x44F5ED: _nc_find_entry (comp_hash.c:70)
==6== by 0x42D90D: nametrans (dump_entry.c:174)
==6== by 0x40556F: put_translate (tic.c:339)
==6== by 0x40556F: main (tic.c:1033)
==6== If you believe this happened as a result of a stack
==6== overflow in your program's main thread (unlikely but
==6== possible), you can try to increase the size of the
==6== main thread stack using the --main-stacksize= flag.
==6== The main thread stack size used in this run was 8388608.
==6== HEAP SUMMARY:
==6== in use at exit: 51,866 bytes in 35 blocks
==6== total heap usage: 56 allocs, 21 frees, 79,904 bytes allocated
==6==
==6== Searching for pointers to 35 not-freed blocks
==6== Checked 106,600 bytes
==6==
==6== LEAK SUMMARY:
==6== definitely lost: 0 bytes in 0 blocks
==6== indirectly lost: 0 bytes in 0 blocks
==6== possibly lost: 0 bytes in 0 blocks
==6== still reachable: 51,866 bytes in 35 blocks
==6== suppressed: 0 bytes in 0 blocks
==6== Rerun with --leak-check=full to see details of leaked memory
==6==
==6== ERROR SUMMARY: 3 errors from 3 contexts (suppressed: 0 from 0)
==6==
==6== 1 errors in context 1 of 3:
==6== Invalid read of size 1
==6== at 0x4ED9570: __strcmp_sse2_unaligned (strcmp-sse2-unaligned.S:24)
==6== by 0x44CF30: compare_info_names (comp_captab.c:3393)
==6== by 0x44F5ED: _nc_find_entry (comp_hash.c:70)
==6== by 0x42D90D: nametrans (dump_entry.c:174)
==6== by 0x40556F: put_translate (tic.c:339)
==6== by 0x40556F: main (tic.c:1033)
==6== Address 0x0 is not stack'd, malloc'd or (recently) free'd
==6==
==6==
==6== 1 errors in context 2 of 3:
==6== Invalid read of size 8
==6== at 0x44F5E7: _nc_find_entry (comp_hash.c:70)
==6== by 0x42D90D: nametrans (dump_entry.c:174)
==6== by 0x40556F: put_translate (tic.c:339)
==6== by 0x40556F: main (tic.c:1033)
==6== Address 0x524ac70 is 206,112 bytes inside an unallocated block of size 4,110,480 in arena "client"
==6==
==6==
==6== 1 errors in context 3 of 3:
==6== Invalid read of size 1
==6== at 0x4409DC: one_one_mapping (dump_entry.c:1399)
==6== by 0x4409DC: purged_acs (dump_entry.c:1425)
==6== by 0x4409DC: dump_entry (dump_entry.c:1587)
==6== by 0x4045BA: main (tic.c:1039)
==6== Address 0x520c54e is 0 bytes after a block of size 1,742 alloc'd
==6== at 0x4C2DB8F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==6== by 0x4F847F: _nc_wrap_entry (alloc_entry.c:177)
==6== by 0x4BB4F5: _nc_parse_entry (parse_entry.c:601)
==6== by 0x4A892B: _nc_read_entry_source (comp_parse.c:225)
==6== by 0x4037C8: main (tic.c:961)
==6==
==6== ERROR SUMMARY: 3 errors from 3 contexts (suppressed: 0 from 0)
/bin/bash: line 1: 6 Segmentation fault valgrind -v /tmp/noasan/infotocap fuzzpoc/infotocap_poc1