[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Bug: heap-buffer-overflow in function _nc_find_entry
|
From: |
address@hidden |
|
Subject: |
Re: Bug: heap-buffer-overflow in function _nc_find_entry |
|
Date: |
Sat, 12 Oct 2019 10:56:03 +0800 |
Valgrind report for poc6
Step 18/19 : RUN valgrind -v /tmp/noasan/infotocap fuzzpoc/infotocap_poc6 || exit 0
---> Running in 5ab057d5baa3
==7== Invalid read of size 8
==7== at 0x44F5E7: _nc_find_entry (comp_hash.c:70)
==7== by 0x42D90D: nametrans (dump_entry.c:174)
==7== by 0x40556F: put_translate (tic.c:339)
==7== by 0x40556F: main (tic.c:1033)
==7== Address 0x52532f0 is 258,224 bytes inside an unallocated block of size 4,128,160 in arena "client"
==7==
==7== Invalid read of size 1
==7== at 0x4ED9570: __strcmp_sse2_unaligned (strcmp-sse2-unaligned.S:24)
==7== by 0x44CF30: compare_info_names (comp_captab.c:3393)
==7== by 0x44F5ED: _nc_find_entry (comp_hash.c:70)
==7== by 0x42D90D: nametrans (dump_entry.c:174)
==7== by 0x40556F: put_translate (tic.c:339)
==7== by 0x40556F: main (tic.c:1033)
==7== Address 0x0 is not stack'd, malloc'd or (recently) free'd
==7==
==7==
==7== Process terminating with default action of signal 11 (SIGSEGV)
==7== Access not within mapped region at address 0x0
==7== at 0x4ED9570: __strcmp_sse2_unaligned (strcmp-sse2-unaligned.S:24)
==7== by 0x44CF30: compare_info_names (comp_captab.c:3393)
==7== by 0x44F5ED: _nc_find_entry (comp_hash.c:70)
==7== by 0x42D90D: nametrans (dump_entry.c:174)
==7== by 0x40556F: put_translate (tic.c:339)
==7== by 0x40556F: main (tic.c:1033)
==7== If you believe this happened as a result of a stack
==7== overflow in your program's main thread (unlikely but
==7== possible), you can try to increase the size of the
==7== main thread stack using the --main-stacksize= flag.
==7== The main thread stack size used in this run was 8388608.
==7== HEAP SUMMARY:
==7== in use at exit: 39,203 bytes in 25 blocks
==7== total heap usage: 40 allocs, 15 frees, 63,331 bytes allocated
==7==
==7== Searching for pointers to 25 not-freed blocks
==7== Checked 96,584 bytes
==7==
==7== LEAK SUMMARY:
==7== definitely lost: 0 bytes in 0 blocks
==7== indirectly lost: 0 bytes in 0 blocks
==7== possibly lost: 0 bytes in 0 blocks
==7== still reachable: 39,203 bytes in 25 blocks
==7== suppressed: 0 bytes in 0 blocks
==7== Rerun with --leak-check=full to see details of leaked memory
==7==
==7== ERROR SUMMARY: 2 errors from 2 contexts (suppressed: 0 from 0)
==7==
==7== 1 errors in context 1 of 2:
==7== Invalid read of size 1
==7== at 0x4ED9570: __strcmp_sse2_unaligned (strcmp-sse2-unaligned.S:24)
==7== by 0x44CF30: compare_info_names (comp_captab.c:3393)
==7== by 0x44F5ED: _nc_find_entry (comp_hash.c:70)
==7== by 0x42D90D: nametrans (dump_entry.c:174)
==7== by 0x40556F: put_translate (tic.c:339)
==7== by 0x40556F: main (tic.c:1033)
==7== Address 0x0 is not stack'd, malloc'd or (recently) free'd
==7==
==7==
==7== 1 errors in context 2 of 2:
==7== Invalid read of size 8
==7== at 0x44F5E7: _nc_find_entry (comp_hash.c:70)
==7== by 0x42D90D: nametrans (dump_entry.c:174)
==7== by 0x40556F: put_translate (tic.c:339)
==7== by 0x40556F: main (tic.c:1033)
==7== Address 0x52532f0 is 258,224 bytes inside an unallocated block of size 4,128,160 in arena "client"
==7==
==7== ERROR SUMMARY: 2 errors from 2 contexts (suppressed: 0 from 0)
/bin/bash: line 1: 7 Segmentation fault valgrind -v /tmp/noasan/infotocap fuzzpoc/infotocap_poc6