[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Bug: global-buffer-overflow in function _nc_find_entry
|
From: |
address@hidden |
|
Subject: |
Re: Bug: global-buffer-overflow in function _nc_find_entry |
|
Date: |
Sat, 12 Oct 2019 10:47:56 +0800 |
Valgrind report for poc2
Step 14/19 : RUN valgrind -v /tmp/noasan/infotocap fuzzpoc/infotocap_poc2 || exit 0
---> Running in 77ad5347996a
==7== Invalid read of size 8
==7== at 0x44F5E7: _nc_find_entry (comp_hash.c:70)
==7== by 0x42D90D: nametrans (dump_entry.c:174)
==7== by 0x40556F: put_translate (tic.c:339)
==7== by 0x40556F: main (tic.c:1033)
==7== Address 0x52521e0 is 282,800 bytes inside an unallocated block of size 4,157,104 in arena "client"
==7==
--7-- REDIR: 0x4ec3cd0 (libc.so.6:strcmp) redirected to 0x4a286f0 (_vgnU_ifunc_wrapper)
--7-- REDIR: 0x4ed9570 (libc.so.6:__strcmp_sse2_unaligned) redirected to 0x4c31f90 (strcmp)
==7== Invalid read of size 1
==7== at 0x4ED9570: __strcmp_sse2_unaligned (strcmp-sse2-unaligned.S:24)
==7== by 0x44CF30: compare_info_names (comp_captab.c:3393)
==7== by 0x44F5ED: _nc_find_entry (comp_hash.c:70)
==7== by 0x42D90D: nametrans (dump_entry.c:174)
==7== by 0x40556F: put_translate (tic.c:339)
==7== by 0x40556F: main (tic.c:1033)
==7== Address 0x0 is not stack'd, malloc'd or (recently) free'd
==7==
==7==
==7== Process terminating with default action of signal 11 (SIGSEGV)
==7== Access not within mapped region at address 0x0
==7== at 0x4ED9570: __strcmp_sse2_unaligned (strcmp-sse2-unaligned.S:24)
==7== by 0x44CF30: compare_info_names (comp_captab.c:3393)
==7== by 0x44F5ED: _nc_find_entry (comp_hash.c:70)
==7== by 0x42D90D: nametrans (dump_entry.c:174)
==7== by 0x40556F: put_translate (tic.c:339)
==7== by 0x40556F: main (tic.c:1033)
==7== If you believe this happened as a result of a stack
==7== overflow in your program's main thread (unlikely but
==7== possible), you can try to increase the size of the
==7== main thread stack using the --main-stacksize= flag.
==7== The main thread stack size used in this run was 8388608.
#S�5Q@1Q5Q
PM;DQ5==7==
==7== HEAP SUMMARY:
==7== in use at exit: 22,498 bytes in 14 blocks
==7== total heap usage: 21 allocs, 7 frees, 35,661 bytes allocated
==7==
==7== Searching for pointers to 14 not-freed blocks
==7== Checked 75,680 bytes
==7==
==7== LEAK SUMMARY:
==7== definitely lost: 0 bytes in 0 blocks
==7== indirectly lost: 0 bytes in 0 blocks
==7== possibly lost: 0 bytes in 0 blocks
==7== still reachable: 22,498 bytes in 14 blocks
==7== suppressed: 0 bytes in 0 blocks
==7== Rerun with --leak-check=full to see details of leaked memory
==7==
==7== ERROR SUMMARY: 2 errors from 2 contexts (suppressed: 0 from 0)
==7==
==7== 1 errors in context 1 of 2:
==7== Invalid read of size 1
==7== at 0x4ED9570: __strcmp_sse2_unaligned (strcmp-sse2-unaligned.S:24)
==7== by 0x44CF30: compare_info_names (comp_captab.c:3393)
==7== by 0x44F5ED: _nc_find_entry (comp_hash.c:70)
==7== by 0x42D90D: nametrans (dump_entry.c:174)
==7== by 0x40556F: put_translate (tic.c:339)
==7== by 0x40556F: main (tic.c:1033)
==7== Address 0x0 is not stack'd, malloc'd or (recently) free'd
==7==
==7==
==7== 1 errors in context 2 of 2:
==7== Invalid read of size 8
==7== at 0x44F5E7: _nc_find_entry (comp_hash.c:70)
==7== by 0x42D90D: nametrans (dump_entry.c:174)
==7== by 0x40556F: put_translate (tic.c:339)
==7== by 0x40556F: main (tic.c:1033)
==7== Address 0x52521e0 is 282,800 bytes inside an unallocated block of size 4,157,104 in arena "client"
==7==
==7== ERROR SUMMARY: 2 errors from 2 contexts (suppressed: 0 from 0)
/bin/bash: line 1: 7 Segmentation fault valgrind -v /tmp/noasan/infotocap fuzzpoc/infotocap_poc2