[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: gsasl buffer overrun
|
From: |
Simon Josefsson |
|
Subject: |
Re: gsasl buffer overrun |
|
Date: |
Sat, 03 Jan 2015 21:02:32 +0100 |
|
User-agent: |
Gnus/5.130012 (Ma Gnus v0.12) Emacs/24.4 (gnu/linux) |
Thanks for the report. Is there any way I can reproduce this? How did
you build and test GSASL with AddressSanitizer?
/Simon
"Joshua Rogers <Internot Bug Report>" <address@hidden> writes:
> Hi,
>
> I'm trying to compile gsasl with AddressSanitizer, but during the
> 'check-TESTS' sequence in `make', a buffer overrun is found..
>
> Here's the output:
>
>> =================================================================
>> ==22281==ERROR: AddressSanitizer: global-buffer-overflow on address
>> 0x000000415980 at pc 0x40f709 bp 0x7fffbca6af00 sp 0x7fffbca6aef8
>> READ of size 9 at 0x000000415980 thread T0
>> #0 0x40f708 in digest_md5_getsubopt
>> /root/srcs/libgsasl7/gsasl-1.6.1/lib/digest-md5/getsubopt.c:73
>> #1 0x407eb5 in parse_challenge
>> /root/srcs/libgsasl7/gsasl-1.6.1/lib/digest-md5/parser.c:125
>> #2 0x407eb5 in digest_md5_parse_challenge
>> /root/srcs/libgsasl7/gsasl-1.6.1/lib/digest-md5/parser.c:582
>> #3 0x401efe in main
>> /root/srcs/libgsasl7/gsasl-1.6.1/lib/digest-md5/test-parser.c:48
>> #4 0x2ae5c2c4276c in __libc_start_main
>> (/lib/x86_64-linux-gnu/libc.so.6+0x2176c)
>> #5 0x402ad0
>> (/root/srcs/libgsasl7/gsasl-1.6.1/lib/digest-md5/test-parser+0x402ad0)
>>
>> 0x000000415986 is located 0 bytes to the right of global variable
>> '*.LC17' from 'parser.c' (0x415980) of size 6
>> '*.LC17' is ascii string 'realm'
>> SUMMARY: AddressSanitizer: global-buffer-overflow
>> /root/srcs/libgsasl7/gsasl-1.6.1/lib/digest-md5/getsubopt.c:73
>> digest_md5_getsubopt
>> Shadow bytes around the buggy address:
>> 0x00008007aae0: 05 f9 f9 f9 f9 f9 f9 f9 00 01 f9 f9 f9 f9 f9 f9
>> 0x00008007aaf0: 00 02 f9 f9 f9 f9 f9 f9 05 f9 f9 f9 f9 f9 f9 f9
>> 0x00008007ab00: 07 f9 f9 f9 f9 f9 f9 f9 07 f9 f9 f9 f9 f9 f9 f9
>> 0x00008007ab10: 00 f9 f9 f9 f9 f9 f9 f9 00 00 00 00 00 00 00 00
>> 0x00008007ab20: 00 f9 f9 f9 f9 f9 f9 f9 00 01 f9 f9 f9 f9 f9 f9
>> =>0x00008007ab30:[06]f9 f9 f9 f9 f9 f9 f9 06 f9 f9 f9 f9 f9 f9 f9
>> 0x00008007ab40: 07 f9 f9 f9 f9 f9 f9 f9 03 f9 f9 f9 f9 f9 f9 f9
>> 0x00008007ab50: 04 f9 f9 f9 f9 f9 f9 f9 00 03 f9 f9 f9 f9 f9 f9
>> 0x00008007ab60: 00 01 f9 f9 f9 f9 f9 f9 07 f9 f9 f9 f9 f9 f9 f9
>> 0x00008007ab70: 00 f9 f9 f9 f9 f9 f9 f9 07 f9 f9 f9 f9 f9 f9 f9
>> 0x00008007ab80: 00 f9 f9 f9 f9 f9 f9 f9 04 f9 f9 f9 f9 f9 f9 f9
>> Shadow byte legend (one shadow byte represents 8 application bytes):
>> Addressable: 00
>> Partially addressable: 01 02 03 04 05 06 07
>> Heap left redzone: fa
>> Heap right redzone: fb
>> Freed heap region: fd
>> Stack left redzone: f1
>> Stack mid redzone: f2
>> Stack right redzone: f3
>> Stack partial redzone: f4
>> Stack after return: f5
>> Stack use after scope: f8
>> Global redzone: f9
>> Global init order: f6
>> Poisoned by user: f7
>> Contiguous container OOB:fc
>> ASan internal: fe
>> ==22281==ABORTING
>
>
>
> Thanks,
signature.asc
Description: PGP signature
- Re: gsasl buffer overrun,
Simon Josefsson <=