[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Bug gprof/30657] New: gprof heap buffer overflow
From: |
mengda2020 at iscas dot ac.cn |
Subject: |
[Bug gprof/30657] New: gprof heap buffer overflow |
Date: |
Thu, 20 Jul 2023 07:14:24 +0000 |
https://sourceware.org/bugzilla/show_bug.cgi?id=30657
Bug ID: 30657
Summary: gprof heap buffer overflow
Product: binutils
Version: 2.39
Status: UNCONFIRMED
Severity: normal
Priority: P2
Component: gprof
Assignee: unassigned at sourceware dot org
Reporter: mengda2020 at iscas dot ac.cn
Target Milestone: ---
Created attachment 14989
--> https://sourceware.org/bugzilla/attachment.cgi?id=14989&action=edit
PoC file
Hello, Binutils developers!
We found a heap buffer overflow bug in gprof: i386.c:43.
Please confirm.
Thanks!
Test Environment
Ubuntu 20.04, 64 bit binutils (version: v2.39)
How to trigger
Compile the program with AddressSanitizer
Run command $ ./gprof -c $PoC
Details
ASAN report
$./gprof -c $PoC
```
=================================================================
==882455==ERROR: AddressSanitizer: heap-buffer-overflow on address
0x6160000005a2 at pc 0x00000050f506 bp 0x7fffb5353310 sp 0x7fffb5353308
READ of size 1 at 0x6160000005a2 thread T0
#0 0x50f505 in i386_iscall /root/Binutils/binutils_aflpp/gprof/i386.c:43:7
#1 0x50ef49 in i386_find_call
/root/Binutils/binutils_aflpp/gprof/i386.c:63:11
#2 0x4eaed6 in find_call
/root/Binutils/binutils_aflpp/gprof/corefile.c:307:7
#3 0x4d4439 in cg_assemble
/root/Binutils/binutils_aflpp/gprof/cg_arcs.c:626:2
#4 0x4fd380 in main /root/Binutils/binutils_aflpp/gprof/gprof.c:591:12
#5 0x7f90cd4b1082 in __libc_start_main
/build/glibc-5hggjy/glibc-2.31/csu/../csu/libc-start.c:308:16
#6 0x41d54d in _start
(/root/Binutils/binutils_aflpp/install/bin/gprof+0x41d54d)
0x6160000005a2 is located 0 bytes to the right of 546-byte region
[0x616000000380,0x6160000005a2)
allocated by thread T0 here:
#0 0x499cfd in __interceptor_malloc
(/root/Binutils/binutils_aflpp/install/bin/gprof+0x499cfd)
#1 0x4ea821 in core_get_text_space
/root/Binutils/binutils_aflpp/gprof/corefile.c:274:21
#2 0x4fca59 in main /root/Binutils/binutils_aflpp/gprof/gprof.c:528:5
#3 0x7f90cd4b1082 in __libc_start_main
/build/glibc-5hggjy/glibc-2.31/csu/../csu/libc-start.c:308:16
SUMMARY: AddressSanitizer: heap-buffer-overflow
/root/Binutils/binutils_aflpp/gprof/i386.c:43:7 in i386_iscall
Shadow bytes around the buggy address:
0x0c2c7fff8060: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c2c7fff8070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c2c7fff8080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c2c7fff8090: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c2c7fff80a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0c2c7fff80b0: 00 00 00 00[02]fa fa fa fa fa fa fa fa fa fa fa
0x0c2c7fff80c0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c2c7fff80d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c2c7fff80e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c2c7fff80f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c2c7fff8100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==882455==ABORTING
```
--
You are receiving this mail because:
You are on the CC list for the bug.
- [Bug gprof/30657] New: gprof heap buffer overflow,
mengda2020 at iscas dot ac.cn <=
- [Bug gprof/30657] gprof heap buffer overflow, mengda2020 at iscas dot ac.cn, 2023/07/20
- [Bug gprof/30657] gprof heap buffer overflow, amodra at gmail dot com, 2023/07/20
- [Bug gprof/30657] gprof heap buffer overflow, mengda2020 at iscas dot ac.cn, 2023/07/24
- [Bug gprof/30657] gprof heap buffer overflow, mengda2020 at iscas dot ac.cn, 2023/07/24
- [Bug gprof/30657] gprof heap buffer overflow, cvs-commit at gcc dot gnu.org, 2023/07/25
- [Bug gprof/30657] gprof heap buffer overflow, amodra at gmail dot com, 2023/07/26