[Nasm-bugs] [Bug 3392521] New: There is a heap-buffer-overflow on address 0x602000006d91 in nasm2.14rc15.
noreply-nasm at gorcunov.org
noreply-nasm at gorcunov.org
Sun Oct 28 05:35:44 PDT 2018
https://bugzilla.nasm.us/show_bug.cgi?id=3392521
Bug ID: 3392521
Summary: There is a heap-buffer-overflow on address
0x602000006d91 in nasm2.14rc15.
Product: NASM
Version: 2.14 (development)
Hardware: All
OS: All
Status: OPEN
Severity: critical
Priority: Medium
Component: Assembler
Assignee: nobody at nasm.us
Reporter: ganshuitao at gmail.com
CC: gorcunov at gmail.com, hpa at zytor.com, nasm-bugs at nasm.us
Obtained from: Build from source archive using configure
Created attachment 411683
--> https://bugzilla.nasm.us/attachment.cgi?id=411683&action=edit
Trigger by"./nasm -f bin POC1 -o xxx"
version:nasm2.14rc15
Summary:
There is a heap-buffer-overflow on address 0x602000006d91 in nasm2.14rc15.
Description:
The asan debug is as follows:
$./nasm -f bin POC1 -o xxx
=================================================================
==63902==ERROR: AddressSanitizer: heap-buffer-overflow on address
0x602000006d91 at pc 0x50b10d bp 0x7ffcc3b1b790 sp 0x7ffcc3b1b788
READ of size 1 at 0x602000006d91 thread T0
==63902==WARNING: Trying to symbolize code, but external symbolizer is not
initialized!
#0 0x50b10c
(/home/company/real_sanitize/poc_check/nasm/nasm_sanitize_addr+0x50b10c)
#1 0x4d1db1
(/home/company/real_sanitize/poc_check/nasm/nasm_sanitize_addr+0x4d1db1)
#2 0x480a5c
(/home/company/real_sanitize/poc_check/nasm/nasm_sanitize_addr+0x480a5c)
#3 0x7f779444ea3f (/lib/x86_64-linux-gnu/libc.so.6+0x20a3f)
#4 0x47ba48
(/home/company/real_sanitize/poc_check/nasm/nasm_sanitize_addr+0x47ba48)
0x602000006d91 is located 0 bytes to the right of 1-byte region
[0x602000006d90,0x602000006d91)
allocated by thread T0 here:
#0 0x465959
(/home/company/real_sanitize/poc_check/nasm/nasm_sanitize_addr+0x465959)
#1 0x488d25
(/home/company/real_sanitize/poc_check/nasm/nasm_sanitize_addr+0x488d25)
#2 0x480a5c
(/home/company/real_sanitize/poc_check/nasm/nasm_sanitize_addr+0x480a5c)
#3 0x7f779444ea3f (/lib/x86_64-linux-gnu/libc.so.6+0x20a3f)
SUMMARY: AddressSanitizer: heap-buffer-overflow ??:0 ??
Shadow bytes around the buggy address:
0x0c047fff8d60: fa fa fd fa fa fa fd fa fa fa fd fa fa fa fd fa
0x0c047fff8d70: fa fa fd fa fa fa fd fa fa fa fd fa fa fa fd fa
0x0c047fff8d80: fa fa fd fa fa fa fd fa fa fa fd fa fa fa fd fa
0x0c047fff8d90: fa fa fd fa fa fa fd fa fa fa fd fa fa fa fd fa
0x0c047fff8da0: fa fa 02 fa fa fa 02 fa fa fa 00 fa fa fa 00 fa
=>0x0c047fff8db0: fa fa[01]fa fa fa 04 fa fa fa fd fd fa fa 02 fa
0x0c047fff8dc0: fa fa fd fa fa fa fd fa fa fa 06 fa fa fa 06 fa
0x0c047fff8dd0: fa fa 02 fa fa fa fd fa fa fa fd fa fa fa fd fa
0x0c047fff8de0: fa fa fd fa fa fa fd fa fa fa fd fa fa fa fd fa
0x0c047fff8df0: fa fa 00 fa fa fa 00 fa fa fa 06 fa fa fa 00 fa
0x0c047fff8e00: fa fa 00 fa fa fa 00 fa fa fa 06 fa fa fa 02 fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap right redzone: fb
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
ASan internal: fe
==63902==ABORTING
--
You are receiving this mail because:
You are watching all bug changes.
You are on the CC list for the bug.
More information about the Nasm-bugs
mailing list