[Bug 15649] New: [busybox 1.36.1] global-buffer-overflow in od
bugzilla at busybox.net
bugzilla at busybox.net
Wed Jun 21 14:26:43 UTC 2023
https://bugs.busybox.net/show_bug.cgi?id=15649
Bug ID: 15649
Summary: [busybox 1.36.1] global-buffer-overflow in od
Product: Busybox
Version: unspecified
Hardware: All
OS: Linux
Status: NEW
Severity: normal
Priority: P5
Component: Other
Assignee: unassigned at busybox.net
Reporter: f.busse at imperial.ac.uk
CC: busybox-cvs at busybox.net
Target Milestone: ---
Passing "-An" as argument results in an out-of-bound access in od:
$ /tmp/root/busybox-1.36.1/bin/busybox od -An
coreutils/od_bloaty.c:1236:45: runtime error: index 3 out of bounds for type
'char [3]'
coreutils/od_bloaty.c:1236:45: runtime error: load of address 0x55e512d67703
with insufficient space for an object of type 'const char'
0x55e512d67703: note: pointer points here
00 75 6f 78 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00
^
=================================================================
==457==ERROR: AddressSanitizer: global-buffer-overflow on address
0x55e512d67703 at pc 0x55e512cfd867 bp 0x7ffc45c79130 sp 0x7ffc45c79120
READ of size 1 at 0x55e512d67703 thread T0
#0 0x55e512cfd866 in od_main coreutils/od_bloaty.c:1236
0x55e512d67703 is located 61 bytes to the left of global variable 'doxn'
defined in 'coreutils/od_bloaty.c:1221:21' (0x55e512d67740) of size 5
'doxn' is ascii string 'doxn'
0x55e512d67703 is located 0 bytes to the right of global variable
'doxn_address_base_char' defined in 'coreutils/od_bloaty.c:1222:21'
(0x55e512d67700) of size 3
SUMMARY: AddressSanitizer: global-buffer-overflow coreutils/od_bloaty.c:1236 in
od_main
Shadow bytes around the buggy address:
0x0abd225a4e90: f9 f9 f9 f9 04 f9 f9 f9 f9 f9 f9 f9 00 00 00 00
0x0abd225a4ea0: 04 f9 f9 f9 f9 f9 f9 f9 00 00 f9 f9 f9 f9 f9 f9
0x0abd225a4eb0: 00 00 f9 f9 f9 f9 f9 f9 05 f9 f9 f9 f9 f9 f9 f9
0x0abd225a4ec0: 04 f9 f9 f9 f9 f9 f9 f9 05 f9 f9 f9 f9 f9 f9 f9
0x0abd225a4ed0: 00 00 00 f9 f9 f9 f9 f9 03 f9 f9 f9 f9 f9 f9 f9
=>0x0abd225a4ee0:[03]f9 f9 f9 f9 f9 f9 f9 05 f9 f9 f9 f9 f9 f9 f9
0x0abd225a4ef0: 00 00 00 00 00 00 00 00 00 00 00 00 00 f9 f9 f9
0x0abd225a4f00: f9 f9 f9 f9 00 00 01 f9 f9 f9 f9 f9 00 01 f9 f9
0x0abd225a4f10: f9 f9 f9 f9 00 01 f9 f9 f9 f9 f9 f9 00 00 01 f9
0x0abd225a4f20: f9 f9 f9 f9 00 00 01 f9 f9 f9 f9 f9 00 00 01 f9
0x0abd225a4f30: f9 f9 f9 f9 00 00 01 f9 f9 f9 f9 f9 02 f9 f9 f9
(found by KLEE)
--
You are receiving this mail because:
You are on the CC list for the bug.
More information about the busybox-cvs
mailing list