tech-userlevel archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: fuzzing found regcomp bug



In article <CAJgzZoo=M-_wgmeXdjTDW+EEP=Ni0k6RKmFi1MDziqdyxXv+9g%mail.gmail.com@localhost>,
enh  <enh%google.com@localhost> wrote:
>this doesn't seem to have made it to the list?
>
>On Fri, Sep 4, 2015 at 10:47 AM, enh <enh%google.com@localhost> wrote:
>> ==14961==ERROR: AddressSanitizer: heap-buffer-overflow on address
>> 0x61400000fdee at pc 0x0000004f9cba bp 0x7ffefa993d70 sp
>> 0x7ffefa993d68
>> READ of size 1 at 0x61400000fdee thread T0
>>     #0 0x4f9cb9 in ordinary
>> bionic/libc/upstream-netbsd/lib/libc/regex/regcomp.c:1087:7
>>     #1 0x4e47dc in p_simp_re
>> bionic/libc/upstream-netbsd/lib/libc/regex/regcomp.c:696:3
>>     #2 0x4e47dc in p_bre
>> bionic/libc/upstream-netbsd/lib/libc/regex/regcomp.c:596
>>     #3 0x4d2d9c in my_regcomp
>> bionic/libc/upstream-netbsd/lib/libc/regex/regcomp.c:311:3
>>     #4 0x4d230d in LLVMFuzzerTestOneInput (a.out+0x4d230d)
>>
>> 0x61400000fdee is located 42 bytes to the right of 388-byte region
>> [0x61400000fc40,0x61400000fdc4)
>> allocated by thread T0 here:
>>     #0 0x4a873b in malloc
>>
>/usr/local/google/home/kcc/llvm/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:40:3
>>     #1 0x4d27d5 in my_regcomp
>> bionic/libc/upstream-netbsd/lib/libc/regex/regcomp.c:270:13
>>     #2 0x4d230d in LLVMFuzzerTestOneInput (a.out+0x4d230d)

Got it, thanks!

christos



Home | Main Index | Thread Index | Old Index