Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

AddressSanitizer: dynamic-stack-buffer-overflow #7

Open
tankf33der opened this issue May 19, 2021 · 2 comments
Open

AddressSanitizer: dynamic-stack-buffer-overflow #7

tankf33der opened this issue May 19, 2021 · 2 comments

Comments

@tankf33der
Copy link

take example code generate random strings and compile with sanitizers.

$ gcc -fsanitize=address main.c 
# ./a.out 
=================================================================
==567==ERROR: AddressSanitizer: dynamic-stack-buffer-overflow on address 0x7ffe55e4a198 at pc 0x55b34322c058 bp 0x7ffe55e4a0e0 sp 0x7ffe55e4a0d8
WRITE of size 1 at 0x7ffe55e4a198 thread T0
    #0 0x55b34322c057 in random_string (/root/chadstr/a.out+0x4057)
    #1 0x55b34322c1f6 in main (/root/chadstr/a.out+0x41f6)
    #2 0x7f2811d11d09 in __libc_start_main ../csu/libc-start.c:308
    #3 0x55b34322a249 in _start (/root/chadstr/a.out+0x2249)

Address 0x7ffe55e4a198 is located in stack of thread T0
SUMMARY: AddressSanitizer: dynamic-stack-buffer-overflow (/root/chadstr/a.out+0x4057) in random_string
Shadow bytes around the buggy address:
  0x10004abc13e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x10004abc13f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x10004abc1400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x10004abc1410: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x10004abc1420: ca ca ca ca 00 00 00 00 00 00 00 00 00 00 00 00
=>0x10004abc1430: 00 00 00[cb]cb cb cb cb 00 00 00 00 00 00 00 00
  0x10004abc1440: 00 00 00 00 00 00 f1 f1 f1 f1 00 f2 f2 f2 00 00
  0x10004abc1450: f3 f3 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1
  0x10004abc1460: 00 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00
  0x10004abc1470: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x10004abc1480: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
  Shadow gap:              cc
==567==ABORTING
$
@skullchap
Copy link
Owner

thnx, that was because of this char buffer[length];. forget to add +1 for nul byte. another reason why we need chadstr even for buffer allocation

@skullchap skullchap reopened this May 19, 2021
@ghost
Copy link

ghost commented May 30, 2021

feature

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@skullchap @tankf33der