GNU bug report logs -
#50611
one-byte (write) heap-buffer-underrun
Previous Next
Reported by: Jim Meyering <jim <at> meyering.net>
Date: Thu, 16 Sep 2021 00:30:02 UTC
Severity: normal
Done: Paul Eggert <eggert <at> cs.ucla.edu>
Bug is archived. No further changes may be made.
Full log
View this message in rfc822 format
Thanks for all your recent changes! I built+tested with ASAN on Fedora 34:
Configure and build as usual, then "make clean" and do this:
> san='-fsanitize-address-use-after-scope -fsanitize=address -static-libasan'; ASAN_OPTIONS=detect_leaks=0 , CFLAGS='-O -ggdb3' AM_CFLAGS="$san" AM_LDFLAGS="$san" check
(but that first -f option may be obsolete, because it seems to provoke
spurious failure of the stdbuf test and help-version tests)
That exposed this (and similar in an md5sum tests):
md5sum: test ck-strict-1: stderr mismatch, comparing ck-strict-1.2
(expected) and ck-strict-1.E (actual)
*** ck-strict-1.2 Wed Sep 15 17:16:39 2021
--- ck-strict-1.E Wed Sep 15 17:16:39 2021
***************
*** 1 ****
! md5sum: WARNING: 1 line is improperly formatted
--- 1,47 ----
! =================================================================
! ==1752792==ERROR: AddressSanitizer: heap-buffer-overflow on address
0x60c00000003f at pc 0x0000004d7387 bp 0x7fff29bac390 sp
0x7fff29bac388
! READ of size 1 at 0x60c00000003f thread T0
! #0 0x4d7386 in digest_check src/digest.c:1076
! #1 0x4d7386 in main src/digest.c:1492
! #2 0x7ff1f089db74 in __libc_start_main (/lib64/libc.so.6+0x27b74)
! #3 0x40754d in _start (/home/j/w/co/cu/src/md5sum+0x40754d)
!
! 0x60c00000003f is located 1 bytes to the left of 120-byte region
[0x60c000000040,0x60c0000000b8)
! allocated by thread T0 here:
! #0 0x492417 in __interceptor_malloc
/home/j/w/co/gcc/libsanitizer/asan/asan_malloc_linux.cpp:129
! #1 0x7ff1f08ec903 in _IO_getdelim (/lib64/libc.so.6+0x76903)
! #2 0x49208f (/home/j/w/co/cu/src/md5sum+0x49208f)
!
! SUMMARY: AddressSanitizer: heap-buffer-overflow src/digest.c:1076 in
digest_check
! Shadow bytes around the buggy address:
! 0x0c187fff7fb0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
! 0x0c187fff7fc0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
! 0x0c187fff7fd0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
! 0x0c187fff7fe0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
! 0x0c187fff7ff0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
! =>0x0c187fff8000: fa fa fa fa fa fa fa[fa]00 00 00 00 00 00 00 00
! 0x0c187fff8010: 00 00 00 00 00 00 00 fa fa fa fa fa fa fa fa fa
! 0x0c187fff8020: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
! 0x0c187fff8030: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
! 0x0c187fff8040: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
! 0x0c187fff8050: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
! Shadow byte legend (one shadow byte represents 8 application bytes):
! Addressable: 00
! Partially addressable: 01 02 03 04 05 06 07
! Heap left redzone: fa
! Freed heap region: fd
! Stack left redzone: f1
! Stack mid redzone: f2
! Stack right redzone: f3
! Stack after return: f5
! Stack use after scope: f8
! Global redzone: f9
! Global init order: f6
! Poisoned by user: f7
! Container overflow: fc
! Array cookie: ac
! Intra object redzone: bb
! ASan internal: fe
! Left alloca redzone: ca
! Right alloca redzone: cb
! ==1752792==ABORTING
This bug report was last modified 3 years and 245 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.