Attachment 8659376 Details for Bug 1202868

call_stack_with_patch.txt

call_stack_with_patch.txt (text/plain), 3.62 KB, created by Tyson Smith [:tsmith]

(hide)

Description:

Filename:

MIME Type:

Creator: Tyson Smith [:tsmith]

Size: 3.62 KB

patch

obsolete

>==38492==ERROR: AddressSanitizer: use-after-poison on address 0x61d00001e0d0 at pc 0x7fee1c4b3b99 bp 0x7ffdf8fa39d0 sp 0x7ffdf8fa39c8
>WRITE of size 47 at 0x61d00001e0d0 thread T0
>    #0 0x7fee1c4b3b98 in sec_asn1d_parse_leaf /home/user/code/asn1_fuzz/nss/lib/util/secasn1d.c:1536
>    #1 0x7fee1c4b3b98 in SEC_ASN1DecoderUpdate_Util /home/user/code/asn1_fuzz/nss/lib/util/secasn1d.c:2617
>    #2 0x7fee1c4bc3c5 in SEC_ASN1Decode_Util /home/user/code/asn1_fuzz/nss/lib/util/secasn1d.c:2925
>    #3 0x7fee1c4bc3c5 in SEC_ASN1DecodeItem_Util /home/user/code/asn1_fuzz/nss/lib/util/secasn1d.c:2940
>    #4 0x47c0e1 in main /home/user/code/asn1_fuzz/nss/cmd/checkcert/checkcert.c:76
>    #5 0x7fee1b4bdec4 in __libc_start_main /build/buildd/eglibc-2.19/csu/libc-start.c:287
>    #6 0x47ba2c in _start (/home/user/Desktop/fuzz-asn1/checkcert+0x47ba2c)
>
>0x61d00001e0d0 is located 80 bytes inside of 2048-byte region [0x61d00001e080,0x61d00001e880)
>allocated by thread T0 here:
>    #0 0x465949 in malloc (/home/user/Desktop/fuzz-asn1/checkcert+0x465949)
>    #1 0x7fee1bcee52d in PR_Malloc /home/user/code/asn1_fuzz/nspr/Linux3.16_x86_64_clang_glibc_PTH_64_OPT.OBJ/pr/src/malloc/../../../../pr/src/malloc/prmem.c:435
>    #2 0x7fee1c00c9e5 in PL_ArenaAllocate /home/user/code/asn1_fuzz/nspr/Linux3.16_x86_64_clang_glibc_PTH_64_OPT.OBJ/lib/ds/../../../lib/ds/plarena.c:203
>    #3 0x7fee1c4df4dd in PORT_ArenaAlloc_Util /home/user/code/asn1_fuzz/nss/lib/util/secport.c:272
>    #4 0x7fee1c4b01c3 in sec_asn1d_alloc /home/user/code/asn1_fuzz/nss/lib/util/secasn1d.c:315
>    #5 0x7fee1c4b01c3 in sec_asn1d_zalloc /home/user/code/asn1_fuzz/nss/lib/util/secasn1d.c:335
>    #6 0x7fee1c4b01c3 in sec_asn1d_prepare_for_contents /home/user/code/asn1_fuzz/nss/lib/util/secasn1d.c:1244
>    #7 0x7fee1c4b01c3 in SEC_ASN1DecoderUpdate_Util /home/user/code/asn1_fuzz/nss/lib/util/secasn1d.c:2602
>    #8 0x7fee1c4bc3c5 in SEC_ASN1Decode_Util /home/user/code/asn1_fuzz/nss/lib/util/secasn1d.c:2925
>    #9 0x7fee1c4bc3c5 in SEC_ASN1DecodeItem_Util /home/user/code/asn1_fuzz/nss/lib/util/secasn1d.c:2940
>    #10 0x47c0e1 in main /home/user/code/asn1_fuzz/nss/cmd/checkcert/checkcert.c:76
>    #11 0x7fee1b4bdec4 in __libc_start_main /build/buildd/eglibc-2.19/csu/libc-start.c:287
>
>SUMMARY: AddressSanitizer: use-after-poison /home/user/code/asn1_fuzz/nss/lib/util/secasn1d.c:1536 sec_asn1d_parse_leaf
>Shadow bytes around the buggy address:
>  0x0c3a7fffbbc0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
>  0x0c3a7fffbbd0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
>  0x0c3a7fffbbe0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
>  0x0c3a7fffbbf0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
>  0x0c3a7fffbc00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
>=>0x0c3a7fffbc10: 00 00 00 00 00 00 00 00 00 00[f7]f7 f7 f7 f7 f7
>  0x0c3a7fffbc20: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
>  0x0c3a7fffbc30: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
>  0x0c3a7fffbc40: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
>  0x0c3a7fffbc50: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
>  0x0c3a7fffbc60: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
>Shadow byte legend (one shadow byte represents 8 application bytes):
>  Addressable:           00
>  Partially addressable: 01 02 03 04 05 06 07 
>  Heap left redzone:     fa
>  Heap right redzone:    fb
>  Freed heap region:     fd
>  Stack left redzone:    f1
>  Stack mid redzone:     f2
>  Stack right redzone:   f3
>  Stack partial redzone: f4
>  Stack after return:    f5
>  Stack use after scope: f8
>  Global redzone:        f9
>  Global init order:     f6
>  Poisoned by user:      f7
>  ASan internal:         fe
>==38492==ABORTING

Actions: View

Attachments on bug 1202868: 8658396 | 8658421 | 8658805 | 8658967 | 8659375 | 8659376 | 8659378 | 8662125 | 8674441