You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Can be seen with address sanitizer. This was found with the tool american fuzzy lop.
Address sanitizer output:
==21442==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x607000006206 at pc 0x7f36e084ced0 bp 0x7fffdbfd7c50 sp 0x7fffdbfd7c40
READ of size 1 at 0x607000006206 thread T0
#0 0x7f36e084cecf in __strnlen /f/radare2/radare2/libr/..//libr/bin/p/../format/elf/elf.c:12
#1 0x7f36e084cecf in Elf64_r_bin_elf_get_symbols /f/radare2/radare2/libr/..//libr/bin/p/../format/elf/elf.c:1605
#2 0x7f36e08258c5 in symbols /f/radare2/radare2/libr/..//libr/bin/p/bin_elf.c:249
#3 0x7f36e07563fe in r_bin_object_set_items /f/radare2/radare2/libr/bin/bin.c:421
#4 0x7f36e07563fe in r_bin_object_new /f/radare2/radare2/libr/bin/bin.c:945
#5 0x7f36e075c83b in r_bin_file_new_from_bytes /f/radare2/radare2/libr/bin/bin.c:1056
#6 0x7f36e075c83b in r_bin_load_io_at_offset_as_sz /f/radare2/radare2/libr/bin/bin.c:644
#7 0x7f36e075e0ca in r_bin_load_io_at_offset_as /f/radare2/radare2/libr/bin/bin.c:666
#8 0x7f36e075f575 in r_bin_load_io /f/radare2/radare2/libr/bin/bin.c:546
#9 0x7f36e17b5b0d in r_core_file_do_load_for_io_plugin /f/radare2/radare2/libr/core/file.c:350
#10 0x7f36e17b5b0d in r_core_bin_load /f/radare2/radare2/libr/core/file.c:487
#11 0x405a3d in main /f/radare2/radare2/binr/radare2/radare2.c:585
#12 0x7f36dbca0f9f in __libc_start_main (/lib64/libc.so.6+0x1ff9f)
#13 0x40a0dd (/mnt/ram/radare2/radare2+0x40a0dd)
0x607000006206 is located 15 bytes to the right of 71-byte region [0x6070000061b0,0x6070000061f7)
allocated by thread T0 here:
#0 0x7f36e1e2d855 in calloc (/usr/lib/gcc/x86_64-pc-linux-gnu/4.9.2/libasan.so.1+0x57855)
#1 0x7f36e084c713 in Elf64_r_bin_elf_get_symbols /f/radare2/radare2/libr/..//libr/bin/p/../format/elf/elf.c:1474
SUMMARY: AddressSanitizer: heap-buffer-overflow /f/radare2/radare2/libr/..//libr/bin/p/../format/elf/elf.c:12 __strnlen
Shadow bytes around the buggy address:
0x0c0e7fff8bf0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c0e7fff8c00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c0e7fff8c10: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c0e7fff8c20: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c0e7fff8c30: fa fa fa fa fa fa 00 00 00 00 00 00 00 00 07 fa
=>0x0c0e7fff8c40:[fa]fa fa fa fd fd fd fd fd fd fd fd fd fa fa fa
0x0c0e7fff8c50: fa fa 00 00 00 00 00 00 00 00 00 fa fa fa fa fa
0x0c0e7fff8c60: 00 00 00 00 00 00 00 00 00 fa fa fa fa fa 00 00
0x0c0e7fff8c70: 00 00 00 00 00 00 00 00 fa fa fa fa 00 00 00 00
0x0c0e7fff8c80: 00 00 00 00 00 00 fa fa fa fa 00 00 00 00 00 00
0x0c0e7fff8c90: 00 00 00 00 fa fa fa fa 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap right redzone: fb
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Contiguous container OOB:fc
ASan internal: fe
==21442==ABORTING
The text was updated successfully, but these errors were encountered:
An invalid input file can cause an out of bounds read access in radare2. Example file:
https://crashes.fuzzing-project.org/radare2-oob-heap-read-Elf64_r_bin_elf_get_symbols
Can be seen with address sanitizer. This was found with the tool american fuzzy lop.
Address sanitizer output:
The text was updated successfully, but these errors were encountered: