Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
The length of the VAL_SERIES(value) has been set correctly by Append_UTF8, and it could be smaller than "len", because UTF8 is a multi-byte encoding, thus passing "len" to Deline_Uni could cause out-of-bound memory access. Fixes CC#2169 The following code REBOL[] t: <ēee> causes: ==13053==ERROR: AddressSanitizer: use-after-poison on address 0x61d00001a5f8 at pc 0x000000853d50 bp 0x7ffd2a31a1b0 sp 0x7ffd2a31a1a8 WRITE of size 2 at 0x61d00001a5f8 thread T0 #0 0x853d4f in Deline_Uni /home/zsx/stuffs/work/r3.git/make/../src/core/s-ops.c:426:2 #1 0x7064d4 in Scan_Any /home/zsx/stuffs/work/r3.git/make/../src/core/l-types.c:846:7 #2 0x6dca3c in Scan_Block /home/zsx/stuffs/work/r3.git/make/../src/core/l-scan.c:1421:4 #3 0x6d9f92 in Scan_Block /home/zsx/stuffs/work/r3.git/make/../src/core/l-scan.c:1301:12 #4 0x6df0e6 in Scan_Code /home/zsx/stuffs/work/r3.git/make/../src/core/l-scan.c:1550:9 #5 0x6df462 in Scan_Source /home/zsx/stuffs/work/r3.git/make/../src/core/l-scan.c:1570:9 #6 0x896105 in Make_Block_Type /home/zsx/stuffs/work/r3.git/make/../src/core/t-block.c:306:9 #7 0x89af62 in T_Block /home/zsx/stuffs/work/r3.git/make/../src/core/t-block.c:624:3 #8 0x8ac80b in T_Datatype /home/zsx/stuffs/work/r3.git/make/../src/core/t-datatype.c:92:20 #9 0x5c458f in Do_Act /home/zsx/stuffs/work/r3.git/make/../src/core/c-function.c:338:8 #10 0x5c5927 in Do_Action /home/zsx/stuffs/work/r3.git/make/../src/core/c-function.c:396:2 #11 0x55f3d7 in Do_Next /home/zsx/stuffs/work/r3.git/make/../src/core/c-do.c:886:18 #12 0x55e447 in Do_Next /home/zsx/stuffs/work/r3.git/make/../src/core/c-do.c:860:11 #13 0x5576e1 in Do_Blk /home/zsx/stuffs/work/r3.git/make/../src/core/c-do.c:1017:11 #14 0x746174 in N_case /home/zsx/stuffs/work/r3.git/make/../src/core/n-control.c:348:10 #15 0x5c379d in Do_Native /home/zsx/stuffs/work/r3.git/make/../src/core/c-function.c:289:6 #16 0x55f3d7 in Do_Next /home/zsx/stuffs/work/r3.git/make/../src/core/c-do.c:886:18 #17 0x5576e1 in Do_Blk /home/zsx/stuffs/work/r3.git/make/../src/core/c-do.c:1017:11 #18 0x5c5c4f in Do_Function /home/zsx/stuffs/work/r3.git/make/../src/core/c-function.c:415:11 #19 0x55f3d7 in Do_Next /home/zsx/stuffs/work/r3.git/make/../src/core/c-do.c:886:18 #20 0x55e447 in Do_Next /home/zsx/stuffs/work/r3.git/make/../src/core/c-do.c:860:11 #21 0x568295 in Try_Block /home/zsx/stuffs/work/r3.git/make/../src/core/c-do.c:1087:11 #22 0x7506ac in N_try /home/zsx/stuffs/work/r3.git/make/../src/core/n-control.c:760:6 #23 0x5c379d in Do_Native /home/zsx/stuffs/work/r3.git/make/../src/core/c-function.c:289:6 #24 0x55f3d7 in Do_Next /home/zsx/stuffs/work/r3.git/make/../src/core/c-do.c:886:18 #25 0x56360b in Do_Args /home/zsx/stuffs/work/r3.git/make/../src/core/c-do.c:668:12 #26 0x55edc9 in Do_Next /home/zsx/stuffs/work/r3.git/make/../src/core/c-do.c:879:11 #27 0x56360b in Do_Args /home/zsx/stuffs/work/r3.git/make/../src/core/c-do.c:668:12 #28 0x55edc9 in Do_Next /home/zsx/stuffs/work/r3.git/make/../src/core/c-do.c:879:11 #29 0x5576e1 in Do_Blk /home/zsx/stuffs/work/r3.git/make/../src/core/c-do.c:1017:11 #30 0x5c5c4f in Do_Function /home/zsx/stuffs/work/r3.git/make/../src/core/c-function.c:415:11 #31 0x55f3d7 in Do_Next /home/zsx/stuffs/work/r3.git/make/../src/core/c-do.c:886:18 #32 0x566f3d in Do_Block_Value_Throw /home/zsx/stuffs/work/r3.git/make/../src/core/c-do.c:1049:11 #33 0xb0b9f9 in Parse_Rules_Loop /home/zsx/stuffs/work/r3.git/make/../src/core/u-parse.c:830:4 #34 0xb0eb17 in Parse_Rules_Loop /home/zsx/stuffs/work/r3.git/make/../src/core/u-parse.c:927:9 #35 0xb07e30 in Parse_Series /home/zsx/stuffs/work/r3.git/make/../src/core/u-parse.c:96:9 #36 0xb06e85 in N_parse /home/zsx/stuffs/work/r3.git/make/../src/core/u-parse.c:1269:7 #37 0x5c379d in Do_Native /home/zsx/stuffs/work/r3.git/make/../src/core/c-function.c:289:6 #38 0x55f3d7 in Do_Next /home/zsx/stuffs/work/r3.git/make/../src/core/c-do.c:886:18 #39 0x5576e1 in Do_Blk /home/zsx/stuffs/work/r3.git/make/../src/core/c-do.c:1017:11 #40 0x5c5c4f in Do_Function /home/zsx/stuffs/work/r3.git/make/../src/core/c-function.c:415:11 #41 0x55f3d7 in Do_Next /home/zsx/stuffs/work/r3.git/make/../src/core/c-do.c:886:18 #42 0x5576e1 in Do_Blk /home/zsx/stuffs/work/r3.git/make/../src/core/c-do.c:1017:11 #43 0x746174 in N_case /home/zsx/stuffs/work/r3.git/make/../src/core/n-control.c:348:10 #44 0x5c379d in Do_Native /home/zsx/stuffs/work/r3.git/make/../src/core/c-function.c:289:6 #45 0x55f3d7 in Do_Next /home/zsx/stuffs/work/r3.git/make/../src/core/c-do.c:886:18 #46 0x56360b in Do_Args /home/zsx/stuffs/work/r3.git/make/../src/core/c-do.c:668:12 #47 0x55edc9 in Do_Next /home/zsx/stuffs/work/r3.git/make/../src/core/c-do.c:879:11 #48 0x5576e1 in Do_Blk /home/zsx/stuffs/work/r3.git/make/../src/core/c-do.c:1017:11 #49 0x5c5c4f in Do_Function /home/zsx/stuffs/work/r3.git/make/../src/core/c-function.c:415:11 #50 0x55f3d7 in Do_Next /home/zsx/stuffs/work/r3.git/make/../src/core/c-do.c:886:18 #51 0x55e447 in Do_Next /home/zsx/stuffs/work/r3.git/make/../src/core/c-do.c:860:11 #52 0x5576e1 in Do_Blk /home/zsx/stuffs/work/r3.git/make/../src/core/c-do.c:1017:11 rebol#53 0x5c5c4f in Do_Function /home/zsx/stuffs/work/r3.git/make/../src/core/c-function.c:415:11 rebol#54 0x55f3d7 in Do_Next /home/zsx/stuffs/work/r3.git/make/../src/core/c-do.c:886:18 rebol#55 0x5576e1 in Do_Blk /home/zsx/stuffs/work/r3.git/make/../src/core/c-do.c:1017:11 rebol#56 0x749e2b in N_do /home/zsx/stuffs/work/r3.git/make/../src/core/n-control.c:524:8 rebol#57 0x5c379d in Do_Native /home/zsx/stuffs/work/r3.git/make/../src/core/c-function.c:289:6 rebol#58 0x55f3d7 in Do_Next /home/zsx/stuffs/work/r3.git/make/../src/core/c-do.c:886:18 rebol#59 0x5576e1 in Do_Blk /home/zsx/stuffs/work/r3.git/make/../src/core/c-do.c:1017:11 rebol#60 0x74aeea in N_either /home/zsx/stuffs/work/r3.git/make/../src/core/n-control.c:598:3 rebol#61 0x5c379d in Do_Native /home/zsx/stuffs/work/r3.git/make/../src/core/c-function.c:289:6 rebol#62 0x55f3d7 in Do_Next /home/zsx/stuffs/work/r3.git/make/../src/core/c-do.c:886:18 rebol#63 0x5576e1 in Do_Blk /home/zsx/stuffs/work/r3.git/make/../src/core/c-do.c:1017:11 rebol#64 0x74aeea in N_either /home/zsx/stuffs/work/r3.git/make/../src/core/n-control.c:598:3 rebol#65 0x5c379d in Do_Native /home/zsx/stuffs/work/r3.git/make/../src/core/c-function.c:289:6 rebol#66 0x55f3d7 in Do_Next /home/zsx/stuffs/work/r3.git/make/../src/core/c-do.c:886:18 rebol#67 0x5576e1 in Do_Blk /home/zsx/stuffs/work/r3.git/make/../src/core/c-do.c:1017:11 rebol#68 0x74aeea in N_either /home/zsx/stuffs/work/r3.git/make/../src/core/n-control.c:598:3 rebol#69 0x5c379d in Do_Native /home/zsx/stuffs/work/r3.git/make/../src/core/c-function.c:289:6 rebol#70 0x55f3d7 in Do_Next /home/zsx/stuffs/work/r3.git/make/../src/core/c-do.c:886:18 rebol#71 0x5576e1 in Do_Blk /home/zsx/stuffs/work/r3.git/make/../src/core/c-do.c:1017:11 rebol#72 0x5c5c4f in Do_Function /home/zsx/stuffs/work/r3.git/make/../src/core/c-function.c:415:11 rebol#73 0x5758b0 in Apply_Function /home/zsx/stuffs/work/r3.git/make/../src/core/c-do.c:1528:33 rebol#74 0x576ec0 in Do_Sys_Func /home/zsx/stuffs/work/r3.git/make/../src/core/c-do.c:1588:10 rebol#75 0x582548 in Init_Mezz /home/zsx/stuffs/work/r3.git/make/../src/core/c-do.c:2320:9 rebol#76 0x52e62f in RL_Start /home/zsx/stuffs/work/r3.git/make/../src/core/a-lib.c:193:9 rebol#77 0xbb6fb3 in main /home/zsx/stuffs/work/r3.git/make/../src/os/host-main.c:235:6 rebol#78 0x7fd1c04ef7ff in __libc_start_main (/usr/lib/libc.so.6+0x207ff) rebol#79 0x486498 in _start (/home/zsx/stuffs/work/r3.git/make/r3-view-linux+0x486498) 0x61d00001a5f8 is located 376 bytes inside of 2064-byte region [0x61d00001a480,0x61d00001ac90) allocated by thread T0 here: #0 0x50d462 in __interceptor_malloc (/home/zsx/stuffs/work/r3.git/make/r3-view-linux+0x50d462) #1 0x721a85 in Make_Mem /home/zsx/stuffs/work/r3.git/make/../src/core/m-pools.c:132:14 #2 0x723bed in Fill_Pool /home/zsx/stuffs/work/r3.git/make/../src/core/m-pools.c:240:19 #3 0x7233c2 in Make_Node /home/zsx/stuffs/work/r3.git/make/../src/core/m-pools.c:295:20 #4 0x7267f3 in Make_Series /home/zsx/stuffs/work/r3.git/make/../src/core/m-pools.c:419:10 #5 0x818d71 in Copy_String /home/zsx/stuffs/work/r3.git/make/../src/core/s-make.c:337:8 #6 0x6dc386 in Scan_Block /home/zsx/stuffs/work/r3.git/make/../src/core/l-scan.c:1388:22 #7 0x6df0e6 in Scan_Code /home/zsx/stuffs/work/r3.git/make/../src/core/l-scan.c:1550:9 #8 0x6e1f81 in N_transcode /home/zsx/stuffs/work/r3.git/make/../src/core/l-scan.c:1630:8 #9 0x5c379d in Do_Native /home/zsx/stuffs/work/r3.git/make/../src/core/c-function.c:289:6 #10 0x55f3d7 in Do_Next /home/zsx/stuffs/work/r3.git/make/../src/core/c-do.c:886:18 #11 0x56360b in Do_Args /home/zsx/stuffs/work/r3.git/make/../src/core/c-do.c:668:12 #12 0x55edc9 in Do_Next /home/zsx/stuffs/work/r3.git/make/../src/core/c-do.c:879:11 #13 0x56360b in Do_Args /home/zsx/stuffs/work/r3.git/make/../src/core/c-do.c:668:12 #14 0x56110f in Do_Next /home/zsx/stuffs/work/r3.git/make/../src/core/c-do.c:942:13 #15 0x568295 in Try_Block /home/zsx/stuffs/work/r3.git/make/../src/core/c-do.c:1087:11 #16 0x7506ac in N_try /home/zsx/stuffs/work/r3.git/make/../src/core/n-control.c:760:6 #17 0x5c379d in Do_Native /home/zsx/stuffs/work/r3.git/make/../src/core/c-function.c:289:6 #18 0x55f3d7 in Do_Next /home/zsx/stuffs/work/r3.git/make/../src/core/c-do.c:886:18 #19 0x56360b in Do_Args /home/zsx/stuffs/work/r3.git/make/../src/core/c-do.c:668:12 #20 0x55edc9 in Do_Next /home/zsx/stuffs/work/r3.git/make/../src/core/c-do.c:879:11 #21 0x56360b in Do_Args /home/zsx/stuffs/work/r3.git/make/../src/core/c-do.c:668:12 #22 0x55edc9 in Do_Next /home/zsx/stuffs/work/r3.git/make/../src/core/c-do.c:879:11 #23 0x55e447 in Do_Next /home/zsx/stuffs/work/r3.git/make/../src/core/c-do.c:860:11 #24 0x566f3d in Do_Block_Value_Throw /home/zsx/stuffs/work/r3.git/make/../src/core/c-do.c:1049:11 #25 0xb0b9f9 in Parse_Rules_Loop /home/zsx/stuffs/work/r3.git/make/../src/core/u-parse.c:830:4 #26 0xb0eb17 in Parse_Rules_Loop /home/zsx/stuffs/work/r3.git/make/../src/core/u-parse.c:927:9 #27 0xb0eb17 in Parse_Rules_Loop /home/zsx/stuffs/work/r3.git/make/../src/core/u-parse.c:927:9 #28 0xb0eb17 in Parse_Rules_Loop /home/zsx/stuffs/work/r3.git/make/../src/core/u-parse.c:927:9 #29 0xb0eb17 in Parse_Rules_Loop /home/zsx/stuffs/work/r3.git/make/../src/core/u-parse.c:927:9 SUMMARY: AddressSanitizer: use-after-poison /home/zsx/stuffs/work/r3.git/make/../src/core/s-ops.c:426 Deline_Uni Shadow bytes around the buggy address: 0x0c3a7fffb460: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c3a7fffb470: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c3a7fffb480: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c3a7fffb490: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 0x0c3a7fffb4a0: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 =>0x0c3a7fffb4b0: f7 f7 f7 f7 f7 f7 f7 f7 f7 00 00 00 f7 00 00[f7] 0x0c3a7fffb4c0: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 0x0c3a7fffb4d0: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 0x0c3a7fffb4e0: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 0x0c3a7fffb4f0: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 0x0c3a7fffb500: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Heap right redzone: fb Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack partial redzone: f4 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb ==13053==ABORTING
- Loading branch information