fac
fac copied to clipboard
droundy
stack-buffer-overflow in ptrace
https://asan.saethlin.dev/ub?crate=fac&version=0.5.4
WRITE of size 8 overflows buffer of size 4
---- echo_to_file stdout ----
remove test repository
create "tests/test-repositories/test-111"
PATH is "/build/target/x86_64-unknown-linux-gnu/debug:/root/.cargo/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
I am in Ok("/build") with args []
output is:
error is:
=================================================================
==12714==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7f62accf0044 at pc 0x55a1aba062c5 bp 0x7f62edaf3230 sp 0x7f62edaf29e0
WRITE of size 8 at 0x7f62accf0044 thread T2
#0 0x55a1aba062c4 in ptrace /rustc/llvm/src/llvm-project/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:3459:7
#1 0x55a1abe0f855 in bigbro::linux::Status::wait_for_syscall::ha96a523f54b006d0 /root/.cargo/registry/src/index.crates.io-6f17d22bba15001f/bigbro-0.5.2/src/linux.rs:656:17
#2 0x55a1abe0de18 in bigbro::linux::Status::seccomp_bigbro_process::h5a426991c1904dab /root/.cargo/registry/src/index.crates.io-6f17d22bba15001f/bigbro-0.5.2/src/linux.rs:248:15
#3 0x55a1abcd9478 in bigbro::linux::Command::spawn_hook::_$u7b$$u7b$closure$u7d$$u7d$::h5c3bfb60cd003a85 /root/.cargo/registry/src/index.crates.io-6f17d22bba15001f/bigbro-0.5.2/src/linux.rs:1271:13
Address 0x7f62accf0044 is located in stack of thread T2 at offset 68 in frame
#0 0x55a1abe0debf in bigbro::linux::Status::wait_for_syscall::ha96a523f54b006d0 /root/.cargo/registry/src/index.crates.io-6f17d22bba15001f/bigbro-0.5.2/src/linux.rs:251
This frame has 122 object(s):
[32, 48) '' (line 251)
[64, 68) 'newpid54' (line 655) <== Memory access at offset 68 overflows this variable
[80, 84) 'newpid53' (line 650)
[96, 100) 'newpid52' (line 645)
[112, 116) 'newpid' (line 640)
[128, 152) '_542' (line 612)
[192, 196) '_535' (line 608)
[208, 212) '_531' (line 608)
[224, 400) 'md51' (line 607)
[464, 640) '_524' (line 607)
[704, 728) 'path50' (line 605)
...
[8240, 8264) '_60' (line 289)
[8304, 8328) '_51' (line 285)
[8368, 8392) 'path3' (line 283)
[8432, 8480) 'args2' (line 279)
[8512, 8536) 'path1'
[8576, 8600) 'path'
[8640, 8688) 'args' (line 267)
[8720, 8728) 'syscall_num' (line 263)
[8752, 8756) 'status' (line 252)
Thread T2 created by T0 here:
#0 0x55a1aba3d41d in pthread_create /rustc/llvm/src/llvm-project/compiler-rt/lib/asan/asan_interceptors.cpp:237:3
#1 0x55a1ac8ae9ef in std::sys::unix::thread::Thread::new::h97075fbf73e22242 /root/.rustup/toolchains/nightly-x86_64-unknown-linux-gnu/lib/rustlib/src/rust/library/std/src/sys/unix/thread.rs:87:19
#2 0x55a1abc70aa8 in std::thread::Builder::spawn_unchecked_::h60a8be49380d9ae8 /root/.rustup/toolchains/nightly-x86_64-unknown-linux-gnu/lib/rustlib/src/rust/library/std/src/thread/mod.rs:563:17
#3 0x55a1abc6f469 in std::thread::Builder::spawn_unchecked::hfff4489eb356bf60 /root/.rustup/toolchains/nightly-x86_64-unknown-linux-gnu/lib/rustlib/src/rust/library/std/src/thread/mod.rs:457:32
#4 0x55a1abc7edcc in std::thread::Builder::spawn::h93b05c052ef4e078 /root/.rustup/toolchains/nightly-x86_64-unknown-linux-gnu/lib/rustlib/src/rust/library/std/src/thread/mod.rs:389:18
#5 0x55a1abcd6671 in bigbro::linux::Command::spawn_hook::h792e62933ad45a08 /root/.cargo/registry/src/index.crates.io-6f17d22bba15001f/bigbro-0.5.2/src/linux.rs:1196:9
#6 0x55a1abd18649 in bigbro::Command::spawn_and_hook::h369348eb00302b0c /root/.cargo/registry/src/index.crates.io-6f17d22bba15001f/bigbro-0.5.2/src/lib.rs:393:13
#7 0x55a1abaefee2 in fac::build::Build::spawn::h83cfaa6cd90ac430 /build/src/build/mod.rs:2375:13
#8 0x55a1aba9ed43 in fac::build::Build::build_dirty::h939cdc9b0004aa78 /build/src/build/mod.rs:860:37
#9 0x55a1aba8ebab in fac::build::Build::build::h506ca78834ae4ac4 /build/src/build/mod.rs:663:13
#10 0x55a1aba8a32c in fac::build::build::h76c49ca195546440 /build/src/build/mod.rs:536:5
#11 0x55a1abc2ab93 in fac::main::h2a44a2e86f85dd5d /build/src/main.rs:29:20
SUMMARY: AddressSanitizer: stack-buffer-overflow /rustc/llvm/src/llvm-project/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:3459:7 in ptrace
Shadow bytes around the buggy address:
0x7f62accefd80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x7f62accefe00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x7f62accefe80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x7f62acceff00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x7f62acceff80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x7f62accf0000: f1 f1 f1 f1 f8 f8 f2 f2[04]f2 f8 f2 f8 f2 f8 f2
0x7f62accf0080: f8 f8 f8 f2 f2 f2 f2 f2 f8 f2 f8 f2 f8 f8 f8 f8
0x7f62accf0100: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
0x7f62accf0180: f8 f8 f2 f2 f2 f2 f2 f2 f2 f2 f8 f8 f8 f8 f8 f8
0x7f62accf0200: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
0x7f62accf0280: f2 f2 f2 f2 f2 f2 f2 f2 f8 f8 f8 f2 f2 f2 f2 f2
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==12714==ABORTING
