petewarden
global-buffer-overflow on reader.c:177:20
The command below may cause a global buffer overflow error when running catdoc
catdoc / /-v -wbawdd
Test Environment Ubuntu 20.04, 64 bit catdoc (version: 0.95; )
How to trigger Compile the program with AddressSanitizer Run command $ catdoc / /-v -wbawdd Details ASAN report $catdoc / /-v -wbawdd
================================================================= ==3560683==ERROR: AddressSanitizer: global-buffer-overflow on address 0x000000e5a820 at pc 0x0000004cfe18 bp 0x7fffffffde30 sp 0x7fffffffde28 WRITE of size 2 at 0x000000e5a820 thread T0 #0 0x4cfe17 in process_file /home/ned158/sp/Dataset/Catdoc/catdoc_aflpp/src/reader.c:177:20 #1 0x4d12a2 in analyze_format /home/ned158/sp/Dataset/Catdoc/catdoc_aflpp/src/analyze.c:38:10 #2 0x4cd221 in main /home/ned158/sp/Dataset/Catdoc/catdoc_aflpp/src/catdoc.c:180:6 #3 0x7ffff7c3b082 in __libc_start_main /build/glibc-SzIz7B/glibc-2.31/csu/../csu/libc-start.c:308:16 #4 0x41d44d in _start (/home/ned158/sp/Dataset/Catdoc/catdoc_aflpp/install/bin/catdoc+0x41d44d)
0x000000e5a820 is located 0 bytes to the right of global variable 'buffer' defined in 'reader.c:13:20' (0xdda820) of size 524288 SUMMARY: AddressSanitizer: global-buffer-overflow /home/ned158/sp/Dataset/Catdoc/catdoc_aflpp/src/reader.c:177:20 in process_file Shadow bytes around the buggy address: 0x0000801c34b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0000801c34c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0000801c34d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0000801c34e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0000801c34f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 =>0x0000801c3500: 00 00 00 00[f9]f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 0x0000801c3510: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 0x0000801c3520: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 0x0000801c3530: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 0x0000801c3540: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 0x0000801c3550: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb ==3560683==ABORTING
