asn1c
asn1c copied to clipboard
vlm
A Segmentation fault in asn1fix_enum.c:82:5
System info
Ubuntu x86_64, clang 6.0, asn1c (latest master 00fa516)
Configure
CFLAGS="-g -fsanitize=address" LDFLAGS="-fsanitize=address" ./configure
Command line
./asn1c/asn1c -EF @@
Output
FATAL: Segmentation fault (core dumped)
AddressSanitizer output
FATAL: AddressSanitizer:DEADLYSIGNAL
=================================================================
==855==ERROR: AddressSanitizer: V on unknown address 0x000000000001 (pc 0x0000004f7132 bp 0x7ffd8d3958b0 sp 0x7ffd8d394fe8 T0)
==855==The signal is caused by a READ memory access.
==855==Hint: address points to the zero page.
#0 0x4f7131 in __sanitizer::internal_strlen(char const*) (/home/seviezhou/asn1c/asn1c/asn1c+0x4f7131)
#1 0x4468d5 in printf_common(void*, char const*, __va_list_tag*) (/home/seviezhou/asn1c/asn1c/asn1c+0x4468d5)
#2 0x44721b in __interceptor_vfprintf (/home/seviezhou/asn1c/asn1c/asn1c+0x44721b)
#3 0x58022f in _default_error_logger /home/seviezhou/asn1c/libasn1fix/asn1fix.c:580:2
#4 0x5bd7c9 in asn1f_fix_enum /home/seviezhou/asn1c/libasn1fix/asn1fix_enum.c:82:5
#5 0x582b7f in asn1f_fix_simple /home/seviezhou/asn1c/libasn1fix/asn1fix.c:377:8
#6 0x5864d8 in asn1f_recurse_expr /home/seviezhou/asn1c/libasn1fix/asn1fix_misc.c:209:8
#7 0x5866bf in asn1f_recurse_expr /home/seviezhou/asn1c/libasn1fix/asn1fix_misc.c:219:9
#8 0x581c5f in phase_1_1 /home/seviezhou/asn1c/libasn1fix/asn1fix.c:326:8
#9 0x5816cf in phase_1_1 /home/seviezhou/asn1c/libasn1fix/asn1fix.c:303:10
#10 0x57df11 in asn1f_fix_module__phase_1 /home/seviezhou/asn1c/libasn1fix/asn1fix.c:198:9
#11 0x57df11 in asn1f_process /home/seviezhou/asn1c/libasn1fix/asn1fix.c:84
#12 0x5156f8 in main /home/seviezhou/asn1c/asn1c/asn1c.c:379:11
#13 0x7fbd5f15eb96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310
#14 0x41a969 in _start (/home/seviezhou/asn1c/asn1c/asn1c+0x41a969)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: V (/home/seviezhou/asn1c/asn1c/asn1c+0x4f7131) in __sanitizer::internal_strlen(char const*)
==855==ABORTING
POC
SEGV-asn1f_fix_enum-asn1fix_enum-82.zip
The crash is caused by this debug/error message:
https://github.com/vlm/asn1c/blob/v0.9.28/libasn1fix/asn1fix_enum.c#L82
FATAL("HERE HERE HERE", 1);
It looks like some temporary message added while debugging some issue, but that assumption is hard to confirm as it was included in the initial import to git.
The FATAL macro effectively expands to something like this:
printf("HERE HERE HERE" " in %s", 1, source_file_name);
leading to %s format applied to argument 1 (i.e. pointer 0x1) instead of the file name string.
The most trivial fix is to remove extraneous , 1 argument. A better fix would be to remove the FATAL call completely if it's not needed, or user proper message if it is needed.
