You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
DESCRIPTION
A heap buffer overflow is a type of a memory corruption vulnerability that is widely used for different types of attacks. A successful heap buffer overflow attack can be used to read sensitive data in memory, or write and execute code in it.
Detected Global Buffer Overflow Vulnerability in src/explore_me/explore_me.cpp:40:3
SEVERITY
9.0
DESCRIPTION
A heap buffer overflow is a type of a memory corruption vulnerability that is widely used for different types of attacks. A successful heap buffer overflow attack can be used to read sensitive data in memory, or write and execute code in it.
CWE
Heap-based Buffer Overflow (#122)
STACKTRACE
==11==ERROR: AddressSanitizer: global-buffer-overflow on address 0x560d21c1bba5 at pc 0x560d20e5955a bp 0x7ffe16fe96c0 sp 0x7ffe16fe8e90
WRITE of size 8 at 0x560d21c1bba5 thread T0
#0 0x560d20e59559 in __asan_memcpy (/cifuzz/libfuzzer/address+undefined/simple_checks_fuzz_test/bin/src/explore_me/simple_checks_fuzz_test+0x13e559) (BuildId: ea922eefe4a4f20f33d93d3b043fed88f00889af)
#1 0x560d20e994b7 in trigger_global_buffer_overflow(std::__cxx11::basic_string<char, std::char_traits, std::allocator> const&) /home/runner/work/c-cpp-example/c-cpp-example/checkout-dir/src/explore_me/explore_me.cpp:40:3
#2 0x560d20e97707 in LLVMFuzzerTestOneInputNoReturn(unsigned char const*, unsigned long) /home/runner/work/c-cpp-example/c-cpp-example/checkout-dir/src/explore_me/simple_checks_test.cpp:25:3
#3 0x560d20e97548 in LLVMFuzzerTestOneInput /home/runner/work/c-cpp-example/c-cpp-example/checkout-dir/src/explore_me/simple_checks_test.cpp:19:1
#4 0x560d20dbdb03 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/cifuzz/libfuzzer/address+undefined/simple_checks_fuzz_test/bin/src/explore_me/simple_checks_fuzz_test+0xa2b03) (BuildId: ea922eefe4a4f20f33d93d3b043fed88f00889af)
#5 0x560d20dbd259 in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool, bool*) (/cifuzz/libfuzzer/address+undefined/simple_checks_fuzz_test/bin/src/explore_me/simple_checks_fuzz_test+0xa2259) (BuildId: ea922eefe4a4f20f33d93d3b043fed88f00889af)
#6 0x560d20dbea49 in fuzzer::Fuzzer::MutateAndTestOne() (/cifuzz/libfuzzer/address+undefined/simple_checks_fuzz_test/bin/src/explore_me/simple_checks_fuzz_test+0xa3a49) (BuildId: ea922eefe4a4f20f33d93d3b043fed88f00889af)
#7 0x560d20dbf5c5 in fuzzer::Fuzzer::Loop(std::vector<fuzzer::SizedFile, std::allocatorfuzzer::SizedFile>&) (/cifuzz/libfuzzer/address+undefined/simple_checks_fuzz_test/bin/src/explore_me/simple_checks_fuzz_test+0xa45c5) (BuildId: ea922eefe4a4f20f33d93d3b043fed88f00889af)
#8 0x560d20dad702 in fuzzer::FuzzerDriver(int*, char***, int ()(unsigned char const, unsigned long)) (/cifuzz/libfuzzer/address+undefined/simple_checks_fuzz_test/bin/src/explore_me/simple_checks_fuzz_test+0x92702) (BuildId: ea922eefe4a4f20f33d93d3b043fed88f00889af)
#9 0x560d20dd73f2 in main (/cifuzz/libfuzzer/address+undefined/simple_checks_fuzz_test/bin/src/explore_me/simple_checks_fuzz_test+0xbc3f2) (BuildId: ea922eefe4a4f20f33d93d3b043fed88f00889af)
#10 0x7f3855e2814f (/lib/x86_64-linux-gnu/libc.so.6+0x2814f) (BuildId: 6a981b07a3731293c24c10a21397416d3c3d52ed)
#11 0x7f3855e28208 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x28208) (BuildId: 6a981b07a3731293c24c10a21397416d3c3d52ed)
#12 0x560d20da2144 in _start (/cifuzz/libfuzzer/address+undefined/simple_checks_fuzz_test/bin/src/explore_me/simple_checks_fuzz_test+0x87144) (BuildId: ea922eefe4a4f20f33d93d3b043fed88f00889af)
0x560d21c1bba5 is located 0 bytes to the right of global variable 'gBuffer' defined in '/home/runner/work/c-cpp-example/c-cpp-example/checkout-dir/src/explore_me/explore_me.cpp:37:6' (0x560d21c1bba0) of size 5
SUMMARY: AddressSanitizer: global-buffer-overflow (/cifuzz/libfuzzer/address+undefined/simple_checks_fuzz_test/bin/src/explore_me/simple_checks_fuzz_test+0x13e559) (BuildId: ea922eefe4a4f20f33d93d3b043fed88f00889af) in __asan_memcpyShadow bytes around the buggy address:
0x0ac22437b720: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0ac22437b730: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0ac22437b740: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0ac22437b750: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0ac22437b760: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0ac22437b770: 00 f9 f9 f9[05]f9 f9 f9 00 00 00 00 00 00 00 00
0x0ac22437b780: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0ac22437b790: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0ac22437b7a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0ac22437b7b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0ac22437b7c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==11==ABORTING
MS: 1 CMP- DE: "Attacker"-; base unit: 5f0935f43e51f0c1a26d298c964eb0365b6f5390
0x41,0x74,0x74,0x61,0x63,0x6b,0x65,0x72,0xff,0xff,0xf7,0xff,0xff,0xff,0xff,0xff,
Attacker\377\377\367\377\377\377\377\377
artifact_prefix='/tmp/libfuzzer-out-3182901598/'; Test unit written to /tmp/libfuzzer-out-3182901598/crash-d76ef491d7970a393dbafa6bfca19ec6872ff2f5
Base64: QXR0YWNrZXL///f//////w==
The text was updated successfully, but these errors were encountered: