Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

NULL pointer dereference in libyara/re.c #2084

Closed
djuricmilan opened this issue Jun 3, 2024 · 0 comments
Closed

NULL pointer dereference in libyara/re.c #2084

djuricmilan opened this issue Jun 3, 2024 · 0 comments
Labels
bug

Comments

@djuricmilan
Copy link

Describe the bug
There is a NULL pointer dereference in function _yr_re_fiber_sync inside libyara/re.c. As visible in the attached screenshot from GDB, the content of the memory pointed to by fiber is 0x00000000. The code dereferences this address to access the member ip which results in a segmentation fault.

To Reproduce
Build yara version v4.5.0 from source with ASAN.
The PoC is given in the ZIP file: yara.zip

yara ./id:000000,sig:06,src:001106,op:arith8,pos:51,val:-18 3.yar

ASAN trace:

AddressSanitizer:DEADLYSIGNAL
=================================================================
==220214==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x55c38eab1c44 bp 0x55c38eb5fd60 sp 0x7fff13e5fcf0 T0)
==220214==The signal is caused by a READ memory access.
==220214==Hint: address points to the zero page.
    #0 0x55c38eab1c44  (/nix/store/700pirxid807dlf3bsyzv5627vmlcfyn-target_final/bin/yara+0x1e9c44)
    #1 0x55c38eaaf858  (/nix/store/700pirxid807dlf3bsyzv5627vmlcfyn-target_final/bin/yara+0x1e7858)
    #2 0x55c38eacf282  (/nix/store/700pirxid807dlf3bsyzv5627vmlcfyn-target_final/bin/yara+0x207282)
    #3 0x55c38eac1433  (/nix/store/700pirxid807dlf3bsyzv5627vmlcfyn-target_final/bin/yara+0x1f9433)
    #4 0x55c38eac070e  (/nix/store/700pirxid807dlf3bsyzv5627vmlcfyn-target_final/bin/yara+0x1f870e)
    #5 0x55c38eac1b99  (/nix/store/700pirxid807dlf3bsyzv5627vmlcfyn-target_final/bin/yara+0x1f9b99)
    #6 0x55c38ea405d8  (/nix/store/700pirxid807dlf3bsyzv5627vmlcfyn-target_final/bin/yara+0x1785d8)
    #7 0x55c38ea3cbe2  (/nix/store/700pirxid807dlf3bsyzv5627vmlcfyn-target_final/bin/yara+0x174be2)
    #8 0x7f515c3e1fcd  (/nix/store/p9ysh5rk109gyjj3cn6jr54znvvlahfl-glibc-2.38-66/lib/libc.so.6+0x27fcd) (BuildId: 26495ff69df462534fb238dc0fb1608f6f75576a)
    #9 0x7f515c3e2088  (/nix/store/p9ysh5rk109gyjj3cn6jr54znvvlahfl-glibc-2.38-66/lib/libc.so.6+0x28088) (BuildId: 26495ff69df462534fb238dc0fb1608f6f75576a)
    #10 0x55c38e90c594  (/nix/store/700pirxid807dlf3bsyzv5627vmlcfyn-target_final/bin/yara+0x44594)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV (/nix/store/700pirxid807dlf3bsyzv5627vmlcfyn-target_final/bin/yara+0x1e9c44) 
==220214==ABORTING

Screenshots
image

Please complete the following information:

  • OS: Ubuntu x86_64 Linux
  • YARA version: 4.5.0, compiled with clang 16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@djuricmilan