A heap-buffer-overflow was dex_descriptorClassToDot vdexExtractor-master/src/dex.c:1282 #77
Description
Description
A heap-buffer-overflow was triggered by dex_descriptorClassToDot vdexExtractor-master/src/dex.c:1282
Version
Ver. 0.6.0 Latest Commit
Environment
Ubuntu 18.04,64bit
Command
./make
./vdexExtractor -i poc -o out -f --deps
ASAN
ASAN log.
=================================================================
==27110==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6020000000d1 at pc 0x558b9c732dc2 bp 0x7ffcde3dde40 sp 0x7ffcde3dde30
WRITE of size 1 at 0x6020000000d1 thread T0
#0 0x558b9c732dc1 in dex_descriptorClassToDot /AFLplusplus/my_test/vdexExtractor-master/fuzzVal/vdexExtractor-master/src/dex.c:1282
#1 0x558b9c73108e in dex_dumpClassInfo /AFLplusplus/my_test/vdexExtractor-master/fuzzVal/vdexExtractor-master/src/dex.c:975
#2 0x558b9c755779 in vdex_backend_010_process vdex/vdex_backend_010.c:387
#3 0x558b9c7453f2 in vdex_010_process vdex/vdex_010.c:199
#4 0x558b9c73fafc in main /AFLplusplus/my_test/vdexExtractor-master/fuzzVal/vdexExtractor-master/src/vdexExtractor.c:257
#5 0x7fb6dd07d0b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2)
#6 0x558b9c72a94d in _start (/AFLplusplus/my_test/vdexExtractor-master/fuzzVal/vdexExtractor-master/bin/vdexExtractor+0x8c94d)
0x6020000000d1 is located 0 bytes to the right of 1-byte region [0x6020000000d0,0x6020000000d1)
allocated by thread T0 here:
#0 0x7fb6dd681c47 in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:145
#1 0x558b9c73d66a in utils_malloc /AFLplusplus/my_test/vdexExtractor-master/fuzzVal/vdexExtractor-master/src/utils.c:254
#2 0x558b9c73d6db in utils_calloc /AFLplusplus/my_test/vdexExtractor-master/fuzzVal/vdexExtractor-master/src/utils.c:263
#3 0x558b9c732d18 in dex_descriptorClassToDot /AFLplusplus/my_test/vdexExtractor-master/fuzzVal/vdexExtractor-master/src/dex.c:1279
#4 0x558b9c73108e in dex_dumpClassInfo /AFLplusplus/my_test/vdexExtractor-master/fuzzVal/vdexExtractor-master/src/dex.c:975
#5 0x558b9c755779 in vdex_backend_010_process vdex/vdex_backend_010.c:387
#6 0x558b9c7453f2 in vdex_010_process vdex/vdex_010.c:199
#7 0x558b9c73fafc in main /AFLplusplus/my_test/vdexExtractor-master/fuzzVal/vdexExtractor-master/src/vdexExtractor.c:257
#8 0x7fb6dd07d0b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2)
SUMMARY: AddressSanitizer: heap-buffer-overflow /AFLplusplus/my_test/vdexExtractor-master/fuzzVal/vdexExtractor-master/src/dex.c:1282 in dex_descriptorClassToDot
Shadow bytes around the buggy address:
0x0c047fff7fc0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c047fff7fd0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c047fff7fe0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c047fff7ff0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c047fff8000: fa fa 00 fa fa fa 00 07 fa fa fd fd fa fa fd fd
=>0x0c047fff8010: fa fa fd fa fa fa fd fa fa fa[01]fa fa fa fa fa
0x0c047fff8020: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c047fff8030: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c047fff8040: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c047fff8050: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c047fff8060: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
==27110==ABORTING
Poc
Poc file.
id_000007,sig_11,src_000000,time_3970,execs_3138,op_havoc,rep_4.zip