| Summary: | AddressSanitizer: READ of size 1 in path_advance shell/ash.c:2391 | ||
|---|---|---|---|
| Product: | Busybox | Reporter: | Fernando Muñoz <fernando> |
| Component: | Other | Assignee: | unassigned |
| Status: | RESOLVED FIXED | ||
| Severity: | normal | CC: | busybox-cvs |
| Priority: | P5 | ||
| Version: | 1.24.x | ||
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Host: | Target: | ||
| Build: | |||
| Attachments: |
minimized test case
config used |
||
Created attachment 6361 [details]
config used
Fixed in git: commit e6a63bf683f47027d36dc21b62b2f5cc3eb30a30 Author: Ron Yorston <rmy@pobox.com> Date: Mon Nov 12 21:10:54 2018 +0000 ash: ensure variables are fully initialised when unset |
Created attachment 6356 [details] minimized test case test@kali:/root/fuzzshell$ ./busybox_unstripped sh min2.sh ================================================================= ==14108==ERROR: AddressSanitizer: heap-buffer-overflow on address 0xb4f00256 at pc 0x08078d6a bp 0xbfffe8d8 sp 0xbfffe8cc READ of size 1 at 0xb4f00256 thread T0 #0 0x8078d69 in path_advance shell/ash.c:2391 0xb4f00256 is located 0 bytes to the right of 6-byte region [0xb4f00250,0xb4f00256) allocated by thread T0 here: #0 0xb7afa25e in __interceptor_malloc (/usr/lib/i386-linux-gnu/libasan.so.2+0x9225e) #1 0x811d83f in xmalloc libbb/xfuncs_printf.c:47 SUMMARY: AddressSanitizer: heap-buffer-overflow shell/ash.c:2391 path_advance Shadow bytes around the buggy address: