[Bug 9266] New: SIGSEGV on readtoken
bugzilla at busybox.net
bugzilla at busybox.net
Mon Sep 19 16:21:37 UTC 2016
https://bugs.busybox.net/show_bug.cgi?id=9266
Bug ID: 9266
Summary: SIGSEGV on readtoken
Product: Busybox
Version: unspecified
Hardware: All
OS: Linux
Status: NEW
Severity: normal
Priority: P5
Component: Other
Assignee: unassigned at busybox.net
Reporter: franco.costantini20 at gmail.com
CC: busybox-cvs at busybox.net
Target Milestone: ---
Created attachment 6676
--> https://bugs.busybox.net/attachment.cgi?id=6676&action=edit
test case
Hello, we recently found an invalid memory access parsing and executing fuzzed
bash code in Busybox 1.25.0.
We tested this issue on Ubuntu 14.04.5 (x86_64) but other configurations could
be affected. Please find attached the full .config file.
gdb backtrace is as follows:
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Program received signal SIGSEGV, Segmentation fault.
readtoken1 (c=123, syntax=0, eofmark=0x0, striptabs=0) at shell/ash.c:11153
11153 {
#0 readtoken1 (c=123, syntax=0, eofmark=0x0, striptabs=0) at shell/ash.c:11153
#1 0x00000000004c3238 in readtoken () at shell/ash.c:11953
#2 0x00000000004c4560 in pipeline () at shell/ash.c:10642
#3 0x00000000004c1409 in andor () at shell/ash.c:10612
#4 list (nlflag=nlflag at entry=0) at shell/ash.c:10565
#5 0x00000000004c3ef2 in parse_command () at shell/ash.c:11052
#6 0x00000000004c4583 in pipeline () at shell/ash.c:10647
#7 0x00000000004c1409 in andor () at shell/ash.c:10612
#8 list (nlflag=nlflag at entry=0) at shell/ash.c:10565
#9 0x00000000004c3ef2 in parse_command () at shell/ash.c:11052
#10 0x00000000004c4583 in pipeline () at shell/ash.c:10647
#11 0x00000000004c1409 in andor () at shell/ash.c:10612
#12 list (nlflag=nlflag at entry=0) at shell/ash.c:10565
#13 0x00000000004c3ef2 in parse_command () at shell/ash.c:11052
#14 0x00000000004c4583 in pipeline () at shell/ash.c:10647
#15 0x00000000004c1409 in andor () at shell/ash.c:10612
#16 list (nlflag=nlflag at entry=0) at shell/ash.c:10565
#17 0x00000000004c3ef2 in parse_command () at shell/ash.c:11052
#18 0x00000000004c4583 in pipeline () at shell/ash.c:10647
#19 0x00000000004c1409 in andor () at shell/ash.c:10612
#20 list (nlflag=nlflag at entry=0) at shell/ash.c:10565
#21 0x00000000004c3ef2 in parse_command () at shell/ash.c:11052
#22 0x00000000004c4583 in pipeline () at shell/ash.c:10647
#23 0x00000000004c1409 in andor () at shell/ash.c:10612
#24 list (nlflag=nlflag at entry=0) at shell/ash.c:10565
This issue was found using QuickFuzz, the file to reproduce it is attached.
Regards.
--
You are receiving this mail because:
You are on the CC list for the bug.
More information about the busybox-cvs
mailing list