[Bug 8641] busybox can't be used with ASAN enabled

bugzilla at busybox.net bugzilla at busybox.net
Wed Feb 3 06:56:35 UTC 2016


https://bugs.busybox.net/show_bug.cgi?id=8641

--- Comment #2 from Fernando Muñoz <fernando at null-life.com> ---
My .config file https://paste.kde.org/pq4lr6xax

Steps:

apt-get build-dep busybox
apt-get source busybox
cd busybox-1.22.0
Replaced hardcoded "gcc" and "g++" values in Makefile (HOSTCC, HOSTCXX, CC) for
afl-gcc and afl-g++ (gcc /g++ wrapper included in fuzzer) [1]
make defconfig
AFL_USE_ASAN=1 make

AFL_USE_ASAN environment var tells afl-gcc to enable AddressSanitizer. 

After that I just run the busybox_unstripped binary.

I just tried it on a 1.24.1 tarball and got the same error:
root at kali:~/bash/busybox-1.24.1# ./busybox_unstripped 
=================================================================
==18714==ERROR: AddressSanitizer: stack-buffer-overflow on address 0xbffff384
at pc 0x0807de43 bp 0xbffff2cc sp 0xbffff2c0
WRITE of size 4 at 0xbffff384 thread T0
    #0 0x807de42 in get_terminal_width_height libbb/xfuncs.c:270

Address 0xbffff384 is located in stack of thread T0==18714==AddressSanitizer
CHECK failed: ../../../../src/libsanitizer/asan/asan_thread.cc:231 "((ptr[0] ==
kCurrentStackFrameMagic)) != (0)" (0x0, 0x0)
    #0 0xb7b064ec  (/usr/lib/i386-linux-gnu/libasan.so.2+0x9a4ec)
    #1 0xb7b0b3b9 in __sanitizer::CheckFailed(char const*, int, char const*,
unsigned long long, unsigned long long)
(/usr/lib/i386-linux-gnu/libasan.so.2+0x9f3b9)
    #2 0xb7b09195  (/usr/lib/i386-linux-gnu/libasan.so.2+0x9d195)
    #3 0xb7b034a6  (/usr/lib/i386-linux-gnu/libasan.so.2+0x974a6)
    #4 0xb7b03a89  (/usr/lib/i386-linux-gnu/libasan.so.2+0x97a89)
    #5 0xb7b053c7 in __asan_report_error
(/usr/lib/i386-linux-gnu/libasan.so.2+0x993c7)
    #6 0xb7b06b95 in __asan_report_store4
(/usr/lib/i386-linux-gnu/libasan.so.2+0x9ab95)
    #7 0x807de42 in get_terminal_width_height libbb/xfuncs.c:270

Could be something about my terminal environment? I tried it on xterm and XFCE
default terminal.

Line 270 says: *width = wh_helper(win.ws_col, 80, "COLUMNS", &err);

[1] http://lcamtuf.coredump.cx/afl/

-- 
You are receiving this mail because:
You are on the CC list for the bug.


More information about the busybox-cvs mailing list