[Bug 15216] New: There is a stack overflower in ash of busybox. Here is asan report.
bugzilla at busybox.net
bugzilla at busybox.net
Wed Dec 28 08:54:16 UTC 2022
https://bugs.busybox.net/show_bug.cgi?id=15216
Bug ID: 15216
Summary: There is a stack overflower in ash of busybox. Here is
asan report.
Product: Busybox
Version: 1.35.x
Hardware: PC
OS: Linux
Status: NEW
Severity: normal
Priority: P5
Component: Standard Compliance
Assignee: unassigned at busybox.net
Reporter: 79167666 at qq.com
CC: busybox-cvs at busybox.net
Target Milestone: ---
Created attachment 9441
--> https://bugs.busybox.net/attachment.cgi?id=9441&action=edit
./busybox_unstripped < poc
Discoverer: focu5 at Vlab of Vecentek
> ./busybox_unstripped < poc
=================================================================
==1034263==ERROR: AddressSanitizer: dynamic-stack-buffer-overflow on address
0x7fffffffcdd8 at pc 0x000001352be8 bp 0x7fffffffcc50 sp 0x7fffffffcc48
WRITE of size 8 at 0x7fffffffcdd8 thread T0
#0 0x1352be7 in evaluate_string
/home/focus/Desktop/work/target/busybox/shell/math.c:639:21
#1 0x114b813 in ash_arith
/home/focus/Desktop/work/target/busybox/shell/ash.c:6030:11
#2 0x113c7b7 in substr_atoi
/home/focus/Desktop/work/target/busybox/shell/ash.c:6042:14
#3 0x113c7b7 in subevalvar
/home/focus/Desktop/work/target/busybox/shell/ash.c:7160:10
#4 0x112c76a in evalvar
/home/focus/Desktop/work/target/busybox/shell/ash.c:7665:6
#5 0x1125a33 in argstr
/home/focus/Desktop/work/target/busybox/shell/ash.c:6892:8
#6 0x11172e9 in expandarg
/home/focus/Desktop/work/target/busybox/shell/ash.c:8089:2
#7 0x118136f in fill_arglist
/home/focus/Desktop/work/target/busybox/shell/ash.c:8810:3
#8 0x10f7bf2 in evalcommand
/home/focus/Desktop/work/target/busybox/shell/ash.c:10337:8
#9 0x10e8af8 in evaltree
/home/focus/Desktop/work/target/busybox/shell/ash.c:9364:12
#10 0x10403d0 in evalstring
/home/focus/Desktop/work/target/busybox/shell/ash.c:13435:7
#11 0x102cb24 in ash_main
/home/focus/Desktop/work/target/busybox/shell/ash.c:14688:3
#12 0x56f31b in run_applet_no_and_exit
/home/focus/Desktop/work/target/busybox/libbb/appletlib.c:1004:23
#13 0x57133c in run_applet_and_exit
/home/focus/Desktop/work/target/busybox/libbb/appletlib.c:1022:4
#14 0x571009 in main
/home/focus/Desktop/work/target/busybox/libbb/appletlib.c:1182:13
#15 0x7ffff7c43082 in __libc_start_main
/build/glibc-SzIz7B/glibc-2.31/csu/../csu/libc-start.c:308:16
#16 0x4200dd in _start
(/home/focus/Desktop/work/target/busybox/busybox_unstripped+0x4200dd)
Address 0x7fffffffcdd8 is located in stack of thread T0
SUMMARY: AddressSanitizer: dynamic-stack-buffer-overflow
/home/focus/Desktop/work/target/busybox/shell/math.c:639:21 in evaluate_string
Shadow bytes around the buggy address:
0x10007fff7960: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10007fff7970: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10007fff7980: 00 00 00 00 00 00 00 00 00 00 00 00 ca ca ca ca
0x10007fff7990: 02 cb cb cb cb cb cb cb ca ca ca ca 00 01 cb cb
0x10007fff79a0: cb cb cb cb ca ca ca ca 00 00 00 00 00 00 00 00
=>0x10007fff79b0: 00 00 00 00 00 00 00 00 cb cb cb[cb]f1 f1 f1 f1
0x10007fff79c0: 00 f2 f2 f2 00 f3 f3 f3 00 00 00 00 00 00 00 00
0x10007fff79d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10007fff79e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10007fff79f0: f1 f1 f1 f1 00 00 00 00 f3 f3 f3 f3 00 00 00 00
0x10007fff7a00: 00 00 00 00 00 00 00 00 f1 f1 f1 f1 04 f3 f3 f3
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
==1034263==ABORTING
--
You are receiving this mail because:
You are on the CC list for the bug.
More information about the busybox-cvs
mailing list