You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
testcase:EASYFUZZ(FwqYLJGS){
//用户被测接口需要的与fuzz无关的变量声明以及接口上下文。
// ---comment int * rfbGetScreen.argc
int * argc_YNnvjaJn = (int *) fuzzInt32(0);
// ---comment char * * rfbGetScreen.argv
char * EcOVZIWm = (char *) fuzzstring(1);
char * * argv_fUdAxCJF = & EcOVZIWm;
// ---comment int rfbGetScreen.width
int width_uLpmnCVk = * (int *) fuzzInt32(2);
// ---comment int rfbGetScreen.height
int height_fpHPNqHb = * (int *) fuzzInt32(3);
// ---comment int rfbGetScreen.bitsPerSample
int bitsPerSample_WAHEnxom = * (int *) fuzzInt32(4);
// ---comment int rfbGetScreen.samplesPerPixel
int samplesPerPixel_hGttfBZf = * (int *) fuzzInt32(5);
// ---comment int rfbGetScreen.bytesPerPixel
int bytesPerPixel_uxkrfWUW = * (int *) fuzzInt32(6);
rfbScreenInfoPtr FvPkThpQ = rfbGetScreen(argc_YNnvjaJn, argv_fUdAxCJF, width_uLpmnCVk, height_fpHPNqHb, bitsPerSample_WAHEnxom, samplesPerPixel_hGttfBZf, bytesPerPixel_uxkrfWUW);
}
the crash logs:
==132==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7ffca1760de8 at pc 0x7f360bdbc780 bp 0x7ffca1760c20 sp 0x7ffca1760c10
READ of size 8 at 0x7ffca1760de8 thread T0
#0 0x7f360bdbc77f in rfbProcessArguments /cloud_proj/pr1679550382741imagysjawxnitcux/libvncserver/cargs.c:88 #1 0x7f360bd51d35 in rfbGetScreen /cloud_proj/pr1679550382741imagysjawxnitcux/libvncserver/main.c:999 #2 0x5593caa738c4 in easyloop /dockerin/test_file.c:35 #3 0x5593caa7340b in main /opt1/software/betafuzz/srap/wrapentry.c:108 #4 0x7f360ba63d8f (/lib/x86_64-linux-gnu/libc.so.6+0x29d8f) #5 0x7f360ba63e3f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x29e3f) #6 0x5593caa73464 in _start (/dockerin/clouditera+0x1464)
Address 0x7ffca1760de8 is located in stack of thread T0 at offset 72 in frame
#0 0x5593caa73538 in easyloop /dockerin/test_file.c:7
This frame has 2 object(s):
[32, 40) 'forkloop' (line 14)
[64, 72) 'EcOVZIWm' (line 20) <== Memory access at offset 72 overflows this variable
HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork
(longjmp and C++ exceptions are supported)
SUMMARY: AddressSanitizer: stack-buffer-overflow /cloud_proj/pr1679550382741imagysjawxnitcux/libvncserver/cargs.c:88 in rfbProcessArguments
Shadow bytes around the buggy address:
0x1000142e4160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x1000142e4170: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x1000142e4180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1
0x1000142e4190: f1 f1 04 f3 f3 f3 00 00 00 00 00 00 00 00 00 00
0x1000142e41a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x1000142e41b0: 00 00 00 00 f1 f1 f1 f1 00 f2 f2 f2 00[f3]f3 f3
0x1000142e41c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x1000142e41d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x1000142e41e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x1000142e41f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x1000142e4200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
The text was updated successfully, but these errors were encountered:
testcase:EASYFUZZ(FwqYLJGS){
//用户被测接口需要的与fuzz无关的变量声明以及接口上下文。
// ---comment int * rfbGetScreen.argc
int * argc_YNnvjaJn = (int *) fuzzInt32(0);
// ---comment char * * rfbGetScreen.argv
char * EcOVZIWm = (char *) fuzzstring(1);
char * * argv_fUdAxCJF = & EcOVZIWm;
// ---comment int rfbGetScreen.width
int width_uLpmnCVk = * (int *) fuzzInt32(2);
// ---comment int rfbGetScreen.height
int height_fpHPNqHb = * (int *) fuzzInt32(3);
// ---comment int rfbGetScreen.bitsPerSample
int bitsPerSample_WAHEnxom = * (int *) fuzzInt32(4);
// ---comment int rfbGetScreen.samplesPerPixel
int samplesPerPixel_hGttfBZf = * (int *) fuzzInt32(5);
// ---comment int rfbGetScreen.bytesPerPixel
int bytesPerPixel_uxkrfWUW = * (int *) fuzzInt32(6);
rfbScreenInfoPtr FvPkThpQ = rfbGetScreen(argc_YNnvjaJn, argv_fUdAxCJF, width_uLpmnCVk, height_fpHPNqHb, bitsPerSample_WAHEnxom, samplesPerPixel_hGttfBZf, bytesPerPixel_uxkrfWUW);
}
the crash logs:
==132==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7ffca1760de8 at pc 0x7f360bdbc780 bp 0x7ffca1760c20 sp 0x7ffca1760c10
READ of size 8 at 0x7ffca1760de8 thread T0
#0 0x7f360bdbc77f in rfbProcessArguments /cloud_proj/pr1679550382741imagysjawxnitcux/libvncserver/cargs.c:88
#1 0x7f360bd51d35 in rfbGetScreen /cloud_proj/pr1679550382741imagysjawxnitcux/libvncserver/main.c:999
#2 0x5593caa738c4 in easyloop /dockerin/test_file.c:35
#3 0x5593caa7340b in main /opt1/software/betafuzz/srap/wrapentry.c:108
#4 0x7f360ba63d8f (/lib/x86_64-linux-gnu/libc.so.6+0x29d8f)
#5 0x7f360ba63e3f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x29e3f)
#6 0x5593caa73464 in _start (/dockerin/clouditera+0x1464)
Address 0x7ffca1760de8 is located in stack of thread T0 at offset 72 in frame
#0 0x5593caa73538 in easyloop /dockerin/test_file.c:7
This frame has 2 object(s):
[32, 40) 'forkloop' (line 14)
[64, 72) 'EcOVZIWm' (line 20) <== Memory access at offset 72 overflows this variable
HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork
(longjmp and C++ exceptions are supported)
SUMMARY: AddressSanitizer: stack-buffer-overflow /cloud_proj/pr1679550382741imagysjawxnitcux/libvncserver/cargs.c:88 in rfbProcessArguments
Shadow bytes around the buggy address:
0x1000142e4160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x1000142e4170: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x1000142e4180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1
0x1000142e4190: f1 f1 04 f3 f3 f3 00 00 00 00 00 00 00 00 00 00
0x1000142e41a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x1000142e41b0: 00 00 00 00 f1 f1 f1 f1 00 f2 f2 f2 00[f3]f3 f3
0x1000142e41c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x1000142e41d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x1000142e41e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x1000142e41f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x1000142e4200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
The text was updated successfully, but these errors were encountered: