标题: 一些 bugs

分类: Fuzzing
创建: 2023-09-08 22:48
修改: 2023-09-22 00:28
链接: http://0x2531.tech/fuzzing/202309082248.txt

--------------------------------------------------------------------------------

最近使用 afl 发现的一些 bugs，记录一下。


项目：sonic [https://github.com/waywardgeek/sonic]
缺陷类型：段错误、浮点数异常
详情：

1 SEGV bug

=================================================================
==20417==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000028 (pc 
0x00000040853a bp 0x000000000000 sp 0x7fff7d053cc8 T0)
==20417==The signal is caused by a WRITE memory access.
==20417==Hint: address points to the zero page.
#0 0x408539 in sonicSetSpeed /root/Sec/Fuzzing/projects/sonic_asan/sonic.c:285
#1 0x405e58 in runSonic /root/Sec/Fuzzing/projects/sonic_asan/main.c:43
#2 0x4015f2 in main /root/Sec/Fuzzing/projects/sonic_asan/main.c:184
#3 0x7f538a7f5554 in __libc_start_main (/lib64/libc.so.6+0x22554)
#4 0x401a0b (/root/Sec/Fuzzing/projects/sonic_asan/sonic+0x401a0b)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /root/Sec/Fuzzing/projects/sonic_asan/sonic.c:285 in 
sonicSetSpeed
==20417==ABORTING

2 FPE bugs

=================================================================
==12489==ERROR: AddressSanitizer: FPE on unknown address 0x000000405ee5 (pc 
0x000000405ee5 bp 0x60d000000040 sp 0x7ffe49cf7dc0 T0)
#0 0x405ee4 in runSonic /root/Sec/Fuzzing/projects/sonic_asan/main.c:55
#1 0x4015f2 in main /root/Sec/Fuzzing/projects/sonic_asan/main.c:184
#2 0x7f64375d7554 in __libc_start_main (/lib64/libc.so.6+0x22554)
#3 0x401a0b (/root/Sec/Fuzzing/projects/sonic_asan/sonic+0x401a0b)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: FPE /root/Sec/Fuzzing/projects/sonic_asan/main.c:55 in 
runSonic
==12489==ABORTING

=================================================================
==12995==ERROR: AddressSanitizer: FPE on unknown address 0x000000407309 (pc 
0x000000407309 bp 0x000000000000 sp 0x7ffcc9c9bd70 T0)
#0 0x407308 in findPitchPeriodInRange /root/Sec/Fuzzing/projects/sonic_asan/
sonic.c:778
#1 0x407308 in findPitchPeriod /root/Sec/Fuzzing/projects/sonic_asan/sonic.c:822
#2 0x407308 in changeSpeed /root/Sec/Fuzzing/projects/sonic_asan/sonic.c:1109
#3 0x407308 in processStreamInput /root/Sec/Fuzzing/projects/sonic_asan/sonic.c:1158
#4 0x405f56 in runSonic /root/Sec/Fuzzing/projects/sonic_asan/main.c:59
#5 0x4015f2 in main /root/Sec/Fuzzing/projects/sonic_asan/main.c:184
#6 0x7f280e242554 in __libc_start_main (/lib64/libc.so.6+0x22554)
#7 0x401a0b (/root/Sec/Fuzzing/projects/sonic_asan/sonic+0x401a0b)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: FPE /root/Sec/Fuzzing/projects/sonic_asan/sonic.c:778 in 
findPitchPeriodInRange
==12995==ABORTING


项目：CImg [https://github.com/GreycLab/CImg]
缺陷类型：内存泄露
漏洞编号：CVE-2023-41484
详情：

==26325==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 7499 byte(s) in 1 object(s) allocated from:
#0 0x7f7716c54cef in operator new[](unsigned long) ../../../../libsanitizer/asan/
asan_new_delete.cc:107
#1 0x54f41b in cimg_library::CImg::CImg(unsigned int, unsigned int, unsigned int, 
unsigned int) CImg/CImg.h:11793
#2 0x54f41b in cimg_library::CImg::_load_jpeg(_IO_FILE*, char const*) CImg/
CImg.h:51847
#3 0x58272f in cimg_library::CImg::load_jpeg(char const*) CImg/CImg.h:51771
#4 0x58272f in cimg_library::CImg::load(char const*) CImg/CImg.h:51419
#5 0x41d800 in cimg_library::CImg::assign(char const*) CImg/CImg.h:12578
#6 0x41d800 in load_image src/load_image.cc:49
#7 0x40f7e3 in print_iterate src/print_image.c:95
#8 0x40f7e3 in print_image src/print_image.c:77

SUMMARY: AddressSanitizer: 7499 byte(s) leaked in 1 allocation(s).

注：缺陷均已提交 issues 报告。