View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0005493 | libextractor | extract | public | 2018-12-04 09:07 | 2019-02-14 10:30 |
| Reporter | Jin | Assigned To | Christian Grothoff | ||
| Priority | normal | Severity | major | Reproducibility | always |
| Status | closed | Resolution | fixed | ||
| Platform | Linux | OS | Ubuntu | OS Version | 16.04 x64 |
| Product Version | 1.8 | ||||
| Target Version | 1.9 | Fixed in Version | 1.9 | ||
| Summary | 0005493: Out of Bound Read in function history_extract of ole2_extractor.c | ||||
| Description | Description: Function history_extract() in ole2_extractor.c contains an out of bound read problem. Details with asan output is as below: ================================================================= ==3258==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x619000013f8c at pc 0x00000044393f bp 0x7ffec17b3570 sp 0x7ffec17b2d20 READ of size 1030 at 0x619000013f8c thread T0 #0 0x44393e in __strdup /src/llvm/projects/compiler-rt/lib/asan/asan_interceptors.cc:461 #1 0x7f3adcfea704 in EXTRACTOR_common_convert_to_utf8 /src/libextractor/src/common/convert.c #2 0x7f3add1f7448 in history_extract /src/libextractor/src/plugins/ole2_extractor.c:576:16 #3 0x7f3add1f5cf6 in EXTRACTOR_ole2_extract_method /src/libextractor/src/plugins/ole2_extractor.c:993:10 #4 0x7f3ae1e70475 in handle_start_message /src/libextractor/src/main/extractor_plugin_main.c:481:3 #5 0x7f3ae1e6fb38 in process_requests /src/libextractor/src/main/extractor_plugin_main.c:532:13 #6 0x7f3ae1e6f753 in EXTRACTOR_plugin_main_ /src/libextractor/src/main/extractor_plugin_main.c:633:3 #7 0x7f3ae1e6ac18 in EXTRACTOR_IPC_channel_create_ /src/libextractor/src/main/extractor_ipc_gnu.c:355:7 #8 0x7f3ae1e71ce6 in EXTRACTOR_extract /src/libextractor/src/main/extractor.c:658:17 #9 0x52aaf4 in main /src/libextractor/src/main/extract.c:983:2 #10 0x7f3ae0f5b82f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f) #11 0x41acf8 in _start (/usr/local/bin/extract+0x41acf8) 0x619000013f8c is located 0 bytes to the right of 1036-byte region [0x619000013b80,0x619000013f8c) allocated by thread T0 here: #0 0x4e9a2f in malloc /src/llvm/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:146 #1 0x7f3add1f7330 in history_extract /src/libextractor/src/plugins/ole2_extractor.c:560:26 #2 0x7f3add1f5cf6 in EXTRACTOR_ole2_extract_method /src/libextractor/src/plugins/ole2_extractor.c:993:10 #3 0x7f3ae1e70475 in handle_start_message /src/libextractor/src/main/extractor_plugin_main.c:481:3 #4 0x7f3ae1e6fb38 in process_requests /src/libextractor/src/main/extractor_plugin_main.c:532:13 #5 0x7f3ae1e6f753 in EXTRACTOR_plugin_main_ /src/libextractor/src/main/extractor_plugin_main.c:633:3 #6 0x7f3ae1e6ac18 in EXTRACTOR_IPC_channel_create_ /src/libextractor/src/main/extractor_ipc_gnu.c:355:7 #7 0x7f3ae1e71ce6 in EXTRACTOR_extract /src/libextractor/src/main/extractor.c:658:17 #8 0x52aaf4 in main /src/libextractor/src/main/extract.c:983:2 #9 0x7f3ae0f5b82f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f) SUMMARY: AddressSanitizer: heap-buffer-overflow /src/llvm/projects/compiler-rt/lib/asan/asan_interceptors.cc:461 in __strdup Shadow bytes around the buggy address: 0x0c327fffa7a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c327fffa7b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c327fffa7c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c327fffa7d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c327fffa7e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 =>0x0c327fffa7f0: 00[04]fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c327fffa800: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c327fffa810: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c327fffa820: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c327fffa830: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c327fffa840: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb Shadow gap: cc ==3258==ABORTING credit:ADLab of Venustech | ||||
| Steps To Reproduce | extract ole2-crash-ole2_extractor.c_576 | ||||
| Tags | No tags attached. | ||||
| Attached Files | |||||
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2018-12-04 09:07 | Jin | New Issue | |
| 2018-12-04 09:07 | Jin | File Added: ole2-crash-ole2_extractor.c_576 | |
| 2018-12-04 09:08 | Jin | File Added: ole2-crash-ole2_extractor.c_588 | |
| 2018-12-04 09:08 | Jin | Note Added: 0013383 | |
| 2018-12-20 21:40 | Christian Grothoff | Assigned To | => Christian Grothoff |
| 2018-12-20 21:40 | Christian Grothoff | Status | new => assigned |
| 2018-12-20 22:49 | Christian Grothoff | Status | assigned => resolved |
| 2018-12-20 22:49 | Christian Grothoff | Resolution | open => fixed |
| 2018-12-20 22:49 | Christian Grothoff | Fixed in Version | => 1.9 |
| 2018-12-20 22:49 | Christian Grothoff | Note Added: 0013429 | |
| 2018-12-20 22:49 | Christian Grothoff | Target Version | => 1.9 |
| 2019-02-14 10:30 | Christian Grothoff | Status | resolved => closed |
