NetBSD Problem Report #52716
From www@NetBSD.org Fri Nov 10 13:16:34 2017
Return-Path: <www@NetBSD.org>
Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(Client CN "mail.NetBSD.org", Issuer "mail.NetBSD.org CA" (not verified))
by mollari.NetBSD.org (Postfix) with ESMTPS id 8B47D7A1C6
for <gnats-bugs@gnats.NetBSD.org>; Fri, 10 Nov 2017 13:16:34 +0000 (UTC)
Message-Id: <20171110131633.7E2B47A214@mollari.NetBSD.org>
Date: Fri, 10 Nov 2017 13:16:33 +0000 (UTC)
From: coypu@sdf.org
Reply-To: coypu@sdf.org
To: gnats-bugs@NetBSD.org
Subject: nvi dies with address sanitizer
X-Send-Pr-Version: www-1.0
>Number: 52716
>Category: bin
>Synopsis: nvi dies with address sanitizer
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: bin-bug-people
>State: closed
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Fri Nov 10 13:20:00 +0000 2017
>Closed-Date: Fri Nov 10 15:14:24 +0000 2017
>Last-Modified: Fri Nov 10 15:14:24 +0000 2017
>Originator: coypu
>Release: nvi from -current as of nov 11 2017
>Organization:
>Environment:
NetBSD localhost 8.0_BETA NetBSD 8.0_BETA (GENERIC.201711061200Z) amd64
>Description:
cd /usr/src/external/*/nvi
make USETOOLS=no CFLAGS="-g -ggdb3 -Og -fsanitize=address -fsanitize=undefined -fPIC" LDFLAGS="-lubsan -lasan" -j20
echo "123" > testcase
env LD_PRELOAD=/usr/lib/libasan.so ./usr.bin/nvi/vi testcase
=================================================================
==25727==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x619000001db0 at pc 0x7f7ff6c23bad bp 0x7f7fffffd8f0 sp 0x7f7fffffd0a0
READ of size 1024 at 0x619000001db0 thread T0
#0 0x7f7ff6c23bac (/usr/lib/libasan.so+0x23bac)
#1 0x52b1b8 in db_get /usr/src/external/bsd/nvi/dist/common/vi_db1.c:187
#2 0x47b2c3 in file_cinit /usr/src/external/bsd/nvi/dist/common/exf.c:594
#3 0x4802d0 in file_init /usr/src/external/bsd/nvi/dist/common/exf.c:415
#4 0x48bb9b in editor /usr/src/external/bsd/nvi/dist/common/main.c:392
#5 0x40f0a2 in main /usr/src/external/bsd/nvi/dist/cl/cl_main.c:134
#6 0x404c6a in ___start (/usr/src/external/bsd/nvi/usr.bin/nvi/vi+0x404c6a)
0x619000001db0 is located 0 bytes to the right of 1072-byte region [0x619000001980,0x619000001db0)
allocated by thread T0 here:
#0 0x7f7ff6c16036 in calloc (/usr/lib/libasan.so+0x16036)
#1 0x7f7ff4f16284 (/usr/lib/libc.so.12+0x116284)
SUMMARY: AddressSanitizer: heap-buffer-overflow ??:0 ??
Shadow bytes around the buggy address:
0x0c327fff8360: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c327fff8370: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c327fff8380: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c327fff8390: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c327fff83a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0c327fff83b0: 00 00 00 00 00 00[fa]fa fa fa fa fa fa fa fa fa
0x0c327fff83c0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c327fff83d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c327fff83e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c327fff83f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c327fff8400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap right redzone: fb
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
==25727==ABORTING
>How-To-Repeat:
>Fix:
>Release-Note:
>Audit-Trail:
From: "Rin Okuyama" <rin@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/52716 CVS commit: src/external/bsd/nvi/dist
Date: Fri, 10 Nov 2017 14:35:25 +0000
Module Name: src
Committed By: rin
Date: Fri Nov 10 14:35:25 UTC 2017
Modified Files:
src/external/bsd/nvi/dist/common: vi_db1.c
src/external/bsd/nvi/dist/ex: ex.c
Log Message:
PR bin/52716 fix buffer overrun found by libasan
To generate a diff of this commit:
cvs rdiff -u -r1.8 -r1.9 src/external/bsd/nvi/dist/common/vi_db1.c
cvs rdiff -u -r1.4 -r1.5 src/external/bsd/nvi/dist/ex/ex.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
State-Changed-From-To: open->closed
State-Changed-By: maya@NetBSD.org
State-Changed-When: Fri, 10 Nov 2017 15:14:24 +0000
State-Changed-Why:
Fixed by rin, thanks!
>Unformatted:
(Contact us)
$NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2014
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.