Comments (4)
vnmakarov
commented on June 27, 2024
Thank you for reporting this. I'll try to fix it as as soon as possible.
from mir.
vnmakarov
commented on June 27, 2024
I've fixed it by recent patches.
from mir.
clesmian
commented on June 27, 2024
4ff53b1 partially fixes the issue.
This file poc2.txt still leads to a heap use-after-free.
poc2.txt:0:0: warning -- no end of line at file end
=================================================================
==631532==ERROR: AddressSanitizer: heap-use-after-free on address 0x608000000020 at pc 0x5637c40eda59 bp 0x7f6ec6dfe040 sp 0x7f6ec6dfe030
READ of size 8 at 0x608000000020 thread T1
#0 0x5637c40eda58 in get_next_pptoken_1 c2mir/c2mir.c:1530
#1 0x5637c40fbf91 in get_next_pptoken c2mir/c2mir.c:1712
#2 0x5637c40fbf91 in processing c2mir/c2mir.c:3560
#3 0x5637c414f533 in pre c2mir/c2mir.c:3801
#4 0x5637c414f533 in c2mir_compile c2mir/c2mir.c:13468
#5 0x5637c4152d6a in compile c2mir/c2mir-driver.c:498
#6 0x7f6eca3e2608 in start_thread /build/glibc-SzIz7B/glibc-2.31/nptl/pthread_create.c:477
#7 0x7f6eca307132 in __clone (/lib/x86_64-linux-gnu/libc.so.6+0x11f132)
0x608000000020 is located 0 bytes inside of 88-byte region [0x608000000020,0x608000000078)
freed by thread T1 here:
#0 0x7f6eca65f40f in __interceptor_free ../../../../src/libsanitizer/asan/asan_malloc_linux.cc:122
#1 0x5637c40e80ca in free_stream c2mir/c2mir.c:894
#2 0x5637c40e80ca in get_next_pptoken_1 c2mir/c2mir.c:1529
previously allocated by thread T1 here:
#0 0x7f6eca65f808 in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cc:144
#1 0x5637c4077b58 in new_stream c2mir/c2mir.c:905
#2 0x5637c4077b58 in add_stream c2mir/c2mir.c:926
Thread T1 created by T0 here:
#0 0x7f6eca58c815 in __interceptor_pthread_create ../../../../src/libsanitizer/asan/asan_interceptors.cc:208
#1 0x5637c40676f8 in init_compilers c2mir/c2mir-driver.c:540
#2 0x5637c40676f8 in main c2mir/c2mir-driver.c:656
SUMMARY: AddressSanitizer: heap-use-after-free c2mir/c2mir.c:1530 in get_next_pptoken_1
Shadow bytes around the buggy address:
0x0c107fff7fb0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c107fff7fc0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c107fff7fd0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c107fff7fe0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c107fff7ff0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0c107fff8000: fa fa fa fa[fd]fd fd fd fd fd fd fd fd fd fd fa
0x0c107fff8010: fa fa fa fa fd fd fd fd fd fd fd fd fd fd fd fa
0x0c107fff8020: fa fa fa fa fd fd fd fd fd fd fd fd fd fd fd fa
0x0c107fff8030: fa fa fa fa 00 00 00 00 00 00 00 00 00 00 02 fa
0x0c107fff8040: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c107fff8050: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
==631532==ABORTING
from mir.
vnmakarov
commented on June 27, 2024
Sorry for the delay. I fixed this PR in my recent commit 55ec6a7
from mir.
Related Issues (20)
- Assertion failed: (0), function out_op, file mir2c.c, line 65 HOT 8
- Supplying custom allocation/deallocation routines HOT 2
- Building with zig and failing at runtime on `mir_hash_1`
- Support for system calls? HOT 11
- Issue 361 test case failed HOT 2
- Shebang support for Mir files? HOT 13
- Awk has a syntax error in the benchmarks HOT 16
- Allow MIR text to be mixed in with C API
- Bug in mir-gen-x86_64.c on bbv branch HOT 3
- Add Apple Silicon CI support HOT 2
- Assertion error in 'process_aggregate_arg' for anonymous struct/union HOT 2
- Assertion error in 'get_uptodate_def_insn' relating to division by `sizeof(char)` HOT 3
- Please implement _Thread_local HOT 1
- CMake build broken with 9b7aa03 HOT 2
- Feature request: add debug info support?
- v1.0.0 Undefined function _MIR_name_char_p when #MIR_NO_SCAN is used HOT 2
- v1.0.0 Fails to compile C code HOT 6
- v1.0.0 causes crashes during execution HOT 30
- Inconsistent MIR_BFS results in interp and gen HOT 2
- Graceful crash handling?
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from mir.