Enviar #586922: radare2 radiff2 5.9.9 and master branch Memory corruptioninformación

Título	radare2 radiff2 5.9.9 and master branch Memory corruption
Descripción	Summary Segmentation Fault in radiff2 Tool Caused by Write Access to Zero Page Environment radare2 version: 5.9.9 and master branch Commit: git.5.9.9 Build options: gpl release -O1 cs:5 cl:2 make Operating System: Ubuntu 22.04 x86_64 Architecture: x86_64 Steps to reproduce export CFLAGS="-g -O0 -fno-inline -fno-lto -fsanitize=address" export CXXFLAGS="-g -O0 -fno-inline -fno-lto -fsanitize=address" ./configure --without-qjs make -j64 & make install root@46b925a575de:# ./radiff2 -AA -b 64 -B 0x8048000 -c px -d -e asm.bits=32 -g 0x1000,0x2000 -n -t 90 -T -u -U -V POC1 POC2 AddressSanitizer:DEADLYSIGNAL ================================================================= ==1707299==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000058 (pc 0x7f420429b557 bp 0x604000004d50 sp 0x7f41fd4f27c0 T2) ==1707299==The signal is caused by a WRITE memory access. ==1707299==Hint: address points to the zero page. #0 0x7f420429b557 in __cons_pal_update_event /root/this-program/radare2-dfe3eea/libr/cons/pal.c:153 #1 0x7f420429b2ad in r_cons_pal_init /root/this-program/radare2-dfe3eea/libr/cons/pal.c:263 #2 0x7f420426ee11 in init_cons_context /root/this-program/radare2-dfe3eea/libr/cons/cons.c:166 #3 0x7f420426cecc in r_cons_new /root/this-program/radare2-dfe3eea/libr/cons/cons.c:684 #4 0x7f4203928612 in r_core_init /root/this-program/radare2-dfe3eea/libr/core/core.c:2618 #5 0x7f42039281d8 in r_core_new /root/this-program/radare2-dfe3eea/libr/core/core.c:386 #6 0x7f4200e96d06 in opencore /root/this-program/radare2-dfe3eea/libr/main/radiff2.c:78 #7 0x7f4200e96cac in thready_core /root/this-program/radare2-dfe3eea/libr/main/radiff2.c:1313 #8 0x7f4203f5b038 in _r_th_launcher /root/this-program/radare2-dfe3eea/libr/util/thread.c:53 #9 0x7f4200cc0ac2 in start_thread nptl/pthread_create.c:442 #10 0x7f4200d5284f (/lib/x86_64-linux-gnu/libc.so.6+0x12684f) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV /root/this-program/radare2-dfe3eea/libr/cons/pal.c:153 in __cons_pal_update_event Thread T2 created by T0 here: INFO: Analyze all flags starting with sym. and entry0 (aa) INFO: Analyze imports (af@@@i) #0 0x7f4204639685 in __interceptor_pthread_create ../../../../src/libsanitizer/asan/asan_interceptors.cpp:216 #1 0x7f4203f5aea9 in r_th_new /root/this-program/radare2-dfe3eea/libr/util/thread.c:259 ==1707299==ABORTING POC https://drive.google.com/file/d/1LVaraZB30lJXtrvp-4bcEJrZYFJb2bfc/view?usp=sharing Credit Xiaoguo Li (CUPL) Xudong Cao (UCAS)
Fuente	⚠️ https://github.com/radareorg/radare2/issues/24234
Usuario	rootsec (UID 85929)
Sumisión	2025-05-29 19:00 (hace 1 Año)
Moderación	2025-06-04 14:17 (6 days later)
Estado	Aceptado
Entrada de VulDB	311133 [Radare2 5.9.9 radiff2 /libr/cons/pal.c r_cons_pal_init -T desbordamiento de búfer]
Puntos	20

◂ Anterior Visión De Conjunto Próximo ▸

Interested in the pricing of exploits?

See the underground prices here!