Invia #586923: radare2 radiff2 5.9.9 and master branch Memory corruptioninformazioni

Titoloradare2 radiff2 5.9.9 and master branch Memory corruption
DescrizioneSummary Double-Free Error in radiff2 Tool During Cons Palette Initialization Environment radare2 version: 5.9.9 and master branch Commit: git.5.9.9 Build options: gpl release -O1 cs:5 cl:2 make Operating System: Ubuntu 22.04 x86_64 Architecture: x86_64 Steps to reproduce export CFLAGS="-g -O0 -fno-inline -fno-lto -fsanitize=address" export CXXFLAGS="-g -O0 -fno-inline -fno-lto -fsanitize=address" ./configure --without-qjs make -j64 & make install root@46b925a575de:# ./radiff2 -AA -B 0x100 -D -e io.cache=true -g 0x1000,0x2000 -n -p -q -r -t 90 -T -U -V POC1 POC2 ================================================================= ==2128085==ERROR: AddressSanitizer: attempting double-free on 0x6080000046a0 in thread T2: #0 0x7fb98b591537 in __interceptor_free ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:127 #1 0x7fb98b19787e in r_cons_rainbow_free /root/this-program/radare2-dfe3eea/libr/cons/pal.c:705 #2 0x7fb98b197499 in __cons_pal_update_event /root/this-program/radare2-dfe3eea/libr/cons/pal.c:150 #3 0x7fb98b1972ad in r_cons_pal_init /root/this-program/radare2-dfe3eea/libr/cons/pal.c:263 #4 0x7fb98a9b2d84 in cmd_load_theme cmd_eval.inc.c:203 #5 0x7fb98a9b0d2b in cmd_ec cmd_eval.inc.c #6 0x7fb98a8a067d in cmd_eval cmd_eval.inc.c:814 #7 0x7fb98aad265b in r_cmd_call /root/this-program/radare2-dfe3eea/libr/core/cmd_api.c:423 INFO: Analyze all flags starting with sym. and entry0 (aa) INFO: Analyze imports (af@@@i) #8 0x7fb98aa33706 in cb_scrrainbow /root/this-program/radare2-dfe3eea/libr/core/cconfig.c #9 0x7fb98b1412e4 in r_config_set_cb /root/this-program/radare2-dfe3eea/libr/config/config.c:404 #10 0x7fb98aa29c01 in r_core_config_init /root/this-program/radare2-dfe3eea/libr/core/cconfig.c:3818 #11 0x7fb98a825028 in r_core_init /root/this-program/radare2-dfe3eea/libr/core/core.c:2754 #12 0x7fb98a8241d8 in r_core_new /root/this-program/radare2-dfe3eea/libr/core/core.c:386 #13 0x7fb987d92d06 in opencore /root/this-program/radare2-dfe3eea/libr/main/radiff2.c:78 #14 0x7fb987d92cac in thready_core /root/this-program/radare2-dfe3eea/libr/main/radiff2.c:1313 #15 0x7fb98ae57038 in _r_th_launcher /root/this-program/radare2-dfe3eea/libr/util/thread.c:53 #16 0x7fb987bbcac2 in start_thread nptl/pthread_create.c:442 #17 0x7fb987c4e84f (/lib/x86_64-linux-gnu/libc.so.6+0x12684f) 0x6080000046a0 is located 0 bytes inside of 96-byte region [0x6080000046a0,0x608000004700) freed by thread T1 here: #0 0x7fb98b591537 in __interceptor_free ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:127 #1 0x7fb98b19787e in r_cons_rainbow_free /root/this-program/radare2-dfe3eea/libr/cons/pal.c:705 previously allocated by thread T2 here: #0 0x7fb98b591a57 in __interceptor_calloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:154 #1 0x7fb98b19abb4 in r_cons_rainbow_new /root/this-program/radare2-dfe3eea/libr/cons/pal.c:694 Thread T2 created by T0 here: INFO: Analyze symbols (af@@@s) INFO: Analyze all functions arguments/locals (afva@@@f) #0 0x7fb98b535685 in __interceptor_pthread_create ../../../../src/libsanitizer/asan/asan_interceptors.cpp:216 #1 0x7fb98ae56ea9 in r_th_new /root/this-program/radare2-dfe3eea/libr/util/thread.c:259 Thread T1 created by T0 here: #0 0x7fb98b535685 in __interceptor_pthread_create ../../../../src/libsanitizer/asan/asan_interceptors.cpp:216 #1 0x7fb98ae56ea9 in r_th_new /root/this-program/radare2-dfe3eea/libr/util/thread.c:259 SUMMARY: AddressSanitizer: double-free ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:127 in __interceptor_free ==2128085==ABORTING POC https://drive.google.com/file/d/1PYNtV7Kx2OEgM9Cemb5FBlMJH_J1wux0/view?usp=sharing Credit Xiaoguo Li (CUPL) Xudong Cao (UCAS)
Fonte⚠️ https://github.com/radareorg/radare2/issues/24235
Utente
 rootsec (UID 85929)
Sottomissione29/05/2025 19:02 (1 Anno fa)
Moderazione04/06/2025 14:20 (6 days later)
StatoAccettato
Voce VulDB311134 [Radare2 5.9.9 radiff2 /libr/cons/pal.c r_cons_rainbow_free -T buffer overflow]
Punti20

PrecedenteVisione D'ensembleIl prossimo

Want to stay up to date on a daily basis?

Enable the mail alert feature now!