Out of bounds read in cpp:recode_string()
From: Mike tankf33der@disroot.org Date: Tue, Jan 28, 2020 at 5:20 PM
==162471==ERROR: AddressSanitizer: global-buffer-overflow on address
0x55f556282921 at pc
0x55f555d87469 bp 0x7ffe234aab70 sp 0x7ffe234aab68
READ of size 1 at 0x55f556282921 thread T0
#0 0x55f555d87468 in recode_string /root/Pike/src/cpp.cmod:2333:3
#1 0x55f555d7c20a in low_cpp /root/Pike/src/cpp.cmod:4047:1
#2 0x55f555d4affa in lower_mega_apply /root/Pike/src/interpret.c:2506:15
#3 0x55f555d36a15 in mega_apply_low /root/Pike/src/interpret.c:3048:7
#4 0x55f555d852a3 in f_CPP_high_cpp /root/Pike/src/cpp.cmod:4722:1
#5 0x55f555d4affa in lower_mega_apply /root/Pike/src/interpret.c:2506:15
#6 0x55f555d51e5d in jump_opcode_F_CALL_OTHER
/root/Pike/src/interpret_functions.h:2424:1
#7 0x7f9d5a6fd6c9 (<unknown module>)
0x55f556282921 is located 63 bytes to the left of global variable
'<string literal>' defined in
'/root/Pike/src/stralloc.c:2177:20' (0x55f556282960) of size 18
'<string literal>' is ascii string 'num_short_strings'
0x55f556282921 is located 0 bytes to the right of global variable
'<string literal>' defined in
'/root/Pike/src/stralloc.c:2092:23' (0x55f556282920) of size 1
'<string literal>' is ascii string ''
SUMMARY: AddressSanitizer: global-buffer-overflow
/root/Pike/src/cpp.cmod:2333:3 in recode_string
Shadow bytes around the buggy address:
0x0abf2ac484d0: 00 06 f9 f9 f9 f9 f9 f9 00 06 f9 f9 f9 f9 f9 f9
0x0abf2ac484e0: 00 04 f9 f9 f9 f9 f9 f9 00 04 f9 f9 f9 f9 f9 f9
0x0abf2ac484f0: 00 00 00 02 f9 f9 f9 f9 05 f9 f9 f9 f9 f9 f9 f9
0x0abf2ac48500: 06 f9 f9 f9 f9 f9 f9 f9 00 00 00 00 00 00 00 00
0x0abf2ac48510: 00 00 00 00 02 f9 f9 f9 f9 f9 f9 f9 00 00 00 01
=>0x0abf2ac48520: f9 f9 f9 f9[01]f9 f9 f9 f9 f9 f9 f9 00 00 02 f9
0x0abf2ac48530: f9 f9 f9 f9 00 00 03 f9 f9 f9 f9 f9 00 07 f9 f9
0x0abf2ac48540: f9 f9 f9 f9 00 00 05 f9 f9 f9 f9 f9 00 00 00 00
0x0abf2ac48550: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0abf2ac48560: 00 00 00 00 00 00 00 00 00 00 00 00 f9 f9 f9 f9
0x0abf2ac48570: f9 f9 f9 f9 00 00 00 00 00 05 f9 f9 f9 f9 f9 f9
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
==162471==ABORTING