View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0000486 | file | General | public | 2023-11-06 11:57 | 2023-11-06 12:00 |
| Reporter | promptfuzz | Assigned To | |||
| Priority | normal | Severity | minor | Reproducibility | always |
| Status | new | Resolution | open | ||
| Platform | Linux, x86_64 | OS | Ubuntu 20.04 | ||
| Product Version | 5.45 | ||||
| Summary | 0000486: UBSan reported misaligned address in mget | ||||
| Description | Hi, I found UBSan reported some misaligned address in the function mget. The POC program is: ``` #include <magic.h> #include <stdlib.h> #include <string.h> #include <stdint.h> #include <vector> #include <fstream> #include <iostream> #include <sstream> extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { magic_t magic = magic_open(MAGIC_NONE); if (magic == NULL) { return -1; } // The magic file name is "magic.mgc" if (magic_load(magic, "magic.mgc") == -1) { magic_close(magic); return -1; } // Use libmagic APIs const char* magic_result = magic_buffer(magic, data, size); // Release resources magic_close(magic); return 0; } ``` The poc input is: https://github.com/PromptFuzz/crash_inputs/raw/main/crash1/crash-154c98323ba23d7b019a6cec779d7ea289131be5 | ||||
| Steps To Reproduce | 1. Build the libmagic with UBSan 2. Compile the POC program with the built libmagic.a 3. export UBSAN_OPTIONS=symbolize=1:halt_on_error=1:print_stacktrace=1 4. put magic.mgc under the same directory 5. run the poc program on the poc input | ||||
| Tags | bug | ||||
|
|
../../src/softmagic.c:1675:11: runtime error: member access within misaligned address 0x619000000827 for type 'const union VALUETYPE', which requires 8 byte alignment 0x619000000827: note: pointer points here 00 50 00 00 00 02 00 00 00 16 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c ^ #0 0x55bcfb4924c8 in mget /libmagic/src/libmagic/build/src/../../src/softmagic.c:1675:11 0000001 0x55bcfb481af7 in match /libmagic/src/libmagic/build/src/../../src/softmagic.c:370:12 0000002 0x55bcfb47f9f7 in file_softmagic /libmagic/src/libmagic/build/src/../../src/softmagic.c:136:13 0000003 0x55bcfb46f58d in file_buffer /libmagic/src/libmagic/build/src/../../src/funcs.c:460:7 0000004 0x55bcfb42b6e6 in magic_buffer /libmagic/src/libmagic/build/src/../../src/magic.c:559:6 0000005 0x55bcfb429fca in LLVMFuzzerTestOneInput /poc.cc:24:32 |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2023-11-06 11:57 | promptfuzz | New Issue | |
| 2023-11-06 11:57 | promptfuzz | Tag Attached: bug | |
| 2023-11-06 12:00 | promptfuzz | Note Added: 0003979 |
