View Issue Details

IDProjectCategoryView StatusLast Update
0000558fileGeneralpublic2024-09-03 08:34
Reporteryancy Assigned To 
PriorityhighSeveritycrashReproducibilityalways
Status newResolutionopen 
Platformx86OSubuntuOS Version24.04
Summary0000558: heap-use-after-free when call magic_buffer
DescriptionI encountered a heap-use-after-free issue while running fuzz tests on the libmagic library. The issue is triggered during the LLVMFuzzerTestOneInput function when handling magic files.

==77789==ERROR: AddressSanitizer: heap-use-after-free on address 0x502000000010 at pc 0x5632f023bbb2 bp 0x7ffcbef2d6b0 sp 0x7ffcbef2ce38
READ of size 2 at 0x502000000010 thread T0
    #0 0x5632f023bbb1 in printf_common(void*, char const*, __va_list_tag*) asan_interceptors.cpp.o
    0000001 0x5632f023d77a in __fprintf_chk (/home/liyan/Test_libmagic/Test_libmagic_1+0x8f77a) (BuildId: 29d752196a895996a13081f8c32092656326bc50)
    0000002 0x5632f02fca21 in fprintf /usr/include/x86_64-linux-gnu/bits/stdio2.h:79:10
    0000003 0x5632f02fca21 in file_magwarn /home/liyan/Test_libmagic_1/file/build/src/../../src/print.c:288:10
    0000004 0x5632f02ff7b2 in check_regex /home/liyan/Test_libmagic_1/file/build/src/../../src/funcs.c:707:3
    0000005 0x5632f02ff7b2 in file_regcomp /home/liyan/Test_libmagic_1/file/build/src/../../src/funcs.c:722:6
    0000006 0x5632f0303079 in alloc_regex /home/liyan/Test_libmagic_1/file/build/src/../../src/softmagic.c:2090:7
    0000007 0x5632f0303079 in magiccheck /home/liyan/Test_libmagic_1/file/build/src/../../src/softmagic.c:2318:20
    0000008 0x5632f030480d in match /home/liyan/Test_libmagic_1/file/build/src/../../src/softmagic.c:275:12
    #9 0x5632f0305e27 in file_softmagic /home/liyan/Test_libmagic_1/file/build/src/../../src/softmagic.c:136:13
    0000010 0x5632f02feb99 in file_buffer /home/liyan/Test_libmagic_1/file/build/src/../../src/funcs.c:460:7
    0000011 0x5632f02f54eb in magic_buffer /home/liyan/Test_libmagic_1/file/build
Steps To Reproduce1. Download the tar.gz file and decompress it, then (sudo) execute shell script
2. /Test_libmagic_1 crash-58657a07daab09f8e32dfc582bc5c891bbfdab63
3. Observe the error message
Tagsmagic

Activities

yancy

2024-09-03 08:34

reporter  

Test_libmagic_1.tar.gz (1,154 bytes)

Issue History

Date Modified Username Field Change
2024-09-03 08:34 yancy New Issue
2024-09-03 08:34 yancy Tag Attached: magic
2024-09-03 08:34 yancy File Added: Test_libmagic_1.tar.gz