解释 ASAN 输出:未知崩溃
Interpreting ASAN output : Unknown Crash
我试图了解 ASAN 输出,它说未知崩溃但没有解决源代码中的任何函数调用。我要查找的错误是 openssl 的 Heartbleed 错误,因此它应该说明 Heap Overflow
.
==76779== ERROR: AddressSanitizer: unknown-crash on address 0x60820001220b at pc 0x7fe2c19f93f7 bp 0x7fffc2e50a20 sp 0x7fffc2e501e0
READ of size 32768 at 0x60820001220b thread T0
#0 0x7fe2c19f93f6 (/usr/lib/x86_64-linux-gnu/libasan.so.0.0.0+0xe3f6)
#1 0x4160dd (/home/aneela/Documents/Fuzzing_with_afl_fuzz/selftls-master/sefltlsasan+0x4160dd)
#2 0x49b194 (/home/aneela/Documents/Fuzzing_with_afl_fuzz/selftls-master/sefltlsasan+0x49b194)
#3 0x49ebd3 (/home/aneela/Documents/Fuzzing_with_afl_fuzz/selftls-master/sefltlsasan+0x49ebd3)
#4 0x46633d (/home/aneela/Documents/Fuzzing_with_afl_fuzz/selftls-master/sefltlsasan+0x46633d)
#5 0x475473 (/home/aneela/Documents/Fuzzing_with_afl_fuzz/selftls-master/sefltlsasan+0x475473)
#6 0x407fbf (/home/aneela/Documents/Fuzzing_with_afl_fuzz/selftls-master/sefltlsasan+0x407fbf)
#7 0x7fe2c1269ec4 (/lib/x86_64-linux-gnu/libc-2.19.so+0x21ec4)
#8 0x407b68 (/home/aneela/Documents/Fuzzing_with_afl_fuzz/selftls-master/sefltlsasan+0x407b68)
0x608200016348 is located 0 bytes to the right of 16712-byte region [0x608200012200,0x608200016348)
allocated by thread T0 here:
#0 0x7fe2c1a0041a (/usr/lib/x86_64-linux-gnu/libasan.so.0.0.0+0x1541a)
#1 0x7fe2c166ddf2 (/lib/x86_64-linux-gnu/libcrypto.so.1.0.0+0x5fdf2)
Shadow bytes around the buggy address:
0x0c10bfffa3f0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c10bfffa400: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c10bfffa410: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c10bfffa420: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c10bfffa430: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
=>0x0c10bfffa440: 00[00]00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c10bfffa450: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c10bfffa460: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c10bfffa470: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c10bfffa480: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c10bfffa490: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap righ redzone: fb
Freed Heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
ASan internal: fe
==76779== ABORTING
我使用下面的命令来编译我的程序。
gcc -o sefltlsasan -lasan -O -g -fsanitize=address -fno-omit-frame-pointer selftls.c -lcrypto libssl.a && ASAN_OPTIONS=symbolize=1
我能够解决 this link 的问题。
apt-get install llvm
export ASAN_SYMBOLIZER_PATH=/usr/bin/llvm-symbolizer-3.4
ASAN_OPTIONS=symbolize=1 ./selftls 1 crash-packet
谢谢。
我试图了解 ASAN 输出,它说未知崩溃但没有解决源代码中的任何函数调用。我要查找的错误是 openssl 的 Heartbleed 错误,因此它应该说明 Heap Overflow
.
==76779== ERROR: AddressSanitizer: unknown-crash on address 0x60820001220b at pc 0x7fe2c19f93f7 bp 0x7fffc2e50a20 sp 0x7fffc2e501e0
READ of size 32768 at 0x60820001220b thread T0
#0 0x7fe2c19f93f6 (/usr/lib/x86_64-linux-gnu/libasan.so.0.0.0+0xe3f6)
#1 0x4160dd (/home/aneela/Documents/Fuzzing_with_afl_fuzz/selftls-master/sefltlsasan+0x4160dd)
#2 0x49b194 (/home/aneela/Documents/Fuzzing_with_afl_fuzz/selftls-master/sefltlsasan+0x49b194)
#3 0x49ebd3 (/home/aneela/Documents/Fuzzing_with_afl_fuzz/selftls-master/sefltlsasan+0x49ebd3)
#4 0x46633d (/home/aneela/Documents/Fuzzing_with_afl_fuzz/selftls-master/sefltlsasan+0x46633d)
#5 0x475473 (/home/aneela/Documents/Fuzzing_with_afl_fuzz/selftls-master/sefltlsasan+0x475473)
#6 0x407fbf (/home/aneela/Documents/Fuzzing_with_afl_fuzz/selftls-master/sefltlsasan+0x407fbf)
#7 0x7fe2c1269ec4 (/lib/x86_64-linux-gnu/libc-2.19.so+0x21ec4)
#8 0x407b68 (/home/aneela/Documents/Fuzzing_with_afl_fuzz/selftls-master/sefltlsasan+0x407b68)
0x608200016348 is located 0 bytes to the right of 16712-byte region [0x608200012200,0x608200016348)
allocated by thread T0 here:
#0 0x7fe2c1a0041a (/usr/lib/x86_64-linux-gnu/libasan.so.0.0.0+0x1541a)
#1 0x7fe2c166ddf2 (/lib/x86_64-linux-gnu/libcrypto.so.1.0.0+0x5fdf2)
Shadow bytes around the buggy address:
0x0c10bfffa3f0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c10bfffa400: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c10bfffa410: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c10bfffa420: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c10bfffa430: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
=>0x0c10bfffa440: 00[00]00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c10bfffa450: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c10bfffa460: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c10bfffa470: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c10bfffa480: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c10bfffa490: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap righ redzone: fb
Freed Heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
ASan internal: fe
==76779== ABORTING
我使用下面的命令来编译我的程序。
gcc -o sefltlsasan -lasan -O -g -fsanitize=address -fno-omit-frame-pointer selftls.c -lcrypto libssl.a && ASAN_OPTIONS=symbolize=1
我能够解决 this link 的问题。
apt-get install llvm
export ASAN_SYMBOLIZER_PATH=/usr/bin/llvm-symbolizer-3.4
ASAN_OPTIONS=symbolize=1 ./selftls 1 crash-packet
谢谢。