-
-
Notifications
You must be signed in to change notification settings - Fork 427
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
A stack-buffer-overflow in ZydisInputPeek. #318
Comments
None of your PoCs reproduce on my machine. Can you provide a Dockerfile? |
------------------ 原始邮件 ------------------
发件人: "zyantific/zydis" ***@***.***>;
发送时间: 2022年2月18日(星期五) 晚上9:05
***@***.***>;
***@***.******@***.***>;
主题: Re: [zyantific/zydis] A stack-buffer-overflow in ZydisInputPeek. (Issue #318)
None of your PoCs reproduce on my machine. Can you provide a Dockerfile?
—
Reply to this email directly, view it on GitHub, or unsubscribe.
Triage notifications on the go with GitHub Mobile for iOS or Android.
You are receiving this because you authored the thread.Message ID: ***@***.***>
|
Your response is empty. |
------------------ 原始邮件 ------------------
发件人: "zyantific/zydis" ***@***.***>;
发送时间: 2022年2月18日(星期五) 晚上9:33
***@***.***>;
***@***.******@***.***>;
主题: Re: [zyantific/zydis] A stack-buffer-overflow in ZydisInputPeek. (Issue #318)
Your response is empty.
—
Reply to this email directly, view it on GitHub, or unsubscribe.
Triage notifications on the go with GitHub Mobile for iOS or Android.
You are receiving this because you authored the thread.Message ID: ***@***.***>
|
Please respond via web rather than via mail. |
I'm really sorry that I didn't understand you yesterday. My Dockerfile is this. |
What I was hoping for is a Dockerfile that builds Zydis, downloads your PoC and finally executes it, reproducing the issue. I'm asking because this ensures that we're doing exactly the same things. The Dockerfile your provided is from AFL++. I built Zydis within that container and your PoC also doesn't reproduce here. Here's how I attempted to reproduce: FROM ubuntu:18.04
RUN apt-get update && apt-get upgrade -y
RUN apt-get install cmake build-essential git wget -y
RUN git clone --recursive --branch=v3.2.1 https://github.com/zyantific/zydis.git && mkdir zydis/build
WORKDIR zydis/build
RUN cmake "-DCMAKE_C_FLAGS=-fsanitize=address -fno-omit-frame-pointer" \
"-DCMAKE_CXX_FLAGS=-fsanitize=address -fno-omit-frame-pointer" \
"-DCMAKE_LINKER_FLAGS=-fsanitize=address -lasan -lstdc++" \
"-DCMAKE_EXE_LINKER_FLAGS=-fsanitize=address -lasan -lstdc++" \
..
RUN make; true # ignore ZydisPerfTest build issue
RUN wget https://raw.githubusercontent.com/standaside/stas/main/zydis/zydisinputpeek
CMD ["/zydis/build/ZydisDisasm", "-real", "/zydis/build/zydisinputpeek"] $ docker build -t repro .
$ docker run --rm -ti repro It runs through without any crashes. |
I'm sorry to bother you again. After seeing your feedback, I confirmed it again yesterday, but it still showed errors. I wonder if it's because the result is too long that you didn't finish it? The verification results are at the bottom. I specially made all the results into a document, in this link, I hope to help you. |
Yes, I did check the end. It doesn't crash. I invite you to take my Dockerfile and run it on your system to see whether you can reproduce it. Since we're fuzzing the code paths that you encountered crashes in quite heavily ourselves via oss-fuzz (50+ cores fuzzing 24/7), I'd say the most likely scenario is that something is wrong with your build (mixed up wrong header / sources files, mixed up obj file from different versions, ...). To make sure: the commit that you built is 4022f22 (v3.2.1)? |
I'm really sorry that I didn't submit it clearly. I confirm that this is the correct version. |
@standaside Are you sure fuzzing is done on
#264 😉 |
Fixes zyantific#315, Fixes zyantific#316, Fixes zyantific#317, Fixes zyantific#318
Hello, has the problem he submitted been solved in the latest version? |
@fanghejun Yes, have a look at the fix from mappzor. |
@flobernd Thanks a lot! |
I'm very sorry for the wrong version cognition. I think I'll look forward to the version in advance and won't repeat this problem. |
Description
A stack-buffer-overflow was discovered in zydis.The issue is being triggered in function ZydisInputPeek at /root/zydis/asan_build/ZydisDisasm+0x613f4.
Version
4022f22
Environment
Ubuntu 18.04,64bit
Command
Compile test program:
Compile test program with address sanitizer:
Update Makefile:
Compile program:
Result
The result of running without ASAN:
Information obtained by using ASAN:
Poc
Poc file is this.
The text was updated successfully, but these errors were encountered: