Heap buffer overflow--is this a false positive of address sanitizer?
Question
I have the following simple program
void copy(const int16_t *buffer) {
int16_t *b;
memcpy(b,buffer,2);
return ;
}
int LLVMFuzzerTestOneInput(const int16_t *buffer) {
copy(buffer);
return 0;
}
which I compile with clang (v9) using the address sanitizer and fuzzer flags as follows
clang -fsanitize=address,fuzzer -g test5.c
When I run the resulted executable the fuzzer finds a heap-buffer overflow due to an invalid read--in particular while trying to copy the second byte in memcpy.
I cannot really understand why this is an error. Any explanations? Thank you in advance.
1 answers
solution1
3 2019-11-08 19:24:32
As b is not initialized when you memcpy to it, you are invoking undefined behavior. Literally, "where do you want to copy that data to?"
The sanitizer is correct, and doing you a big favor by pointing that issue out.
What is that copy function intended to do?
solution2
-1 2019-11-08 18:36:47
void copy(const int16_t *buffer) {
int16_t *b;
memcpy(b,buffer,2);
return ;
}
What is the value of b when memcpy() copies into the buffer "pointed to" it?
You probably are trying to copy the values of the pointers rather than the memory pointed to by them, in which case you'd use something like:
memcpy(&b, &buffer, sizeof b);
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.