Comment 1 for bug 1440685

Pawel Wylecial (pawel-wylecial) wrote :

i have compiled mksh with asan, it normally gives the following results:
$ 1000200887800>1
ASAN:SIGSEGV
=================================================================
==7080== ERROR: AddressSanitizer: SEGV on unknown address 0x743ceb74 (pc 0x0806143e sp 0xbf9b1d20 bp 0xbf9b1eb8 T0)
AddressSanitizer can not provide additional info.
    #0 0x806143d (/home/howl/mksh/mksh/mksh+0x806143d)
==7080== ABORTING

or for the exact value that will give -1 on the left side expression:
$ 1112396529663>1
./mksh: can't finish (dup) redirection -1>1 Bad file descriptor
ASAN:SIGSEGV
=================================================================
==7052== ERROR: AddressSanitizer: SEGV on unknown address 0xffff0000 (pc 0x08049fbd sp 0xbfe9e710 bp 0xbfe9e738 T0)
AddressSanitizer can not provide additional info.
    #0 0x8049fbc (/home/howl/mksh/mksh/mksh+0x8049fbc)
==7052== ABORTING

but setting it for -3 gives the following result:
$ 1112396529661>1
=================================================================
==7057== ERROR: AddressSanitizer: heap-buffer-overflow on address 0xb3002f7e at pc 0x806143e bp 0xbf989a68 sp 0xbf989a5c
READ of size 2 at 0xb3002f7e thread T0
    #0 0x806143d (/home/howl/mksh/mksh/mksh+0x806143d)
0xb3002f7e is located 2 bytes to the left of 116-byte region [0xb3002f80,0xb3002ff4)
allocated by thread T0 here:
    #0 0xb61b89b4 (/usr/lib/i386-linux-gnu/libasan.so.0.0.0+0x169b4)
    #1 0x8049d5a (/home/howl/mksh/mksh/mksh+0x8049d5a)
    #2 0x8049c29 (/home/howl/mksh/mksh/mksh+0x8049c29)
    #3 0x80589e0 (/home/howl/mksh/mksh/mksh+0x80589e0)
    #4 0x80a20b0 (/home/howl/mksh/mksh/mksh+0x80a20b0)
    #5 0x80a0dc3 (/home/howl/mksh/mksh/mksh+0x80a0dc3)
    #6 0xb600ca82 (/lib/i386-linux-gnu/libc-2.19.so+0x19a82)
Shadow bytes around the buggy address:
  0x36600590: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x366005a0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x366005b0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x366005c0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x366005d0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
=>0x366005e0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa[fa]
  0x366005f0:00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 fa
  0x36600600: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x36600610: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x36600620: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x36600630: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable: 00
  Partially addressable: 01 02 03 04 05 06 07
  Heap left redzone: fa
  Heap righ redzone: fb
  Freed Heap region: fd
  Stack left redzone: f1
  Stack mid redzone: f2
  Stack right redzone: f3
  Stack partial redzone: f4
  Stack after return: f5
  Stack use after scope: f8
  Global redzone: f9
  Global init order: f6
  Poisoned by user: f7
  ASan internal: fe
==7057== ABORTING