Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Division by zero in dyldcache_rebase.c #3031

Closed
m4drat opened this issue Sep 17, 2022 · 0 comments · Fixed by #3033
Closed

Division by zero in dyldcache_rebase.c #3031

m4drat opened this issue Sep 17, 2022 · 0 comments · Fixed by #3033

Comments

@m4drat
Copy link

m4drat commented Sep 17, 2022

Hi! We've been fuzzing your project and found the following error in librz/bin/format/mach0/dyldcache_rebase.c

Work environment
OS: Ubuntu 20.04
File format: -
rizin version: 31148d5

Bug description
Division by zero in librz/bin/format/mach0/dyldcache_rebase.c:217:36

Steps to reproduce
Build docker container from https://github.com/ispras/oss-sydr-fuzz/tree/master/projects/rizin:

sudo docker build -t oss-sydr-fuzz-rizin .

Run docker container:

sudo docker run --privileged --network host -v /etc/localtime:/etc/localtime:ro --rm -it -v $PWD:/fuzz oss-sydr-fuzz-rizin /bin/bash

Execute rizin with crash-73f85bc82193f218889cc2973c8f93fc0249db1a.zip:

/rizin-fuzzing/libfuzzer-asan/bin/rizin -qq crash-73f85bc82193f218889cc2973c8f93fc0249db1a

You will see the following output:

AddressSanitizer:DEADLYSIGNAL
=================================================================
==1248242==ERROR: AddressSanitizer: FPE on unknown address 0x7f0021392ed3 (pc 0x7f0021392ed3 bp 0x7ffee1409350 sp 0x7ffee1409200 T0)
    #0 0x7f0021392ed3 in buf_read /home/madrat/Desktop/rizin-report/rizin/build-asan/../librz/bin/format/mach0/dyldcache_rebase.c:217:36
    #1 0x7f00245f134e in buf_read /home/madrat/Desktop/rizin-report/rizin/build-asan/../librz/util/buf.c:61:28
    #2 0x7f00245f134e in rz_buf_read /home/madrat/Desktop/rizin-report/rizin/build-asan/../librz/util/buf.c:1114:16
    #3 0x7f00245f134e in rz_buf_read_at /home/madrat/Desktop/rizin-report/rizin/build-asan/../librz/util/buf.c:1148:16
    #4 0x7f00212a1e43 in classes /home/madrat/Desktop/rizin-report/rizin/build-asan/../librz/bin/p/bin_dyldcache.c:429:8
    #5 0x7f0021266c76 in rz_bin_object_set_items /home/madrat/Desktop/rizin-report/rizin/build-asan/../librz/bin/bobj.c:531:22
    #6 0x7f0021265861 in rz_bin_object_new /home/madrat/Desktop/rizin-report/rizin/build-asan/../librz/bin/bobj.c:319:2
    #7 0x7f0021256029 in rz_bin_file_new_from_buffer /home/madrat/Desktop/rizin-report/rizin/build-asan/../librz/bin/bfile.c:150:19
    #8 0x7f002125d85e in rz_bin_open_buf /home/madrat/Desktop/rizin-report/rizin/build-asan/../librz/bin/bin.c:272:8
    #9 0x7f002125d0b2 in rz_bin_open_io /home/madrat/Desktop/rizin-report/rizin/build-asan/../librz/bin/bin.c:330:18
    #10 0x7f0020a1e093 in core_file_do_load_for_io_plugin /home/madrat/Desktop/rizin-report/rizin/build-asan/../librz/core/cfile.c:727:23
    #11 0x7f0020a1e093 in rz_core_bin_load /home/madrat/Desktop/rizin-report/rizin/build-asan/../librz/core/cfile.c:974:4
    #12 0x7f0024449878 in rz_main_rizin /home/madrat/Desktop/rizin-report/rizin/build-asan/../librz/main/rizin.c:1119:14
    #13 0x7f0024232082 in __libc_start_main /build/glibc-SzIz7B/glibc-2.31/csu/../csu/libc-start.c:308:16
    #14 0x40119d in _start (/home/madrat/Desktop/rizin-installation-asan/bin/rizin+0x40119d) (BuildId: 9ce2f521bf02e24319d4ade1bc7c44533a03471b)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: FPE /home/madrat/Desktop/rizin-report/rizin/build-asan/../librz/bin/format/mach0/dyldcache_rebase.c:217:36 in buf_read
==1248242==ABORTING
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging a pull request may close this issue.

1 participant