heap-buffer-overflow p/bf/plugin.c:176 in decode
radare2 5.8.9 31000 @ linux-x86-64
commit: 95b648f0907e91e10d55fc48147a7dae99029c5b
export CC=gcc CXX=g++ CFLAGS="-fsanitize=address -static-libasan" CXXFLAGS="-fsanitize=address -static-libasan" LDFLAGS="-fsanitize=address -static-libasan"
./configure && make && make install
radare2 -A ./heap-buffer-overflow-poc0x1
286237==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x61100015607f at pc 0x7f33249902bd bp 0x7fff636244a0 sp 0x7fff63624490
READ of size 1 at 0x61100015607f thread T0
#0 0x7f33249902bc in decode p/bf/plugin.c:176
#1 0x7f3324238256 in r_arch_decode /home/hack/fuzz/radare2/libr/arch/arch.c:292
#2 0x7f33222b4d29 in r_anal_op /home/hack/fuzz/radare2/libr/anal/op.c:186
#3 0x7f332596b909 in _anal_calls /home/hack/fuzz/radare2/libr/core/cmd_anal.c:8705
#4 0x7f332596c4df in cmd_anal_calls /home/hack/fuzz/radare2/libr/core/cmd_anal.c:8811
#5 0x7f33259892f3 in cmd_anal_all /home/hack/fuzz/radare2/libr/core/cmd_anal.c:12465
#6 0x7f332599120a in cmd_anal /home/hack/fuzz/radare2/libr/core/cmd_anal.c:13726
#7 0x7f3325b2dbe1 in r_cmd_call /home/hack/fuzz/radare2/libr/core/cmd_api.c:520
#8 0x7f3325a5e192 in r_core_cmd_call /home/hack/fuzz/radare2/libr/core/cmd.c:6266
#9 0x7f3321f74e46 in perform_analysis /home/hack/fuzz/radare2/libr/main/radare2.c:428
#10 0x7f3321f7ca28 in r_main_radare2 /home/hack/fuzz/radare2/libr/main/radare2.c:1633
#11 0x56371e08ad6b in main /home/hack/fuzz/radare2/binr/radare2/radare2.c:102
#12 0x7f3321d0a082 in __libc_start_main ../csu/libc-start.c:308
#13 0x56371df5e5fd in _start (/home/hack/fuzz_r2/asan_r2/bin/radare2+0x3e5fd)
0x61100015607f is located 0 bytes to the right of 255-byte region [0x611000155f80,0x61100015607f)
allocated by thread T0 here:
#0 0x56371e049288 in malloc (/home/hack/fuzz/asan_r2/bin/radare2+0x129288)
#1 0x7f3324990034 in decode p/bf/plugin.c:167
#2 0x7f3324238256 in r_arch_decode /home/hack/fuzz/radare2/libr/arch/arch.c:292
#3 0x7f33222b4d29 in r_anal_op /home/hack/fuzz/radare2/libr/anal/op.c:186
#4 0x7f332596b909 in _anal_calls /home/hack/fuzz/radare2/libr/core/cmd_anal.c:8705
#5 0x7f332596c4df in cmd_anal_calls /home/hack/fuzz/radare2/libr/core/cmd_anal.c:8811
#6 0x7f33259892f3 in cmd_anal_all /home/hack/fuzz/radare2/libr/core/cmd_anal.c:12465
#7 0x7f332599120a in cmd_anal /home/hack/fuzz/radare2/libr/core/cmd_anal.c:13726
#8 0x7f3325b2dbe1 in r_cmd_call /home/hack/fuzz/radare2/libr/core/cmd_api.c:520
#9 0x7f3325a5e192 in r_core_cmd_call /home/hack/fuzz/radare2/libr/core/cmd.c:6266
#10 0x7f3321f74e46 in perform_analysis /home/hack/fuzz/radare2/libr/main/radare2.c:428
#11 0x7f3321f7ca28 in r_main_radare2 /home/hack/fuzz/radare2/libr/main/radare2.c:1633
#12 0x56371e08ad6b in main /home/hack/fuzz/radare2/binr/radare2/radare2.c:102
#13 0x7f3321d0a082 in __libc_start_main ../csu/libc-start.c:308
SUMMARY: AddressSanitizer: heap-buffer-overflow p/bf/plugin.c:176 in decode
Shadow bytes around the buggy address:
0x0c2280022bb0: fd fd fd fd fd fd fd fd fd fa fa fa fa fa fa fa
0x0c2280022bc0: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd
0x0c2280022bd0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c2280022be0: fd fd fd fd fd fd fa fa fa fa fa fa fa fa fa fa
0x0c2280022bf0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0c2280022c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00[07]
0x0c2280022c10: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c2280022c20: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c2280022c30: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c2280022c40: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c2280022c50: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
==286237==ABORTING