GithubHelp home page GithubHelp logo

Detect out-of-bounds reads about libdiffuzz HOT 4 OPEN

shnatsel avatar shnatsel commented on June 12, 2024
Detect out-of-bounds reads

from libdiffuzz.

Comments (4)

PlasmaPower avatar PlasmaPower commented on June 12, 2024

Doesn't the additional mprotect page already do this?

from libdiffuzz.

PlasmaPower avatar PlasmaPower commented on June 12, 2024

I guess that's also missing for calloc.

from libdiffuzz.

Shnatsel avatar Shnatsel commented on June 12, 2024

Additional mprotect page makes the program crash, which sort of works, but muddles the picture because you can't tell if it was an out-of-bounds write or an information leak.

I find that tools tools complementary to each other work best, and the more approaches you have in your toolbox, the better. The mprotect page is not terribly useful because libdislocator and Address Sanitizer already detect the exact same thing, so I'm trying to do something complementary here.

In my use case I had a program crash under libdislocator (with mprotect page), and wanted to run it through a different tool to determine whether this is an actually exploitable out-of-bounds read. ASAN would also report the error regardless. So I've tweaked libdiffuzz to allocate extra space at the end and clobber it, which is an approach orthogonal to existing tools, and that gave me the answer I was looking for.

Good point about calloc!

from libdiffuzz.

Shnatsel avatar Shnatsel commented on June 12, 2024

#4 has added an option to detect OOB reads that come after the allocated buffer. It is toggled by an environment variable. OOB reads from before the allocated buffer are not yet detected.

from libdiffuzz.

Related Issues (6)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.