forked from aldaor/HackerOneReports
-
Notifications
You must be signed in to change notification settings - Fork 0
/
219870.txt
34 lines (28 loc) · 1.36 KB
/
219870.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
ReportLink:https://hackerone.com/reports/219870
WeaknessName:Stack Overflow
Reporter:https://hackerone.com/geeknik
ReportedTo:shopify-scripts(shopify-scripts)
BountyAmount:100.0
Severity:high
State:Closed
DateOfDisclosure:09.05.2017 12:43:12
Summary:
Triggered in `7e28510` (7 April 2017) with `mirb` only.
`cat test013.rb | mirb`
```
==17976==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7fffeb477fb0 at pc 0x408c21 bp 0x7fffeb477a90 sp 0x7fffeb477a88
WRITE of size 1 at 0x7fffeb477fb0 thread T0
#0 0x408c20 in main /root/mruby/mrbgems/mruby-bin-mirb/tools/mirb/mirb.c:466
#1 0x7f96e4703b44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b44)
#2 0x40aefc (/root/mruby/bin/mirb+0x40aefc)
Address 0x7fffeb477fb0 is located in stack of thread T0 at offset 1184 in frame
#0 0x40549f in main /root/mruby/mrbgems/mruby-bin-mirb/tools/mirb/mirb.c:361
This frame has 4 object(s):
[32, 56) 'args'
[96, 126) 'unexpected_end'
[160, 1184) 'last_code_line' <== Memory access at offset 1184 overflows this variable
[1216, 5312) 'ruby_code'
HINT: this may be a false positive if your program uses some custom stack unwind mechanism or swapcontext
(longjmp and C++ exceptions *are* supported)
SUMMARY: AddressSanitizer: stack-buffer-overflow /root/mruby/mrbgems/mruby-bin-mirb/tools/mirb/mirb.c:466 main
```