Can you analyze this result from address sanitizer

Question

I ran AFL fuzzer to open source program and I ran the program with the output crash from the fuzzing.

This is the result of address sanitizer but I am not sure what this error actually is.

And where do I have to look in?

I'm also adding the gdb result at first glance.

The report tells you the function name, source file name, and line number in the source file. Should not be hard to find the locations in the code. — Some programmer dude, Nov 01 '20 at 02:58
Please paste such data into your question (as a code block) instead of linking an off-site image. — Nate Eldredge, Nov 01 '20 at 03:00
And when catching crashes in a debugger, walk up the call stack until you come to "your" code, don't stay at the library code. — Some programmer dude, Nov 01 '20 at 03:02

score 0 · Answer 1 · answered Nov 01 '20 at 21:04

Can you analyze this result from address sanitizer

The Address Sanitizer told you exactly what the problem is and where it is happening:

On line 581 of dact_common.cc (in function dact_process_file), you allocated a 524299 byte block of memory.
In comp_plain_algo() you memcpy into this memory 747621 bytes. That memcpy is causing heap buffer overflow that is reported.

1 Answers1