This command gcc uaf.c -o uaf -fsanitize=address -static-libasan doesn't display AddressSanitizer summary error location.
This is the code:
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
int main(int argc, const char *argv[]) {
char *s = malloc(100);
free(s);
strcpy(s, "Hello world!");
printf("string is: %s\n", s);
return 0;
}
This is what I see:
=================================================================
==1017908==ERROR: AddressSanitizer: heap-use-after-free on address 0x60b0000000f0 at pc 0x5623a332bb53 bp 0x7fff85504890 sp 0x7fff85504038
WRITE of size 13 at 0x60b0000000f0 thread T0
#0 0x5623a332bb52 in memcpy (/home/test/work/uaf+0x1db52)
#1 0x5623a33ebcd5 in main (/home/test/work/uaf+0xddcd5)
#2 0x7f226558ad8f (/lib/x86_64-linux-gnu/libc.so.6+0x29d8f)
#3 0x7f226558ae3f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x29e3f)
#4 0x5623a33163a4 in _start (/home/test/work/uaf+0x83a4)
0x60b0000000f0 is located 0 bytes inside of 100-byte region [0x60b0000000f0,0x60b000000154)
freed by thread T0 here:
#0 0x5623a33a5da7 in free (/home/test/work/uaf+0x97da7)
#1 0x5623a33ebcba in main (/home/test/work/uaf+0xddcba)
#2 0x7f226558ad8f (/lib/x86_64-linux-gnu/libc.so.6+0x29d8f)
previously allocated by thread T0 here:
#0 0x5623a33a60f7 in malloc (/home/test/work/uaf+0x980f7)
#1 0x5623a33ebcaa in main (/home/test/work/uaf+0xddcaa)
#2 0x7f226558ad8f (/lib/x86_64-linux-gnu/libc.so.6+0x29d8f)
SUMMARY: AddressSanitizer: heap-use-after-free (/home/test/work/uaf+0x1db52) in memcpy
Shadow bytes around the buggy address:
This is what I expect in the summary part:
SUMMARY: AddressSanitizer: heap-use-after-free /home/test/work/uaf.c:8 in memcpy
What am I missing here?
I'm using this blog for reference https://www.osc.edu/resources/getting_started/howto/howto_use_address_sanitizer