stack over flow error when fuzz #815
Description
environment
System version:ubuntu 22.04
reproduce
/sipp/build/sipp -sn uas -p 5060 -t u1 -d 0
/path/to/aflnet/aflnet-replay poc SIP 5060
ASAN report:
=================================================================
==1510==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7ffff572982c at pc 0x5555556814c4 bp 0x7ffffffee1f0 sp 0x7ffffffed9b0
WRITE of size 26 at 0x7ffff572982c thread T0
#0 0x5555556814c3 in vsnprintf /llvm/llvm/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:1649:1
#1 0x555555683c7e in snprintf /llvm/llvm/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:1720:1
#2 0x5555557435b5 in call::process_unexpected(char const*) /home/user/sipp/src/call.cpp:2349:21
#3 0x555555762d51 in call::process_incoming(char const*, sockaddr_storage const*) /home/user/sipp/src/call.cpp:5211:18
#4 0x555555859141 in process_message(SIPpSocket*, char*, long, sockaddr_storage*) /home/user/sipp/src/socket.cpp
#5 0x55555586dfd0 in SIPpSocket::pollset_process(int) /home/user/sipp/src/socket.cpp:2999:17
#6 0x5555558ad96c in traffic_thread(int&, int&) /home/user/sipp/src/sipp.cpp:600:9
#7 0x5555558ad96c in main /home/user/sipp/src/sipp.cpp:2207:5
#8 0x7ffff739c1c9 in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16
#9 0x7ffff739c28a in __libc_start_main csu/../csu/libc-start.c:360:3
#10 0x5555555c4c74 in _start (/home/user/sipp/build/sipp+0x70c74)
Address 0x7ffff572982c is located in stack of thread T0 at offset 2092 in frame
#0 0x55555574313f in call::process_unexpected(char const*) /home/user/sipp/src/call.cpp:2331
This frame has 1 object(s):
[32, 2081) 'buffer' (line 2332) <== Memory access at offset 2092 overflows this variable
HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork
(longjmp and C++ exceptions *are* supported)
SUMMARY: AddressSanitizer: stack-buffer-overflow /llvm/llvm/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:1649:1 in vsnprintf
Shadow bytes around the buggy address:
0x7ffff5729580: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x7ffff5729600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x7ffff5729680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x7ffff5729700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x7ffff5729780: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x7ffff5729800: 00 00 00 00 01[f3]f3 f3 f3 f3 f3 f3 f3 f3 f3 f3
0x7ffff5729880: f3 f3 f3 f3 f3 f3 f3 f3 00 00 00 00 00 00 00 00
0x7ffff5729900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x7ffff5729980: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x7ffff5729a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x7ffff5729a80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==1510==ABORTING