oob read(out-of-bound read) in dict_get() grub-2.06/grub-core/lib/xzembed/xz_dec_lzma2.c:326. The version of gawk is grub-2.06, See the attachment for the POC of Asan report is below.
static inline uint32_t dict_get(
const struct dictionary *dict, uint32_t dist)
{
size_t offset = dict->pos - dist - 1;
if (dist >= dict->pos)
offset += dict->end;
// offset call oob read
return dict->full > 0 ? dict->buf[offset] : 0;
}
grub2-master/grub-2.06/grub-file --is-x86-linux oob_read_in_grub2
AddressSanitizer:DEADLYSIGNAL
=================================================================
==133773==ERROR: AddressSanitizer: SEGV on unknown address 0x630fffffb464 (pc
0x00000085235c bp 0x62c0000002c0 sp 0x7ffe51caca00 T0)
==133773==The signal is caused by a READ memory access.
#0 0x85235c in dict_get
grub2/grub2-master/grub-2.06/grub-core/lib/xzembed/xz_dec_lzma2.c:326:26
#1 0x85235c in lzma_literal
grub2/grub2-master/grub-2.06/grub-core/lib/xzembed/xz_dec_lzma2.c:597:16
#2 0x85235c in lzma_main
grub2/grub2-master/grub-2.06/grub-core/lib/xzembed/xz_dec_lzma2.c:743:4
#3 0x847d92 in lzma2_lzma
grub2/grub2-master/grub-2.06/grub-core/lib/xzembed/xz_dec_lzma2.c:904:8
#4 0x847d92 in xz_dec_lzma2_run
grub2/grub2-master/grub-2.06/grub-core/lib/xzembed/xz_dec_lzma2.c:1074:9
#5 0x7b604c in dec_block
grub2/grub2-master/grub-2.06/grub-core/lib/xzembed/xz_dec_stream.c:252:9
#6 0x7b604c in dec_main
grub2/grub2-master/grub-2.06/grub-core/lib/xzembed/xz_dec_stream.c:790:10
#7 0x7b604c in xz_dec_run
grub2/grub2-master/grub-2.06/grub-core/lib/xzembed/xz_dec_stream.c:922:8
#8 0x7a79be in grub_xzio_read
grub2/grub2-master/grub-2.06/grub-core/io/xzio.c:269:15
#9 0x8f1521 in grub_file_read
grub2/grub2-master/grub-2.06/grub-core/kern/file.c:180:9
#10 0x4d1324 in grub_cmd_file
grub2/grub2-master/grub-2.06/grub-core/commands/file.c:507:6
#11 0x97255e in grub_extcmd_dispatcher
grub2/grub2-master/grub-2.06/grub-core/commands/extcmd.c:55:13
#12 0x4c8fa1 in main grub2/grub2-master/grub-2.06/util/grub-file.c:102:9
#13 0x7effb938a082 in __libc_start_main
/build/glibc-SzIz7B/glibc-2.31/csu/../csu/libc-start.c:308:16
#14 0x41c41d in _start (grub2/grub2-master/grub-2.06/grub-file+0x41c41d)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV
grub2/grub2-master/grub-2.06/grub-core/lib/xzembed/xz_dec_lzma2.c:326:26 in
dict_get
==133773==ABORTING
<<attachment: oob_read_in_grub2.zip>>
