================================================================= ==568==ERROR: AddressSanitizer: stack-buffer-underflow on address 0x7f7fffffbc1f at pc 0x7f7ff7427cd9 bp 0x7f7fffffbbf0 sp 0x7f7fffffbbe8 READ of size 1 at 0x7f7fffffbc1f thread T0 #0 0x7f7ff7427cd8 in pw_getconf (/usr/lib/libutil.so.7+0x27cd8) #1 0x7f7ff7427ef6 in __pw_getpwconf50 (/usr/lib/libutil.so.7+0x27ef6) #2 0x7f7fef203f09 in pam_sm_chauthtok (/usr/lib/security/pam_unix.so.4+0x3f09) #3 0x7f7ff6c0f5ca in openpam_dispatch (/usr/lib/libpam.so.4+0xf5ca) #4 0x7f7ff6c0ce54 in pam_chauthtok (/usr/lib/libpam.so.4+0xce54) #5 0x225029 in pwpam_process (/usr/bin/passwd+0x25029) #6 0x22415f in main (/usr/bin/passwd+0x2415f) #7 0x223001 in ___start (/usr/bin/passwd+0x23001) Address 0x7f7fffffbc1f is located in stack of thread T0 at offset 31 in frame #0 0x7f7ff742711f in pw_getconf (/usr/lib/libutil.so.7+0x2711f) This frame has 2 object(s): [32, 2080) 'line' (line 573) <== Memory access at offset 31 underflows this variable [2208, 2216) 'p2' (line 573) HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork (longjmp and C++ exceptions *are* supported) SUMMARY: AddressSanitizer: stack-buffer-underflow (/usr/lib/libutil.so.7+0x27cd8 ) in pw_getconf Shadow bytes around the buggy address: 0x4feffffff730: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x4feffffff740: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x4feffffff750: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x4feffffff760: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x4feffffff770: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 =>0x4feffffff780: f1 f1 f1[f1]00 00 00 00 00 00 00 00 00 00 00 00 0x4feffffff790: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x4feffffff7a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x4feffffff7b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x4feffffff7c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x4feffffff7d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb Shadow gap: cc ==568==ABORTING ----------- ================================================================= ==13899==ERROR: AddressSanitizer: stack-buffer-underflow on address 0x7f7fffffbb1f at pc 0x7f7ff7427cd9 bp 0x7f7fffffbaf0 sp 0x7f7fffffbae8 READ of size 1 at 0x7f7fffffbb1f thread T0 #0 0x7f7ff7427cd8 in trim_whitespace /public/src.git/lib/libutil/passwd.c:514:9 #1 0x7f7ff7427cd8 in read_line /public/src.git/lib/libutil/passwd.c:543 #2 0x7f7ff7427cd8 in pw_getconf /public/src.git/lib/libutil/passwd.c:594 #3 0x7f7ff7427ef6 in __pw_getpwconf50 /public/src.git/lib/libutil/passwd.c:648:2 #4 0x7f7fef203f09 in pam_sm_chauthtok (/usr/lib/security/pam_unix.so.4+0x3f09) #5 0x7f7ff6c0f5ca in openpam_dispatch /public/src.git/external/bsd/openpam/dist/lib/libpam/openpam_dispatch.c:124:8 #6 0x7f7ff6c0ce54 in pam_chauthtok /public/src.git/external/bsd/openpam/dist/lib/libpam/pam_chauthtok.c:72:7 #7 0x225029 in pwpam_process /public/src.git/usr.bin/passwd/pam_passwd.c:126:12 #8 0x22415f in main /public/src.git/usr.bin/passwd/passwd.c:193:2 #9 0x223001 in ___start (/usr/bin/passwd+0x23001) Address 0x7f7fffffbb1f is located in stack of thread T0 at offset 31 in frame #0 0x7f7ff742711f in pw_getconf /public/src.git/lib/libutil/passwd.c:571 This frame has 2 object(s): [32, 2080) 'line' (line 573) <== Memory access at offset 31 underflows this variable [2208, 2216) 'p2' (line 573) HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork (longjmp and C++ exceptions *are* supported) SUMMARY: AddressSanitizer: stack-buffer-underflow /public/src.git/lib/libutil/passwd.c:514:9 in trim_whitespace Shadow bytes around the buggy address: 0x4feffffff710: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x4feffffff720: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x4feffffff730: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x4feffffff740: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x4feffffff750: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 =>0x4feffffff760: f1 f1 f1[f1]00 00 00 00 00 00 00 00 00 00 00 00 0x4feffffff770: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x4feffffff780: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x4feffffff790: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x4feffffff7a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x4feffffff7b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb Shadow gap: cc ==13899==ABORTING