We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Describe the bug Found this while fuzzing Hack'EM - but traced it back to SpliceHack.
Starting program: /home/lunatunez/spl/install/games/lib/splicehackdir/splicehack -D -u wizard 2>err.log [Detaching after fork from child process 6303] Program received signal SIGABRT, Aborted. __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50 50 ../sysdeps/unix/sysv/linux/raise.c: No such file or directory. #0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50 #1 0x00007ffff7c45859 in __GI_abort () at abort.c:79 #2 0x000055555563fc3d in NH_abort () at end.c:206 #3 0x000055555564201b in panic (str=str@entry=0x55555585e693 "flooreffects: obj not free") at end.c:692 #4 0x0000555555600e84 in flooreffects (obj=<optimized out>, x=<optimized out>, y=<optimized out>, verb=verb@entry=0x5555558a0162 "fall") at do.c:138 #5 0x000055555562aa22 in throwit (obj=<optimized out>, obj@entry=0x5555559ded20, wep_mask=wep_mask@entry=0, twoweap=twoweap@entry=0 '\000', oldslot=oldslot@entry=0x0) at dothrow.c:1608 #6 0x000055555571ef5d in dovolley () at polyself.c:1283 #7 0x00005555555db317 in domonability () at cmd.c:775 #8 0x00005555555daf12 in doextcmd () at cmd.c:394 #9 0x00005555555e3638 in rhack (cmd=<optimized out>, cmd@entry=0x0) at cmd.c:3661 #10 0x00005555555b4114 in moveloop_core () at allmain.c:544 #11 0x00005555555b438c in moveloop (resuming=<optimized out>) at allmain.c:567 #12 0x00005555557ee9df in main (argc=<optimized out>, argv=0x7fffffffe5f8) at ../sys/unix/unixmain.c:335 #0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50 set = {__val = {0, 0, 0, 0, 0, 0, 0, 17300034920647375360, 93824993197148, 335544320, 140737350361232, 1073741824, 13, 93824993195267, 93824993195149, 93824993197126}} pid = <optimized out> tid = <optimized out> ret = <optimized out> #1 0x00007ffff7c45859 in __GI_abort () at abort.c:79 save_stage = 1 act = {__sigaction_handler = {sa_handler = 0xd, sa_sigaction = 0xd}, sa_mask = {__val = { 93824993195267, 93824993195149, 93824993197126, 93824993206299, 93824992939652, 93824993110562, 93824994111325, 93824992785175, 93824992784146, 93824992818744, 93824992624916, 93824992625548, 93824994961887, 140737350234243, 17300034917509365760, 140737350361232}}, sa_flags = -821413376, sa_restorer = 0x2} sigs = {__val = {32, 0 <repeats 15 times>}} #2 0x000055555563fc3d in NH_abort () at end.c:206 gdb_prio = <optimized out> libc_prio = <optimized out> aborting = 1 '\001' #3 0x000055555564201b in panic (str=str@entry=0x55555585e693 "flooreffects: obj not free") at end.c:692 the_args = {{gp_offset = 8, fp_offset = 48, overflow_arg_area = 0x7fffffffe2d0, reg_save_area = 0x7fffffffe200}} #4 0x0000555555600e84 in flooreffects (obj=<optimized out>, x=<optimized out>, y=<optimized out>, verb=verb@entry=0x5555558a0162 "fall") at do.c:138 t = <optimized out> mtmp = <optimized out> otmp = 0x64 save_bhitpos = <optimized out> tseen = <optimized out> ttyp = 0 res = 0 #5 0x000055555562aa22 in throwit (obj=<optimized out>, obj@entry=0x5555559ded20, wep_mask=wep_mask@entry=0, twoweap=twoweap@entry=0 '\000', oldslot=oldslot@entry=0x0) at dothrow.c:1608 mon = 0x0 range = <optimized out> urange = <optimized out> crossbowing = <optimized out> gunning = <optimized out> clear_thrownobj = 0 '\000' impaired = <optimized out> tethered_weapon = <optimized out> #6 0x000055555571ef5d in dovolley () at polyself.c:1283 otmp = 0x5555559ded20 mattk = <optimized out> i = 1 numattacks = 7 #7 0x00005555555db317 in domonability () at cmd.c:775 No locals. #8 0x00005555555daf12 in doextcmd () at cmd.c:394 idx = <optimized out> retval = <optimized out> func = 0x5555555db18c <domonability> #9 0x00005555555e3638 in rhack (cmd=<optimized out>, cmd@entry=0x0) at cmd.c:3661 tlist = 0x555555909d60 <extcmdlist> res = <optimized out> func = 0x5555555daea7 <doextcmd> spkey = <optimized out> prefix_seen = <optimized out> bad_command = <optimized out> firsttime = 1 '\001' cmdq = <optimized out> cmdq_ec = <optimized out> #10 0x00005555555b4114 in moveloop_core () at allmain.c:544 monscanmove = <optimized out> pobj = <optimized out> #11 0x00005555555b438c in moveloop (resuming=<optimized out>) at allmain.c:567 No locals. #12 0x00005555557ee9df in main (argc=<optimized out>, argv=0x7fffffffe5f8) at ../sys/unix/unixmain.c:335 dir = <optimized out> nhfp = <optimized out> exact_username = 0 '\000' resuming = <optimized out> plsel_once = <optimized out>
To Reproduce Steps to reproduce the behavior:
The text was updated successfully, but these errors were encountered:
I created a fix in this commit in hackem: elunna/hackem@524d9d5
the followup commit addresses memory leaks with manticores shooting spikes: elunna/hackem@9118eee
Sorry, something went wrong.
No branches or pull requests
Describe the bug
Found this while fuzzing Hack'EM - but traced it back to SpliceHack.
To Reproduce
Steps to reproduce the behavior:
The text was updated successfully, but these errors were encountered: