=================================================================
==82414==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60d00000bbc0 at pc 0x00010b4ab9eb bp 0x7fff54ae4590 sp 0x7fff54ae3d50
READ of size 16 at 0x60d00000bbc0 thread T0
#0 0x10b4ab9ea in __asan_memcpy (libclang_rt.asan_osx_dynamic.dylib+0x419ea)
#1 0x10b11b69d in value_move value_array.h:14
#2 0x10b11b384 in mrb_ary_unshift array.c:502
#3 0x10b280e42 in mrb_vm_exec vm.c:1198
#4 0x10b277589 in mrb_vm_run vm.c:815
#5 0x10b2a8a19 in mrb_top_run vm.c:2569
#6 0x10b3767b5 in mrb_load_exec parse.y:5755
#7 0x10b3775c5 in mrb_load_file_cxt parse.y:5764
#8 0x10b11401a in main mruby.c:232
#9 0x7fffb4357254 in start (libdyld.dylib+0x5254)
0x60d00000bbc0 is located 31 bytes to the right of 129-byte region [0x60d00000bb20,0x60d00000bba1)
allocated by thread T0 here:
#0 0x10b4b4f87 in wrap_realloc (libclang_rt.asan_osx_dynamic.dylib+0x4af87)
#1 0x10b20d305 in mrb_default_allocf state.c:60
#2 0x10b18e7b8 in mrb_realloc_simple gc.c:201
#3 0x10b18ee9e in mrb_realloc gc.c:215
#4 0x10b18f913 in mrb_malloc gc.c:236
#5 0x10b21042c in mrb_str_buf_new string.c:115
#6 0x10b16273b in mrb_mod_attr_writer class.c:1360
#7 0x10b281950 in mrb_vm_exec vm.c:1229
#8 0x10b277589 in mrb_vm_run vm.c:815
#9 0x10b2a8a19 in mrb_top_run vm.c:2569
#10 0x10b1cce84 in mrb_load_irep_cxt load.c:638
#11 0x10b1cdcbf in mrb_load_irep load.c:644
#12 0x10b31a276 in GENERATED_TMP_mrb_mruby_enumerator_gem_init (mruby+0x100208276)
#13 0x10b3935ed in mrb_init_mrbgems (mruby+0x1002815ed)
#14 0x10b20d491 in mrb_open_allocf state.c:114
#15 0x10b20d437 in mrb_open state.c:99
#16 0x10b112d97 in main mruby.c:172
#17 0x7fffb4357254 in start (libdyld.dylib+0x5254)
SUMMARY: AddressSanitizer: heap-buffer-overflow (libclang_rt.asan_osx_dynamic.dylib+0x419ea) in __asan_memcpy
Shadow bytes around the buggy address:
0x1c1a00001720: 00 00 00 00 00 00 01 fa fa fa fa fa fa fa fa fa
0x1c1a00001730: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x1c1a00001740: 01 fa fa fa fa fa fa fa fa fa 00 00 00 00 00 00
0x1c1a00001750: 00 00 00 00 00 00 00 00 00 00 01 fa fa fa fa fa
0x1c1a00001760: fa fa fa fa 00 00 00 00 00 00 00 00 00 00 00 00
=>0x1c1a00001770: 00 00 00 00 01 fa fa fa[fa]fa fa fa fa fa 00 00
0x1c1a00001780: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 fa
0x1c1a00001790: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00
0x1c1a000017a0: 00 00 00 00 00 00 00 00 01 fa fa fa fa fa fa fa
0x1c1a000017b0: fa fa 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x1c1a000017c0: 00 00 01 fa fa fa fa fa fa fa fa fa 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap right redzone: fb
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==82414==ABORTING
Abort trap: 6
The following input demonstrates a crash:
This input is a variation of the one in #3442.
ASAN report:
This issue was reported by https://hackerone.com/ssarong
The text was updated successfully, but these errors were encountered: