l=0./(0, *r=beginK ||=
K ||=
K ||=
K ||=
K ||=
K ||=
K ||=
K ||=
K ||=
K ||=
KKKKKKKKKKKKKKKKKKKKKKKKKqKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKK ||=
K ||=
K ||=
K ||=
K ||=
K ||= @gensureend)
This looks like it is probably related to #3464 and #3442.
ASAN report:
=================================================================
==82515==ERROR: AddressSanitizer: heap-use-after-free on address 0x625000005158 at pc 0x000104979116 bp 0x7fff5b3e9890 sp 0x7fff5b3e9888
WRITE of size 4 at 0x625000005158 thread T0
#0 0x104979115 in mrb_vm_exec vm.c:1081
#1 0x104972589 in mrb_vm_run vm.c:815
#2 0x1049a3a19 in mrb_top_run vm.c:2569
#3 0x104a717b5 in mrb_load_exec parse.y:5755
#4 0x104a725c5 in mrb_load_file_cxt parse.y:5764
#5 0x10480f01a in main mruby.c:232
#6 0x7fffb4357254 in start (libdyld.dylib+0x5254)
0x625000005158 is located 88 bytes inside of 9104-byte region [0x625000005100,0x625000007490)
freed by thread T0 here:
#0 0x104baef87 in wrap_realloc (libclang_rt.asan_osx_dynamic.dylib+0x4af87)
#1 0x104908305 in mrb_default_allocf state.c:60
#2 0x1048897b8 in mrb_realloc_simple gc.c:201
#3 0x104889e9e in mrb_realloc gc.c:215
#4 0x1049a4491 in stack_extend_alloc vm.c:161
#5 0x10496ae97 in stack_extend vm.c:181
#6 0x104972497 in mrb_vm_run vm.c:813
#7 0x10496b76e in mrb_run vm.c:2558
#8 0x1049a0dad in ecall vm.c:311
#9 0x104985cf3 in mrb_vm_exec vm.c:1633
#10 0x104972589 in mrb_vm_run vm.c:815
#11 0x1049a3a19 in mrb_top_run vm.c:2569
#12 0x104a717b5 in mrb_load_exec parse.y:5755
#13 0x104a725c5 in mrb_load_file_cxt parse.y:5764
#14 0x10480f01a in main mruby.c:232
#15 0x7fffb4357254 in start (libdyld.dylib+0x5254)
previously allocated by thread T0 here:
#0 0x104baef87 in wrap_realloc (libclang_rt.asan_osx_dynamic.dylib+0x4af87)
#1 0x104908305 in mrb_default_allocf state.c:60
#2 0x1048897b8 in mrb_realloc_simple gc.c:201
#3 0x104889e9e in mrb_realloc gc.c:215
#4 0x1049a4491 in stack_extend_alloc vm.c:161
#5 0x10496ae97 in stack_extend vm.c:181
#6 0x104972497 in mrb_vm_run vm.c:813
#7 0x1049a3a19 in mrb_top_run vm.c:2569
#8 0x104a717b5 in mrb_load_exec parse.y:5755
#9 0x104a725c5 in mrb_load_file_cxt parse.y:5764
#10 0x10480f01a in main mruby.c:232
#11 0x7fffb4357254 in start (libdyld.dylib+0x5254)
SUMMARY: AddressSanitizer: heap-use-after-free vm.c:1081 in mrb_vm_exec
Shadow bytes around the buggy address:
0x1c4a000009d0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x1c4a000009e0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x1c4a000009f0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x1c4a00000a00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x1c4a00000a10: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
=>0x1c4a00000a20: fd fd fd fd fd fd fd fd fd fd fd[fd]fd fd fd fd
0x1c4a00000a30: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x1c4a00000a40: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x1c4a00000a50: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x1c4a00000a60: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x1c4a00000a70: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap right redzone: fb
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==82515==ABORTING
Abort trap: 6
The following input demonstrates a crash:
This looks like it is probably related to #3464 and #3442.
ASAN report:
This issue was reported by https://hackerone.com/ssarong
The text was updated successfully, but these errors were encountered: