=================================================================
==52749==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60200001c8e8 at pc 0x000109772e3f bp 0x7fff565e97d0 sp 0x7fff565e97c8
READ of size 4 at 0x60200001c8e8 thread T0
#0 0x109772e3e in mrb_vm_exec vm.c:1868
#1 0x10975a939 in mrb_vm_run vm.c:823
#2 0x1097539be in mrb_run vm.c:2571
#3 0x10978966e in ecall vm.c:314
#4 0x10976e51b in mrb_vm_exec vm.c:1652
#5 0x10975a939 in mrb_vm_run vm.c:823
#6 0x1097539be in mrb_run vm.c:2571
#7 0x10978966e in ecall vm.c:314
#8 0x109762852 in mrb_vm_exec vm.c:1133
#9 0x10975a939 in mrb_vm_run vm.c:823
#10 0x1097539be in mrb_run vm.c:2571
#11 0x10978966e in ecall vm.c:314
#12 0x109762852 in mrb_vm_exec vm.c:1133
#13 0x10975a939 in mrb_vm_run vm.c:823
#14 0x10978c359 in mrb_top_run vm.c:2582
#15 0x10985ae45 in mrb_load_exec parse.y:5760
#16 0x10985bc55 in mrb_load_file_cxt parse.y:5769
#17 0x1095f7046 in main mruby.c:227
#18 0x7fffb4357254 in start (libdyld.dylib+0x5254)
0x60200001c8e8 is located 8 bytes to the left of 10-byte region [0x60200001c8f0,0x60200001c8fa)
allocated by thread T0 here:
#0 0x10999ef87 in wrap_realloc (libclang_rt.asan_osx_dynamic.dylib+0x4af87)
#1 0x1096f0015 in mrb_default_allocf state.c:60
#2 0x109671bc8 in mrb_realloc_simple gc.c:201
#3 0x109672d53 in mrb_malloc_simple gc.c:242
#4 0x10982d9cd in codegen_malloc codegen.c:123
#5 0x10982d54a in scope_finish codegen.c:2879
#6 0x10981f58a in scope_body codegen.c:753
#7 0x10980a193 in codegen codegen.c:1577
#8 0x1098038f1 in mrb_generate_code codegen.c:2983
#9 0x10985a2c0 in mrb_load_exec parse.y:5737
#10 0x10985bc55 in mrb_load_file_cxt parse.y:5769
#11 0x1095f7046 in main mruby.c:227
#12 0x7fffb4357254 in start (libdyld.dylib+0x5254)
SUMMARY: AddressSanitizer: heap-buffer-overflow vm.c:1868 in mrb_vm_exec
Shadow bytes around the buggy address:
0x1c04000038c0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x1c04000038d0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x1c04000038e0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x1c04000038f0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x1c0400003900: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
=>0x1c0400003910: fa fa fa fa fa fa fa fa fa fa 00 00 fa[fa]00 02
0x1c0400003920: fa fa 00 fa fa fa 00 fa fa fa 00 fa fa fa 04 fa
0x1c0400003930: fa fa 00 fa fa fa 00 00 fa fa 00 02 fa fa 00 fa
0x1c0400003940: fa fa 00 fa fa fa 00 fa fa fa 04 fa fa fa 00 fa
0x1c0400003950: fa fa 00 00 fa fa 00 02 fa fa 00 fa fa fa 00 fa
0x1c0400003960: fa fa 00 fa fa fa 00 fa fa fa 00 00 fa fa 00 02
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap right redzone: fb
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==52749==ABORTING
Abort trap: 6
The following input demonstrates a crash:
ASAN report:
This issue was reported by Dinko Galetic and Denis Kasak (https://hackerone.com/dgaletic)
The text was updated successfully, but these errors were encountered: