Heap buffer overflow in OP_GETCONST #3693
Description
The following input demonstrates a crash:
def one
too { yield }
endbegin;1;rescue => e1;e1;end;
def too
yield
ensure
one { break }
end
oneASAN report:
==59106==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x62e000017470 at pc 0x00010b6ea4ca bp 0x7fff54085f90 sp 0x7fff54085740
WRITE of size 16 at 0x62e000017470 thread T0
#0 0x10b6ea4c9 in __asan_memcpy (libclang_rt.asan_osx_dynamic.dylib:x86_64h+0x4d4c9)
#1 0x10b443ac6 in mrb_vm_exec (mruby:x86_64+0x100167ac6)
#2 0x10b43f2e6 in mrb_vm_run (mruby:x86_64+0x1001632e6)
#3 0x10b43716e in mrb_run (mruby:x86_64+0x10015b16e)
#4 0x10b4712c9 in ecall (mruby:x86_64+0x1001952c9)
#5 0x10b45861b in mrb_vm_exec (mruby:x86_64+0x10017c61b)
#6 0x10b43f2e6 in mrb_vm_run (mruby:x86_64+0x1001632e6)
#7 0x10b43716e in mrb_run (mruby:x86_64+0x10015b16e)
#8 0x10b4712c9 in ecall (mruby:x86_64+0x1001952c9)
#9 0x10b45861b in mrb_vm_exec (mruby:x86_64+0x10017c61b)
#10 0x10b43f2e6 in mrb_vm_run (mruby:x86_64+0x1001632e6)
#11 0x10b43716e in mrb_run (mruby:x86_64+0x10015b16e)
#12 0x10b4712c9 in ecall (mruby:x86_64+0x1001952c9)
#13 0x10b45861b in mrb_vm_exec (mruby:x86_64+0x10017c61b)
#14 0x10b43f2e6 in mrb_vm_run (mruby:x86_64+0x1001632e6)
#15 0x10b43716e in mrb_run (mruby:x86_64+0x10015b16e)
#16 0x10b4712c9 in ecall (mruby:x86_64+0x1001952c9)
#17 0x10b45861b in mrb_vm_exec (mruby:x86_64+0x10017c61b)
#18 0x10b43f2e6 in mrb_vm_run (mruby:x86_64+0x1001632e6)
#19 0x10b43716e in mrb_run (mruby:x86_64+0x10015b16e)
#20 0x10b4712c9 in ecall (mruby:x86_64+0x1001952c9)
#21 0x10b45861b in mrb_vm_exec (mruby:x86_64+0x10017c61b)
#22 0x10b43f2e6 in mrb_vm_run (mruby:x86_64+0x1001632e6)
#23 0x10b43716e in mrb_run (mruby:x86_64+0x10015b16e)
#24 0x10b4712c9 in ecall (mruby:x86_64+0x1001952c9)
#25 0x10b45861b in mrb_vm_exec (mruby:x86_64+0x10017c61b)
#26 0x10b43f2e6 in mrb_vm_run (mruby:x86_64+0x1001632e6)
#27 0x10b43716e in mrb_run (mruby:x86_64+0x10015b16e)
#28 0x10b4712c9 in ecall (mruby:x86_64+0x1001952c9)
#29 0x10b45861b in mrb_vm_exec (mruby:x86_64+0x10017c61b)
#30 0x10b43f2e6 in mrb_vm_run (mruby:x86_64+0x1001632e6)
#31 0x10b43716e in mrb_run (mruby:x86_64+0x10015b16e)
#32 0x10b4712c9 in ecall (mruby:x86_64+0x1001952c9)
#33 0x10b45861b in mrb_vm_exec (mruby:x86_64+0x10017c61b)
#34 0x10b43f2e6 in mrb_vm_run (mruby:x86_64+0x1001632e6)
#35 0x10b43716e in mrb_run (mruby:x86_64+0x10015b16e)
#36 0x10b4712c9 in ecall (mruby:x86_64+0x1001952c9)
#37 0x10b45861b in mrb_vm_exec (mruby:x86_64+0x10017c61b)
#38 0x10b43f2e6 in mrb_vm_run (mruby:x86_64+0x1001632e6)
#39 0x10b43716e in mrb_run (mruby:x86_64+0x10015b16e)
#40 0x10b4712c9 in ecall (mruby:x86_64+0x1001952c9)
#41 0x10b45861b in mrb_vm_exec (mruby:x86_64+0x10017c61b)
#42 0x10b43f2e6 in mrb_vm_run (mruby:x86_64+0x1001632e6)
#43 0x10b43716e in mrb_run (mruby:x86_64+0x10015b16e)
#44 0x10b4712c9 in ecall (mruby:x86_64+0x1001952c9)
#45 0x10b45861b in mrb_vm_exec (mruby:x86_64+0x10017c61b)
#46 0x10b43f2e6 in mrb_vm_run (mruby:x86_64+0x1001632e6)
#47 0x10b43716e in mrb_run (mruby:x86_64+0x10015b16e)
#48 0x10b4712c9 in ecall (mruby:x86_64+0x1001952c9)
#49 0x10b45861b in mrb_vm_exec (mruby:x86_64+0x10017c61b)
#50 0x10b43f2e6 in mrb_vm_run (mruby:x86_64+0x1001632e6)
#51 0x10b43716e in mrb_run (mruby:x86_64+0x10015b16e)
#52 0x10b4712c9 in ecall (mruby:x86_64+0x1001952c9)
#53 0x10b45861b in mrb_vm_exec (mruby:x86_64+0x10017c61b)
#54 0x10b43f2e6 in mrb_vm_run (mruby:x86_64+0x1001632e6)
#55 0x10b43716e in mrb_run (mruby:x86_64+0x10015b16e)
#56 0x10b4712c9 in ecall (mruby:x86_64+0x1001952c9)
#57 0x10b45861b in mrb_vm_exec (mruby:x86_64+0x10017c61b)
#58 0x10b43f2e6 in mrb_vm_run (mruby:x86_64+0x1001632e6)
#59 0x10b43716e in mrb_run (mruby:x86_64+0x10015b16e)
#60 0x10b4712c9 in ecall (mruby:x86_64+0x1001952c9)
#61 0x10b45861b in mrb_vm_exec (mruby:x86_64+0x10017c61b)
#62 0x10b43f2e6 in mrb_vm_run (mruby:x86_64+0x1001632e6)
#63 0x10b43716e in mrb_run (mruby:x86_64+0x10015b16e)
#64 0x10b4712c9 in ecall (mruby:x86_64+0x1001952c9)
#65 0x10b45861b in mrb_vm_exec (mruby:x86_64+0x10017c61b)
#66 0x10b43f2e6 in mrb_vm_run (mruby:x86_64+0x1001632e6)
#67 0x10b43716e in mrb_run (mruby:x86_64+0x10015b16e)
#68 0x10b4712c9 in ecall (mruby:x86_64+0x1001952c9)
#69 0x10b45861b in mrb_vm_exec (mruby:x86_64+0x10017c61b)
#70 0x10b43f2e6 in mrb_vm_run (mruby:x86_64+0x1001632e6)
#71 0x10b43716e in mrb_run (mruby:x86_64+0x10015b16e)
#72 0x10b4712c9 in ecall (mruby:x86_64+0x1001952c9)
#73 0x10b45861b in mrb_vm_exec (mruby:x86_64+0x10017c61b)
#74 0x10b43f2e6 in mrb_vm_run (mruby:x86_64+0x1001632e6)
#75 0x10b43716e in mrb_run (mruby:x86_64+0x10015b16e)
#76 0x10b4712c9 in ecall (mruby:x86_64+0x1001952c9)
#77 0x10b45861b in mrb_vm_exec (mruby:x86_64+0x10017c61b)
#78 0x10b43f2e6 in mrb_vm_run (mruby:x86_64+0x1001632e6)
#79 0x10b43716e in mrb_run (mruby:x86_64+0x10015b16e)
#80 0x10b4712c9 in ecall (mruby:x86_64+0x1001952c9)
#81 0x10b45861b in mrb_vm_exec (mruby:x86_64+0x10017c61b)
#82 0x10b43f2e6 in mrb_vm_run (mruby:x86_64+0x1001632e6)
#83 0x10b43716e in mrb_run (mruby:x86_64+0x10015b16e)
#84 0x10b4712c9 in ecall (mruby:x86_64+0x1001952c9)
#85 0x10b45861b in mrb_vm_exec (mruby:x86_64+0x10017c61b)
#86 0x10b43f2e6 in mrb_vm_run (mruby:x86_64+0x1001632e6)
#87 0x10b43716e in mrb_run (mruby:x86_64+0x10015b16e)
#88 0x10b4712c9 in ecall (mruby:x86_64+0x1001952c9)
#89 0x10b45861b in mrb_vm_exec (mruby:x86_64+0x10017c61b)
#90 0x10b43f2e6 in mrb_vm_run (mruby:x86_64+0x1001632e6)
#91 0x10b43716e in mrb_run (mruby:x86_64+0x10015b16e)
#92 0x10b4712c9 in ecall (mruby:x86_64+0x1001952c9)
#93 0x10b45861b in mrb_vm_exec (mruby:x86_64+0x10017c61b)
#94 0x10b43f2e6 in mrb_vm_run (mruby:x86_64+0x1001632e6)
#95 0x10b43716e in mrb_run (mruby:x86_64+0x10015b16e)
#96 0x10b4712c9 in ecall (mruby:x86_64+0x1001952c9)
#97 0x10b45861b in mrb_vm_exec (mruby:x86_64+0x10017c61b)
#98 0x10b43f2e6 in mrb_vm_run (mruby:x86_64+0x1001632e6)
#99 0x10b43716e in mrb_run (mruby:x86_64+0x10015b16e)
#100 0x10b4712c9 in ecall (mruby:x86_64+0x1001952c9)
#101 0x10b45861b in mrb_vm_exec (mruby:x86_64+0x10017c61b)
#102 0x10b43f2e6 in mrb_vm_run (mruby:x86_64+0x1001632e6)
#103 0x10b43716e in mrb_run (mruby:x86_64+0x10015b16e)
#104 0x10b4712c9 in ecall (mruby:x86_64+0x1001952c9)
#105 0x10b45861b in mrb_vm_exec (mruby:x86_64+0x10017c61b)
#106 0x10b43f2e6 in mrb_vm_run (mruby:x86_64+0x1001632e6)
#107 0x10b43716e in mrb_run (mruby:x86_64+0x10015b16e)
#108 0x10b4712c9 in ecall (mruby:x86_64+0x1001952c9)
#109 0x10b45861b in mrb_vm_exec (mruby:x86_64+0x10017c61b)
#110 0x10b43f2e6 in mrb_vm_run (mruby:x86_64+0x1001632e6)
#111 0x10b43716e in mrb_run (mruby:x86_64+0x10015b16e)
#112 0x10b4712c9 in ecall (mruby:x86_64+0x1001952c9)
#113 0x10b45861b in mrb_vm_exec (mruby:x86_64+0x10017c61b)
#114 0x10b43f2e6 in mrb_vm_run (mruby:x86_64+0x1001632e6)
#115 0x10b43716e in mrb_run (mruby:x86_64+0x10015b16e)
#116 0x10b4712c9 in ecall (mruby:x86_64+0x1001952c9)
#117 0x10b45861b in mrb_vm_exec (mruby:x86_64+0x10017c61b)
#118 0x10b43f2e6 in mrb_vm_run (mruby:x86_64+0x1001632e6)
#119 0x10b43716e in mrb_run (mruby:x86_64+0x10015b16e)
#120 0x10b4712c9 in ecall (mruby:x86_64+0x1001952c9)
#121 0x10b45861b in mrb_vm_exec (mruby:x86_64+0x10017c61b)
#122 0x10b43f2e6 in mrb_vm_run (mruby:x86_64+0x1001632e6)
#123 0x10b43716e in mrb_run (mruby:x86_64+0x10015b16e)
#124 0x10b4712c9 in ecall (mruby:x86_64+0x1001952c9)
#125 0x10b45861b in mrb_vm_exec (mruby:x86_64+0x10017c61b)
#126 0x10b43f2e6 in mrb_vm_run (mruby:x86_64+0x1001632e6)
#127 0x10b43716e in mrb_run (mruby:x86_64+0x10015b16e)
#128 0x10b4712c9 in ecall (mruby:x86_64+0x1001952c9)
#129 0x10b45861b in mrb_vm_exec (mruby:x86_64+0x10017c61b)
#130 0x10b43f2e6 in mrb_vm_run (mruby:x86_64+0x1001632e6)
#131 0x10b43716e in mrb_run (mruby:x86_64+0x10015b16e)
#132 0x10b4712c9 in ecall (mruby:x86_64+0x1001952c9)
#133 0x10b45861b in mrb_vm_exec (mruby:x86_64+0x10017c61b)
#134 0x10b43f2e6 in mrb_vm_run (mruby:x86_64+0x1001632e6)
#135 0x10b43716e in mrb_run (mruby:x86_64+0x10015b16e)
#136 0x10b4712c9 in ecall (mruby:x86_64+0x1001952c9)
#137 0x10b45861b in mrb_vm_exec (mruby:x86_64+0x10017c61b)
#138 0x10b43f2e6 in mrb_vm_run (mruby:x86_64+0x1001632e6)
#139 0x10b43716e in mrb_run (mruby:x86_64+0x10015b16e)
#140 0x10b4712c9 in ecall (mruby:x86_64+0x1001952c9)
#141 0x10b45861b in mrb_vm_exec (mruby:x86_64+0x10017c61b)
#142 0x10b43f2e6 in mrb_vm_run (mruby:x86_64+0x1001632e6)
#143 0x10b43716e in mrb_run (mruby:x86_64+0x10015b16e)
#144 0x10b4712c9 in ecall (mruby:x86_64+0x1001952c9)
#145 0x10b45861b in mrb_vm_exec (mruby:x86_64+0x10017c61b)
#146 0x10b43f2e6 in mrb_vm_run (mruby:x86_64+0x1001632e6)
#147 0x10b43716e in mrb_run (mruby:x86_64+0x10015b16e)
#148 0x10b4712c9 in ecall (mruby:x86_64+0x1001952c9)
#149 0x10b45861b in mrb_vm_exec (mruby:x86_64+0x10017c61b)
#150 0x10b43f2e6 in mrb_vm_run (mruby:x86_64+0x1001632e6)
#151 0x10b43716e in mrb_run (mruby:x86_64+0x10015b16e)
#152 0x10b4712c9 in ecall (mruby:x86_64+0x1001952c9)
#153 0x10b45861b in mrb_vm_exec (mruby:x86_64+0x10017c61b)
#154 0x10b43f2e6 in mrb_vm_run (mruby:x86_64+0x1001632e6)
#155 0x10b43716e in mrb_run (mruby:x86_64+0x10015b16e)
#156 0x10b4712c9 in ecall (mruby:x86_64+0x1001952c9)
#157 0x10b45861b in mrb_vm_exec (mruby:x86_64+0x10017c61b)
#158 0x10b43f2e6 in mrb_vm_run (mruby:x86_64+0x1001632e6)
#159 0x10b43716e in mrb_run (mruby:x86_64+0x10015b16e)
#160 0x10b4712c9 in ecall (mruby:x86_64+0x1001952c9)
#161 0x10b45861b in mrb_vm_exec (mruby:x86_64+0x10017c61b)
#162 0x10b43f2e6 in mrb_vm_run (mruby:x86_64+0x1001632e6)
#163 0x10b43716e in mrb_run (mruby:x86_64+0x10015b16e)
#164 0x10b4712c9 in ecall (mruby:x86_64+0x1001952c9)
#165 0x10b45861b in mrb_vm_exec (mruby:x86_64+0x10017c61b)
#166 0x10b43f2e6 in mrb_vm_run (mruby:x86_64+0x1001632e6)
#167 0x10b43716e in mrb_run (mruby:x86_64+0x10015b16e)
#168 0x10b4712c9 in ecall (mruby:x86_64+0x1001952c9)
#169 0x10b45861b in mrb_vm_exec (mruby:x86_64+0x10017c61b)
#170 0x10b43f2e6 in mrb_vm_run (mruby:x86_64+0x1001632e6)
#171 0x10b43716e in mrb_run (mruby:x86_64+0x10015b16e)
#172 0x10b4712c9 in ecall (mruby:x86_64+0x1001952c9)
#173 0x10b45861b in mrb_vm_exec (mruby:x86_64+0x10017c61b)
#174 0x10b43f2e6 in mrb_vm_run (mruby:x86_64+0x1001632e6)
#175 0x10b43716e in mrb_run (mruby:x86_64+0x10015b16e)
#176 0x10b4712c9 in ecall (mruby:x86_64+0x1001952c9)
#177 0x10b45861b in mrb_vm_exec (mruby:x86_64+0x10017c61b)
#178 0x10b43f2e6 in mrb_vm_run (mruby:x86_64+0x1001632e6)
#179 0x10b43716e in mrb_run (mruby:x86_64+0x10015b16e)
#180 0x10b4712c9 in ecall (mruby:x86_64+0x1001952c9)
#181 0x10b45861b in mrb_vm_exec (mruby:x86_64+0x10017c61b)
#182 0x10b43f2e6 in mrb_vm_run (mruby:x86_64+0x1001632e6)
#183 0x10b43716e in mrb_run (mruby:x86_64+0x10015b16e)
#184 0x10b4712c9 in ecall (mruby:x86_64+0x1001952c9)
#185 0x10b45861b in mrb_vm_exec (mruby:x86_64+0x10017c61b)
#186 0x10b43f2e6 in mrb_vm_run (mruby:x86_64+0x1001632e6)
#187 0x10b43716e in mrb_run (mruby:x86_64+0x10015b16e)
#188 0x10b4712c9 in ecall (mruby:x86_64+0x1001952c9)
#189 0x10b45861b in mrb_vm_exec (mruby:x86_64+0x10017c61b)
#190 0x10b43f2e6 in mrb_vm_run (mruby:x86_64+0x1001632e6)
#191 0x10b43716e in mrb_run (mruby:x86_64+0x10015b16e)
#192 0x10b4712c9 in ecall (mruby:x86_64+0x1001952c9)
#193 0x10b45861b in mrb_vm_exec (mruby:x86_64+0x10017c61b)
#194 0x10b43f2e6 in mrb_vm_run (mruby:x86_64+0x1001632e6)
#195 0x10b43716e in mrb_run (mruby:x86_64+0x10015b16e)
#196 0x10b4712c9 in ecall (mruby:x86_64+0x1001952c9)
#197 0x10b45861b in mrb_vm_exec (mruby:x86_64+0x10017c61b)
#198 0x10b43f2e6 in mrb_vm_run (mruby:x86_64+0x1001632e6)
#199 0x10b43716e in mrb_run (mruby:x86_64+0x10015b16e)
#200 0x10b4712c9 in ecall (mruby:x86_64+0x1001952c9)
#201 0x10b45861b in mrb_vm_exec (mruby:x86_64+0x10017c61b)
#202 0x10b43f2e6 in mrb_vm_run (mruby:x86_64+0x1001632e6)
#203 0x10b43716e in mrb_run (mruby:x86_64+0x10015b16e)
#204 0x10b4712c9 in ecall (mruby:x86_64+0x1001952c9)
#205 0x10b45861b in mrb_vm_exec (mruby:x86_64+0x10017c61b)
#206 0x10b43f2e6 in mrb_vm_run (mruby:x86_64+0x1001632e6)
#207 0x10b43716e in mrb_run (mruby:x86_64+0x10015b16e)
#208 0x10b4712c9 in ecall (mruby:x86_64+0x1001952c9)
#209 0x10b45861b in mrb_vm_exec (mruby:x86_64+0x10017c61b)
#210 0x10b43f2e6 in mrb_vm_run (mruby:x86_64+0x1001632e6)
#211 0x10b43716e in mrb_run (mruby:x86_64+0x10015b16e)
#212 0x10b4712c9 in ecall (mruby:x86_64+0x1001952c9)
#213 0x10b45861b in mrb_vm_exec (mruby:x86_64+0x10017c61b)
#214 0x10b43f2e6 in mrb_vm_run (mruby:x86_64+0x1001632e6)
#215 0x10b43716e in mrb_run (mruby:x86_64+0x10015b16e)
#216 0x10b4712c9 in ecall (mruby:x86_64+0x1001952c9)
#217 0x10b45861b in mrb_vm_exec (mruby:x86_64+0x10017c61b)
#218 0x10b43f2e6 in mrb_vm_run (mruby:x86_64+0x1001632e6)
#219 0x10b43716e in mrb_run (mruby:x86_64+0x10015b16e)
#220 0x10b4712c9 in ecall (mruby:x86_64+0x1001952c9)
#221 0x10b45861b in mrb_vm_exec (mruby:x86_64+0x10017c61b)
#222 0x10b43f2e6 in mrb_vm_run (mruby:x86_64+0x1001632e6)
#223 0x10b43716e in mrb_run (mruby:x86_64+0x10015b16e)
#224 0x10b4712c9 in ecall (mruby:x86_64+0x1001952c9)
#225 0x10b45861b in mrb_vm_exec (mruby:x86_64+0x10017c61b)
#226 0x10b43f2e6 in mrb_vm_run (mruby:x86_64+0x1001632e6)
#227 0x10b43716e in mrb_run (mruby:x86_64+0x10015b16e)
#228 0x10b4712c9 in ecall (mruby:x86_64+0x1001952c9)
#229 0x10b45861b in mrb_vm_exec (mruby:x86_64+0x10017c61b)
#230 0x10b43f2e6 in mrb_vm_run (mruby:x86_64+0x1001632e6)
#231 0x10b43716e in mrb_run (mruby:x86_64+0x10015b16e)
#232 0x10b4712c9 in ecall (mruby:x86_64+0x1001952c9)
#233 0x10b45861b in mrb_vm_exec (mruby:x86_64+0x10017c61b)
#234 0x10b43f2e6 in mrb_vm_run (mruby:x86_64+0x1001632e6)
#235 0x10b43716e in mrb_run (mruby:x86_64+0x10015b16e)
#236 0x10b4712c9 in ecall (mruby:x86_64+0x1001952c9)
#237 0x10b45861b in mrb_vm_exec (mruby:x86_64+0x10017c61b)
#238 0x10b43f2e6 in mrb_vm_run (mruby:x86_64+0x1001632e6)
#239 0x10b43716e in mrb_run (mruby:x86_64+0x10015b16e)
#240 0x10b4712c9 in ecall (mruby:x86_64+0x1001952c9)
#241 0x10b45861b in mrb_vm_exec (mruby:x86_64+0x10017c61b)
#242 0x10b43f2e6 in mrb_vm_run (mruby:x86_64+0x1001632e6)
#243 0x10b43716e in mrb_run (mruby:x86_64+0x10015b16e)
#244 0x10b4712c9 in ecall (mruby:x86_64+0x1001952c9)
#245 0x10b45861b in mrb_vm_exec (mruby:x86_64+0x10017c61b)
#246 0x10b43f2e6 in mrb_vm_run (mruby:x86_64+0x1001632e6)
#247 0x10b43716e in mrb_run (mruby:x86_64+0x10015b16e)
#248 0x10b4712c9 in ecall (mruby:x86_64+0x1001952c9)
#249 0x10b45861b in mrb_vm_exec (mruby:x86_64+0x10017c61b)
#250 0x10b43f2e6 in mrb_vm_run (mruby:x86_64+0x1001632e6)
#251 0x10b43716e in mrb_run (mruby:x86_64+0x10015b16e)
#252 0x10b4712c9 in ecall (mruby:x86_64+0x1001952c9)
#253 0x10b45861b in mrb_vm_exec (mruby:x86_64+0x10017c61b)
#254 0x10b43f2e6 in mrb_vm_run (mruby:x86_64+0x1001632e6)
#255 0x10b43716e in mrb_run (mruby:x86_64+0x10015b16e)
0x62e000017470 is located 0 bytes to the right of 45168-byte region [0x62e00000c400,0x62e000017470)
allocated by thread T0 here:
#0 0x10b6f3520 in wrap_realloc (libclang_rt.asan_osx_dynamic.dylib:x86_64h+0x56520)
#1 0x10b3d2be5 in mrb_default_allocf (mruby:x86_64+0x1000f6be5)
#2 0x10b353958 in mrb_realloc_simple gc.c:203
#3 0x10b3540ae in mrb_realloc gc.c:217
#4 0x10b47489f in stack_extend_alloc (mruby:x86_64+0x10019889f)
#5 0x10b43642f in stack_extend (mruby:x86_64+0x10015a42f)
#6 0x10b43f184 in mrb_vm_run (mruby:x86_64+0x100163184)
#7 0x10b43716e in mrb_run (mruby:x86_64+0x10015b16e)
#8 0x10b4712c9 in ecall (mruby:x86_64+0x1001952c9)
#9 0x10b45861b in mrb_vm_exec (mruby:x86_64+0x10017c61b)
#10 0x10b43f2e6 in mrb_vm_run (mruby:x86_64+0x1001632e6)
#11 0x10b43716e in mrb_run (mruby:x86_64+0x10015b16e)
#12 0x10b4712c9 in ecall (mruby:x86_64+0x1001952c9)
#13 0x10b45861b in mrb_vm_exec (mruby:x86_64+0x10017c61b)
#14 0x10b43f2e6 in mrb_vm_run (mruby:x86_64+0x1001632e6)
#15 0x10b43716e in mrb_run (mruby:x86_64+0x10015b16e)
#16 0x10b4712c9 in ecall (mruby:x86_64+0x1001952c9)
#17 0x10b45861b in mrb_vm_exec (mruby:x86_64+0x10017c61b)
#18 0x10b43f2e6 in mrb_vm_run (mruby:x86_64+0x1001632e6)
#19 0x10b43716e in mrb_run (mruby:x86_64+0x10015b16e)
#20 0x10b4712c9 in ecall (mruby:x86_64+0x1001952c9)
#21 0x10b45861b in mrb_vm_exec (mruby:x86_64+0x10017c61b)
#22 0x10b43f2e6 in mrb_vm_run (mruby:x86_64+0x1001632e6)
#23 0x10b43716e in mrb_run (mruby:x86_64+0x10015b16e)
#24 0x10b4712c9 in ecall (mruby:x86_64+0x1001952c9)
#25 0x10b45861b in mrb_vm_exec (mruby:x86_64+0x10017c61b)
#26 0x10b43f2e6 in mrb_vm_run (mruby:x86_64+0x1001632e6)
#27 0x10b43716e in mrb_run (mruby:x86_64+0x10015b16e)
#28 0x10b4712c9 in ecall (mruby:x86_64+0x1001952c9)
#29 0x10b45861b in mrb_vm_exec (mruby:x86_64+0x10017c61b)
SUMMARY: AddressSanitizer: heap-buffer-overflow (libclang_rt.asan_osx_dynamic.dylib:x86_64h+0x4d4c9) in __asan_memcpy
Shadow bytes around the buggy address:
0x1c5c00002e30: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x1c5c00002e40: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x1c5c00002e50: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x1c5c00002e60: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x1c5c00002e70: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x1c5c00002e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00[fa]fa
0x1c5c00002e90: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x1c5c00002ea0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x1c5c00002eb0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x1c5c00002ec0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x1c5c00002ed0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==59106==ABORTING
Abort trap: 6
This issue was reported by https://hackerone.com/flamezzz