We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
The following input demonstrates a crash: 301269.txt
This issue appears quite similar to #3901.
ASAN report:
==8356==ERROR: AddressSanitizer: heap-use-after-free on address 0x000101323804 at pc 0x000100a0f00c bp 0x7ffeef43cc30 sp 0x7ffeef43cc28 READ of size 4 at 0x000101323804 thread T0 Provided dSYM: [/Users/clayton/git/mruby/bin/mruby.dSYM/Contents/Resources/DWARF/mruby] does not match symbol owner 0x7fe899d009f0 #0 0x100a0f00b in dispatch_linked codegen.c:436 #1 0x100a0fb58 in loop_pop codegen.c:3042 #2 0x1009f9734 in codegen codegen.c:1540 #3 0x1009f69a7 in codegen codegen.c:1320 #4 0x100a0fd37 in scope_body codegen.c:773 #5 0x1009fac25 in codegen codegen.c:1636 #6 0x1009f38b6 in mrb_generate_code codegen.c:3065 #7 0x100a4c2bc in mrb_load_exec parse.y:5815 #8 0x100a4de85 in mrb_load_file_cxt parse.y:5849 #9 0x1007b9d3c in main mruby.c:227 #10 0x7fff7cd23114 in start (libdyld.dylib:x86_64+0x1114) 0x000101323804 is located 8196 bytes inside of 131072-byte region [0x000101321800,0x000101341800) freed by thread T0 here: #0 0x10174a230 in wrap_realloc (libclang_rt.asan_osx_dynamic.dylib:x86_64h+0x59230) #1 0x10083fd75 in mrb_default_allocf state.c:55 #2 0x1009547d8 in mrb_realloc_simple gc.c:206 #3 0x100a0d0a5 in codegen_realloc codegen.c:136 #4 0x100a0d66d in genop codegen.c:154 #5 0x100a12e86 in genop_peep codegen.c:386 #6 0x100a19e93 in loop_break codegen.c:3011 #7 0x100a018a2 in codegen codegen.c:2093 #8 0x1009f7a66 in codegen codegen.c:1388 #9 0x1009f6b61 in codegen codegen.c:1334 #10 0x1009f931b in codegen codegen.c:1533 #11 0x1009f69a7 in codegen codegen.c:1320 #12 0x100a0fd37 in scope_body codegen.c:773 #13 0x1009fac25 in codegen codegen.c:1636 #14 0x1009f38b6 in mrb_generate_code codegen.c:3065 #15 0x100a4c2bc in mrb_load_exec parse.y:5815 #16 0x100a4de85 in mrb_load_file_cxt parse.y:5849 #17 0x1007b9d3c in main mruby.c:227 #18 0x7fff7cd23114 in start (libdyld.dylib:x86_64+0x1114) previously allocated by thread T0 here: #0 0x10174a230 in wrap_realloc (libclang_rt.asan_osx_dynamic.dylib:x86_64h+0x59230) #1 0x10083fd75 in mrb_default_allocf state.c:55 #2 0x1009547d8 in mrb_realloc_simple gc.c:206 #3 0x100a0d0a5 in codegen_realloc codegen.c:136 #4 0x100a0d66d in genop codegen.c:154 #5 0x100a16fa0 in gen_call codegen.c:976 #6 0x1009fac53 in codegen codegen.c:1641 #7 0x1009f7a66 in codegen codegen.c:1388 #8 0x1009f69a7 in codegen codegen.c:1320 #9 0x100a0fd37 in scope_body codegen.c:773 #10 0x1009fac25 in codegen codegen.c:1636 #11 0x1009f38b6 in mrb_generate_code codegen.c:3065 #12 0x100a4c2bc in mrb_load_exec parse.y:5815 #13 0x100a4de85 in mrb_load_file_cxt parse.y:5849 #14 0x1007b9d3c in main mruby.c:227 #15 0x7fff7cd23114 in start (libdyld.dylib:x86_64+0x1114) SUMMARY: AddressSanitizer: heap-use-after-free codegen.c:436 in dispatch_linked Shadow bytes around the buggy address: 0x1000202646b0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x1000202646c0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x1000202646d0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x1000202646e0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x1000202646f0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd =>0x100020264700:[fd]fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x100020264710: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x100020264720: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x100020264730: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x100020264740: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x100020264750: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb ==8356==ABORTING Abort trap: 6
This issue was reported by https://hackerone.com/j0s3
The text was updated successfully, but these errors were encountered:
ec63b1a
No branches or pull requests
The following input demonstrates a crash: 301269.txt
This issue appears quite similar to #3901.
ASAN report:
This issue was reported by https://hackerone.com/j0s3
The text was updated successfully, but these errors were encountered: