==42706==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x619000000e80 at pc 0x00010d30e3fe bp 0x7ffee2dcd970 sp 0x7ffee2dcd120
READ of size 16 at 0x619000000e80 thread T0
#0 0x10d30e3fd in __asan_memcpy (libclang_rt.asan_osx_dynamic.dylib:x86_64h+0x4f3fd)
#1 0x10cedd8a8 in mrb_vm_exec vm.c:1859
#2 0x10cec672b in mrb_vm_run vm.c:950
#3 0x10cefe483 in mrb_top_run vm.c:3005
#4 0x10d0fe067 in mrb_load_exec parse.y:5835
#5 0x10d0feea9 in mrb_load_file_cxt parse.y:5844
#6 0x10ce2a685 in main mruby.c:279
#7 0x7fff76f6d014 in start (libdyld.dylib:x86_64+0x1014)
0x619000000e80 is located 0 bytes to the right of 1024-byte region [0x619000000a80,0x619000000e80)
allocated by thread T0 here:
#0 0x10d3161a7 in wrap_realloc (libclang_rt.asan_osx_dynamic.dylib:x86_64h+0x571a7)
#1 0x10ceb2af5 in mrb_default_allocf state.c:55
#2 0x10cfc9908 in mrb_realloc_simple gc.c:206
#3 0x10cfca0d1 in mrb_realloc gc.c:220
#4 0x10cfcaba3 in mrb_malloc gc.c:242
#5 0x10d09953e in fiber_init fiber.c:97
#6 0x10ce71499 in mrb_instance_new class.c:1591
#7 0x10ced2fe1 in mrb_vm_exec vm.c:1472
#8 0x10cec672b in mrb_vm_run vm.c:950
#9 0x10cefe483 in mrb_top_run vm.c:3005
#10 0x10d0fe067 in mrb_load_exec parse.y:5835
#11 0x10d0feea9 in mrb_load_file_cxt parse.y:5844
#12 0x10ce2a685 in main mruby.c:279
#13 0x7fff76f6d014 in start (libdyld.dylib:x86_64+0x1014)
SUMMARY: AddressSanitizer: heap-buffer-overflow (libclang_rt.asan_osx_dynamic.dylib:x86_64h+0x4f3fd) in __asan_memcpy
Shadow bytes around the buggy address:
0x1c3200000180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x1c3200000190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x1c32000001a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x1c32000001b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x1c32000001c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x1c32000001d0:[fa]fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x1c32000001e0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x1c32000001f0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x1c3200000200: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x1c3200000210: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x1c3200000220: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==42706==ABORTING
Abort trap: 6
This issue was reported by Daniel Teuchert, Cornelius Aschermann, Tommaso Frassetto and Tigist Abera (https://hackerone.com/pnoltof).
The text was updated successfully, but these errors were encountered:
The following input demonstrates a crash:
This issue looks similar to #3641.
ASAN report:
This issue was reported by Daniel Teuchert, Cornelius Aschermann, Tommaso Frassetto and Tigist Abera (https://hackerone.com/pnoltof).
The text was updated successfully, but these errors were encountered: