You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
==25197==ERROR: AddressSanitizer: heap-use-after-free on address 0x6110000040b8 at pc 0x7efe631cc8b9 bp 0x7ffe6f1b0740 sp 0x7ffe6f1b0730
READ of size 8 at 0x6110000040b8 thread T0
#0 0x7efe631cc8b8 in r_anal_bb_free XYZ/radare2/libr/anal/bb.c:49
#1 0x7efe5f69e152 in r_list_delete XYZ/radare2/libr/util/list.c:93
#2 0x7efe5f69e2b2 in r_list_purge XYZ/radare2/libr/util/list.c:62
#3 0x7efe5f69e375 in r_list_free XYZ/radare2/libr/util/list.c:72
#4 0x7efe631b318b in r_anal_fcn_free XYZ/radare2/libr/anal/fcn.c:327
#5 0x7efe5f69e152 in r_list_delete XYZ/radare2/libr/util/list.c:93
#6 0x7efe5f69e2b2 in r_list_purge XYZ/radare2/libr/util/list.c:62
#7 0x7efe5f69e375 in r_list_free XYZ/radare2/libr/util/list.c:72
#8 0x7efe631ea451 in r_anal_free XYZ/radare2/libr/anal/anal.c:128
#9 0x7efe656e8274 in r_core_fini XYZ/radare2/libr/core/core.c:1945
#10 0x55e86f23ae97 in main XYZ/radare2/binr/radare2/radare2.c:1449
#11 0x7efe5efd182f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
#12 0x55e86f2423f8 in _start (/usr/local/bin/radare2+0x113f8)
0x6110000040b8 is located 184 bytes inside of 216-byte region [0x611000004000,0x6110000040d8)
freed by thread T0 here:
#0 0x7efe65f5f2ca in __interceptor_free (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x982ca)
#1 0x7efe5f69e152 in r_list_delete XYZ/radare2/libr/util/list.c:93
previously allocated by thread T0 here:
#0 0x7efe65f5f79a in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x9879a)
#1 0x7efe631cc9c7 in r_anal_bb_new XYZ/radare2/libr/anal/bb.c:11
SUMMARY: AddressSanitizer: heap-use-after-free XYZ/radare2/libr/anal/bb.c:49 r_anal_bb_free
Shadow bytes around the buggy address:
0x0c227fff87c0: 00 00 00 00 00 00 00 00 00 00 00 00 fa fa fa fa
0x0c227fff87d0: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00
0x0c227fff87e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c227fff87f0: 00 00 00 fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c227fff8800: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
=>0x0c227fff8810: fd fd fd fd fd fd fd[fd]fd fd fd fa fa fa fa fa
0x0c227fff8820: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00
0x0c227fff8830: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c227fff8840: 00 00 00 00 fa fa fa fa fa fa fa fa fa fa fa fa
0x0c227fff8850: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c227fff8860: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap right redzone: fb
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
==25197==ABORTING
The text was updated successfully, but these errors were encountered:
Work environment
Expected behavior
Disassembly of file or error message.
Actual behavior
UAF in ASAN build.
Steps to reproduce the behavior
r2 -A r2_uaf_r_anal_bb_free
Additional Logs, screenshots, source-code, configuration dump, ...
The text was updated successfully, but these errors were encountered: