Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Segfaulting hard from visual disassembly with nonstandard config #2277

Closed
XVilka opened this issue Mar 31, 2015 · 5 comments
Closed

Segfaulting hard from visual disassembly with nonstandard config #2277

XVilka opened this issue Mar 31, 2015 · 5 comments
Labels
blocker has-test regression
Milestone
0.9.9

Comments

@XVilka
Copy link
Contributor

XVilka commented Mar 31, 2015

Just run this:

r2 /bin/ls
e asm.lines=false
e asm.offset=false
e asm.nbytes=0
Vp

and r2 will crash itself, then took gdb next along with segfault inside ptrace.
Here is valgrind reaction:
valgrind impossible
@XVilka XVilka added this to the 0.9.9 milestone Mar 31, 2015
@XVilka
Copy link
Contributor Author

XVilka commented Mar 31, 2015

Here is the full output of valgrind:

==12549== Memcheck, a memory error detector
==12549== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al.
==12549== Using Valgrind-3.10.1 and LibVEX; rerun with -h for copyright info
==12549== Command: radare2 /bin/ls
==12549== Parent PID: 20851
==12549== 
==12549== Invalid write of size 2
==12549==    at 0x4C2F403: memcpy@@GLIBC_2.14 (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==12549==    by 0x84FF136: r_print_hexpair (print.c:298)
==12549==    by 0x4EE7CC2: handle_print_show_bytes (disasm.c:1437)
==12549==    by 0x4EEA42A: r_core_print_disasm (disasm.c:2193)
==12549==    by 0x4E9ACFB: cmd_print (cmd_print.c:1994)
==12549==    by 0x4ED01EC: r_cmd_call (cmd_api.c:182)
==12549==    by 0x4EABFD8: r_core_cmd_subst_i (cmd.c:1478)
==12549==    by 0x4EAA345: r_core_cmd_subst (cmd.c:1013)
==12549==    by 0x4EACAE9: r_core_cmd (cmd.c:1669)
==12549==    by 0x4EAD12B: r_core_cmd0 (cmd.c:1800)
==12549==    by 0x4EBBF56: r_core_visual_refresh (visual.c:1604)
==12549==    by 0x4EBC42C: r_core_visual (visual.c:1699)
==12549==  Address 0x9fb1d60 is 0 bytes after a block of size 96 alloc'd
==12549==    at 0x4C2D1B0: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==12549==    by 0x84FEDA0: r_print_hexpair (print.c:246)
==12549==    by 0x4EE7CC2: handle_print_show_bytes (disasm.c:1437)
==12549==    by 0x4EEA42A: r_core_print_disasm (disasm.c:2193)
==12549==    by 0x4E9ACFB: cmd_print (cmd_print.c:1994)
==12549==    by 0x4ED01EC: r_cmd_call (cmd_api.c:182)
==12549==    by 0x4EABFD8: r_core_cmd_subst_i (cmd.c:1478)
==12549==    by 0x4EAA345: r_core_cmd_subst (cmd.c:1013)
==12549==    by 0x4EACAE9: r_core_cmd (cmd.c:1669)
==12549==    by 0x4EAD12B: r_core_cmd0 (cmd.c:1800)
==12549==    by 0x4EBBF56: r_core_visual_refresh (visual.c:1604)
==12549==    by 0x4EBC42C: r_core_visual (visual.c:1699)
==12549== 
==12549== Invalid write of size 2
==12549==    at 0x4C2F403: memcpy@@GLIBC_2.14 (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==12549==    by 0x84FF15E: r_print_hexpair (print.c:300)
==12549==    by 0x4EE7CC2: handle_print_show_bytes (disasm.c:1437)
==12549==    by 0x4EEA42A: r_core_print_disasm (disasm.c:2193)
==12549==    by 0x4E9ACFB: cmd_print (cmd_print.c:1994)
==12549==    by 0x4ED01EC: r_cmd_call (cmd_api.c:182)
==12549==    by 0x4EABFD8: r_core_cmd_subst_i (cmd.c:1478)
==12549==    by 0x4EAA345: r_core_cmd_subst (cmd.c:1013)
==12549==    by 0x4EACAE9: r_core_cmd (cmd.c:1669)
==12549==    by 0x4EAD12B: r_core_cmd0 (cmd.c:1800)
==12549==    by 0x4EBBF56: r_core_visual_refresh (visual.c:1604)
==12549==    by 0x4EBC42C: r_core_visual (visual.c:1699)
==12549==  Address 0x9fb1d62 is 2 bytes after a block of size 96 alloc'd
==12549==    at 0x4C2D1B0: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==12549==    by 0x84FEDA0: r_print_hexpair (print.c:246)
==12549==    by 0x4EE7CC2: handle_print_show_bytes (disasm.c:1437)
==12549==    by 0x4EEA42A: r_core_print_disasm (disasm.c:2193)
==12549==    by 0x4E9ACFB: cmd_print (cmd_print.c:1994)
==12549==    by 0x4ED01EC: r_cmd_call (cmd_api.c:182)
==12549==    by 0x4EABFD8: r_core_cmd_subst_i (cmd.c:1478)
==12549==    by 0x4EAA345: r_core_cmd_subst (cmd.c:1013)
==12549==    by 0x4EACAE9: r_core_cmd (cmd.c:1669)
==12549==    by 0x4EAD12B: r_core_cmd0 (cmd.c:1800)
==12549==    by 0x4EBBF56: r_core_visual_refresh (visual.c:1604)
==12549==    by 0x4EBC42C: r_core_visual (visual.c:1699)
==12549== 
==12549== Invalid write of size 2
==12549==    at 0x4C2F403: memcpy@@GLIBC_2.14 (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==12549==    by 0x84FF1CE: r_print_hexpair (print.c:307)
==12549==    by 0x4EE7CC2: handle_print_show_bytes (disasm.c:1437)
==12549==    by 0x4EEA42A: r_core_print_disasm (disasm.c:2193)
==12549==    by 0x4E9ACFB: cmd_print (cmd_print.c:1994)
==12549==    by 0x4ED01EC: r_cmd_call (cmd_api.c:182)
==12549==    by 0x4EABFD8: r_core_cmd_subst_i (cmd.c:1478)
==12549==    by 0x4EAA345: r_core_cmd_subst (cmd.c:1013)
==12549==    by 0x4EACAE9: r_core_cmd (cmd.c:1669)
==12549==    by 0x4EAD12B: r_core_cmd0 (cmd.c:1800)
==12549==    by 0x4EBBF56: r_core_visual_refresh (visual.c:1604)
==12549==    by 0x4EBC42C: r_core_visual (visual.c:1699)
==12549==  Address 0x9fb1d70 is 16 bytes after a block of size 96 alloc'd
==12549==    at 0x4C2D1B0: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==12549==    by 0x84FEDA0: r_print_hexpair (print.c:246)
==12549==    by 0x4EE7CC2: handle_print_show_bytes (disasm.c:1437)
==12549==    by 0x4EEA42A: r_core_print_disasm (disasm.c:2193)
==12549==    by 0x4E9ACFB: cmd_print (cmd_print.c:1994)
==12549==    by 0x4ED01EC: r_cmd_call (cmd_api.c:182)
==12549==    by 0x4EABFD8: r_core_cmd_subst_i (cmd.c:1478)
==12549==    by 0x4EAA345: r_core_cmd_subst (cmd.c:1013)
==12549==    by 0x4EACAE9: r_core_cmd (cmd.c:1669)
==12549==    by 0x4EAD12B: r_core_cmd0 (cmd.c:1800)
==12549==    by 0x4EBBF56: r_core_visual_refresh (visual.c:1604)
==12549==    by 0x4EBC42C: r_core_visual (visual.c:1699)
==12549== 
==12549== Invalid write of size 1
==12549==    at 0x4C2F42B: memcpy@@GLIBC_2.14 (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==12549==    by 0x84FF1CE: r_print_hexpair (print.c:307)
==12549==    by 0x4EE7CC2: handle_print_show_bytes (disasm.c:1437)
==12549==    by 0x4EEA42A: r_core_print_disasm (disasm.c:2193)
==12549==    by 0x4E9ACFB: cmd_print (cmd_print.c:1994)
==12549==    by 0x4ED01EC: r_cmd_call (cmd_api.c:182)
==12549==    by 0x4EABFD8: r_core_cmd_subst_i (cmd.c:1478)
==12549==    by 0x4EAA345: r_core_cmd_subst (cmd.c:1013)
==12549==    by 0x4EACAE9: r_core_cmd (cmd.c:1669)
==12549==    by 0x4EAD12B: r_core_cmd0 (cmd.c:1800)
==12549==    by 0x4EBBF56: r_core_visual_refresh (visual.c:1604)
==12549==    by 0x4EBC42C: r_core_visual (visual.c:1699)
==12549==  Address 0x9fb1d74 is 20 bytes after a block of size 96 alloc'd
==12549==    at 0x4C2D1B0: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==12549==    by 0x84FEDA0: r_print_hexpair (print.c:246)
==12549==    by 0x4EE7CC2: handle_print_show_bytes (disasm.c:1437)
==12549==    by 0x4EEA42A: r_core_print_disasm (disasm.c:2193)
==12549==    by 0x4E9ACFB: cmd_print (cmd_print.c:1994)
==12549==    by 0x4ED01EC: r_cmd_call (cmd_api.c:182)
==12549==    by 0x4EABFD8: r_core_cmd_subst_i (cmd.c:1478)
==12549==    by 0x4EAA345: r_core_cmd_subst (cmd.c:1013)
==12549==    by 0x4EACAE9: r_core_cmd (cmd.c:1669)
==12549==    by 0x4EAD12B: r_core_cmd0 (cmd.c:1800)
==12549==    by 0x4EBBF56: r_core_visual_refresh (visual.c:1604)
==12549==    by 0x4EBC42C: r_core_visual (visual.c:1699)
==12549== 
==12549== Invalid write of size 1
==12549==    at 0x4C2F42B: memcpy@@GLIBC_2.14 (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==12549==    by 0x84FF136: r_print_hexpair (print.c:298)
==12549==    by 0x4EE7CC2: handle_print_show_bytes (disasm.c:1437)
==12549==    by 0x4EEA42A: r_core_print_disasm (disasm.c:2193)
==12549==    by 0x4E9ACFB: cmd_print (cmd_print.c:1994)
==12549==    by 0x4ED01EC: r_cmd_call (cmd_api.c:182)
==12549==    by 0x4EABFD8: r_core_cmd_subst_i (cmd.c:1478)
==12549==    by 0x4EAA345: r_core_cmd_subst (cmd.c:1013)
==12549==    by 0x4EACAE9: r_core_cmd (cmd.c:1669)
==12549==    by 0x4EAD12B: r_core_cmd0 (cmd.c:1800)
==12549==    by 0x4EBBF56: r_core_visual_refresh (visual.c:1604)
==12549==    by 0x4EBC42C: r_core_visual (visual.c:1699)
==12549==  Address 0x9fc4e20 is 0 bytes after a block of size 96 alloc'd
==12549==    at 0x4C2D1B0: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==12549==    by 0x84FEDA0: r_print_hexpair (print.c:246)
==12549==    by 0x4EE7CC2: handle_print_show_bytes (disasm.c:1437)
==12549==    by 0x4EEA42A: r_core_print_disasm (disasm.c:2193)
==12549==    by 0x4E9ACFB: cmd_print (cmd_print.c:1994)
==12549==    by 0x4ED01EC: r_cmd_call (cmd_api.c:182)
==12549==    by 0x4EABFD8: r_core_cmd_subst_i (cmd.c:1478)
==12549==    by 0x4EAA345: r_core_cmd_subst (cmd.c:1013)
==12549==    by 0x4EACAE9: r_core_cmd (cmd.c:1669)
==12549==    by 0x4EAD12B: r_core_cmd0 (cmd.c:1800)
==12549==    by 0x4EBBF56: r_core_visual_refresh (visual.c:1604)
==12549==    by 0x4EBC42C: r_core_visual (visual.c:1699)
==12549== 
==12549== Invalid write of size 1
==12549==    at 0x4C2F390: memcpy@@GLIBC_2.14 (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==12549==    by 0x84FF15E: r_print_hexpair (print.c:300)
==12549==    by 0x4EE7CC2: handle_print_show_bytes (disasm.c:1437)
==12549==    by 0x4EEA42A: r_core_print_disasm (disasm.c:2193)
==12549==    by 0x4E9ACFB: cmd_print (cmd_print.c:1994)
==12549==    by 0x4ED01EC: r_cmd_call (cmd_api.c:182)
==12549==    by 0x4EABFD8: r_core_cmd_subst_i (cmd.c:1478)
==12549==    by 0x4EAA345: r_core_cmd_subst (cmd.c:1013)
==12549==    by 0x4EACAE9: r_core_cmd (cmd.c:1669)
==12549==    by 0x4EAD12B: r_core_cmd0 (cmd.c:1800)
==12549==    by 0x4EBBF56: r_core_visual_refresh (visual.c:1604)
==12549==    by 0x4EBC42C: r_core_visual (visual.c:1699)
==12549==  Address 0x9fc4e26 is 6 bytes after a block of size 96 alloc'd
==12549==    at 0x4C2D1B0: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==12549==    by 0x84FEDA0: r_print_hexpair (print.c:246)
==12549==    by 0x4EE7CC2: handle_print_show_bytes (disasm.c:1437)
==12549==    by 0x4EEA42A: r_core_print_disasm (disasm.c:2193)
==12549==    by 0x4E9ACFB: cmd_print (cmd_print.c:1994)
==12549==    by 0x4ED01EC: r_cmd_call (cmd_api.c:182)
==12549==    by 0x4EABFD8: r_core_cmd_subst_i (cmd.c:1478)
==12549==    by 0x4EAA345: r_core_cmd_subst (cmd.c:1013)
==12549==    by 0x4EACAE9: r_core_cmd (cmd.c:1669)
==12549==    by 0x4EAD12B: r_core_cmd0 (cmd.c:1800)
==12549==    by 0x4EBBF56: r_core_visual_refresh (visual.c:1604)
==12549==    by 0x4EBC42C: r_core_visual (visual.c:1699)
==12549== 
==12549== Invalid write of size 8
==12549==    at 0x4C2F3BB: memcpy@@GLIBC_2.14 (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==12549==    by 0x84FF136: r_print_hexpair (print.c:298)
==12549==    by 0x4EE7CC2: handle_print_show_bytes (disasm.c:1437)
==12549==    by 0x4EEA42A: r_core_print_disasm (disasm.c:2193)
==12549==    by 0x4E9ACFB: cmd_print (cmd_print.c:1994)
==12549==    by 0x4ED01EC: r_cmd_call (cmd_api.c:182)
==12549==    by 0x4EABFD8: r_core_cmd_subst_i (cmd.c:1478)
==12549==    by 0x4EAA345: r_core_cmd_subst (cmd.c:1013)
==12549==    by 0x4EACAE9: r_core_cmd (cmd.c:1669)
==12549==    by 0x4EAD12B: r_core_cmd0 (cmd.c:1800)
==12549==    by 0x4EBBF56: r_core_visual_refresh (visual.c:1604)
==12549==    by 0x4EBC42C: r_core_visual (visual.c:1699)
==12549==  Address 0x9fc4e28 is 8 bytes after a block of size 96 alloc'd
==12549==    at 0x4C2D1B0: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==12549==    by 0x84FEDA0: r_print_hexpair (print.c:246)
==12549==    by 0x4EE7CC2: handle_print_show_bytes (disasm.c:1437)
==12549==    by 0x4EEA42A: r_core_print_disasm (disasm.c:2193)
==12549==    by 0x4E9ACFB: cmd_print (cmd_print.c:1994)
==12549==    by 0x4ED01EC: r_cmd_call (cmd_api.c:182)
==12549==    by 0x4EABFD8: r_core_cmd_subst_i (cmd.c:1478)
==12549==    by 0x4EAA345: r_core_cmd_subst (cmd.c:1013)
==12549==    by 0x4EACAE9: r_core_cmd (cmd.c:1669)
==12549==    by 0x4EAD12B: r_core_cmd0 (cmd.c:1800)
==12549==    by 0x4EBBF56: r_core_visual_refresh (visual.c:1604)
==12549==    by 0x4EBC42C: r_core_visual (visual.c:1699)
==12549== 
==12549== Invalid write of size 1
==12549==    at 0x4C2F42B: memcpy@@GLIBC_2.14 (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==12549==    by 0x84FF15E: r_print_hexpair (print.c:300)
==12549==    by 0x4EE7CC2: handle_print_show_bytes (disasm.c:1437)
==12549==    by 0x4EEA42A: r_core_print_disasm (disasm.c:2193)
==12549==    by 0x4E9ACFB: cmd_print (cmd_print.c:1994)
==12549==    by 0x4ED01EC: r_cmd_call (cmd_api.c:182)
==12549==    by 0x4EABFD8: r_core_cmd_subst_i (cmd.c:1478)
==12549==    by 0x4EAA345: r_core_cmd_subst (cmd.c:1013)
==12549==    by 0x4EACAE9: r_core_cmd (cmd.c:1669)
==12549==    by 0x4EAD12B: r_core_cmd0 (cmd.c:1800)
==12549==    by 0x4EBBF56: r_core_visual_refresh (visual.c:1604)
==12549==    by 0x4EBC42C: r_core_visual (visual.c:1699)
==12549==  Address 0x9fc4e33 is 19 bytes after a block of size 96 alloc'd
==12549==    at 0x4C2D1B0: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==12549==    by 0x84FEDA0: r_print_hexpair (print.c:246)
==12549==    by 0x4EE7CC2: handle_print_show_bytes (disasm.c:1437)
==12549==    by 0x4EEA42A: r_core_print_disasm (disasm.c:2193)
==12549==    by 0x4E9ACFB: cmd_print (cmd_print.c:1994)
==12549==    by 0x4ED01EC: r_cmd_call (cmd_api.c:182)
==12549==    by 0x4EABFD8: r_core_cmd_subst_i (cmd.c:1478)
==12549==    by 0x4EAA345: r_core_cmd_subst (cmd.c:1013)
==12549==    by 0x4EACAE9: r_core_cmd (cmd.c:1669)
==12549==    by 0x4EAD12B: r_core_cmd0 (cmd.c:1800)
==12549==    by 0x4EBBF56: r_core_visual_refresh (visual.c:1604)
==12549==    by 0x4EBC42C: r_core_visual (visual.c:1699)
==12549== 
--12549-- VALGRIND INTERNAL ERROR: Valgrind received a signal 11 (SIGSEGV) - exiting
--12549-- si_code=80;  Faulting address: 0x0;  sp: 0x808b9dda0

valgrind: the 'impossible' happened:
   Killed by fatal signal

host stacktrace:
==12549==    at 0x38068238: ??? (in /usr/lib64/valgrind/memcheck-amd64-linux)
==12549==    by 0x38029E44: ??? (in /usr/lib64/valgrind/memcheck-amd64-linux)
==12549==    by 0x3802A017: ??? (in /usr/lib64/valgrind/memcheck-amd64-linux)
==12549==    by 0x380ACFA8: ??? (in /usr/lib64/valgrind/memcheck-amd64-linux)
==12549==    by 0x380BC529: ??? (in /usr/lib64/valgrind/memcheck-amd64-linux)

sched status:
  running_tid=1

Thread 1: status = VgTs_Runnable
==12549==    at 0x4C2D1B0: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==12549==    by 0x8BBF299: strdup (strdup.c:42)
==12549==    by 0x4EE3ED7: handle_build_op_str (disasm.c:434)
==12549==    by 0x4EEA45C: r_core_print_disasm (disasm.c:2195)
==12549==    by 0x4E9ACFB: cmd_print (cmd_print.c:1994)
==12549==    by 0x4ED01EC: r_cmd_call (cmd_api.c:182)
==12549==    by 0x4EABFD8: r_core_cmd_subst_i (cmd.c:1478)
==12549==    by 0x4EAA345: r_core_cmd_subst (cmd.c:1013)
==12549==    by 0x4EACAE9: r_core_cmd (cmd.c:1669)
==12549==    by 0x4EAD12B: r_core_cmd0 (cmd.c:1800)
==12549==    by 0x4EBBF56: r_core_visual_refresh (visual.c:1604)
==12549==    by 0x4EBC42C: r_core_visual (visual.c:1699)
==12549==    by 0x4EA934C: cmd_visual (cmd.c:700)
==12549==    by 0x4ED01EC: r_cmd_call (cmd_api.c:182)
==12549==    by 0x4EABFD8: r_core_cmd_subst_i (cmd.c:1478)
==12549==    by 0x4EAA345: r_core_cmd_subst (cmd.c:1013)
==12549==    by 0x4EACAE9: r_core_cmd (cmd.c:1669)
==12549==    by 0x4E69D47: r_core_prompt_exec (core.c:1072)
==12549==    by 0x4054A2: main (radare2.c:771)


Note: see also the FAQ in the source distribution.
It contains workarounds to several common problems.
In particular, if Valgrind aborted or crashed after
identifying problems in your program, there's a good chance
that fixing those problems will prevent Valgrind aborting or
crashing, especially if it happened in m_mallocfree.c.

If that doesn't help, please report this bug to: www.valgrind.org

In the bug report, send all the above text, the valgrind
version, and what OS and version you are using.  Thanks.

@radare
Copy link
Collaborator

radare commented Mar 31, 2015

Omg! The impossible happened!

On 31 Mar 2015, at 23:02, Anton Kochkov notifications@github.com wrote:

Just run this:

r2 /bin/ls
|> e asm.lines=false
|> e asm.offset=false
|> e asm.nbytes=0
|> Vt
and r2 will crash itself, then took gdb next along with segfault inside ptrace.
Here is valgrind reaction:


Reply to this email directly or view it on GitHub.

@radare
Copy link
Collaborator

radare commented Mar 31, 2015

Cant reproduce (tested on linux64 and osx)

@Maijin
Copy link
Contributor

Maijin commented Apr 6, 2015

http://radare.tv/a/42 after "Vp" maintained "page next" on keyboard

@crowell
Copy link
Collaborator

crowell commented Apr 6, 2015

I was able to reproduce the same day after xvilka reported this. Let me check when I get home

@radare radare closed this as completed in fc40b6e Apr 6, 2015
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
blocker has-test regression
Projects
None yet
Milestone
0.9.9
Development

No branches or pull requests
4 participants
@XVilka @crowell @radare @Maijin