On 25 Mar 2020, at 05:32, aar0nge ***@***.***> wrote:
Work environment
Questions Answers
OS/arch/bits (mandatory) Ubuntu x86 64
File format of the file you reverse (mandatory) ELF
Architecture/bits of the file (mandatory) x86/64
r2 -v full output, not truncated (mandatory) rradare2 4.3.1 23909 @ linux-x86-64 git.4.3.1-1-ge55661b commit: e55661b <e55661b> build: 2020-03-22__22:18:20
Expected behavior
Handle input error
Actual behavior
double free/invalid pointer to free
Steps to reproduce the behavior
$ r2 -
[0x00000000]> in 0
[0x00000000]> oc 0
[0x00000000]> in 0
*** Error in `r2': free(): invalid pointer: 0x00007fffed1bcd00 ***
……
Additional Logs, screenshots, source-code, configuration dump, ...
<https://user-images.githubusercontent.com/20163299/77501626-880ca780-6e93-11ea-8669-48362438f409.png>
The in command would first free the original core->table_query, then create a new core->table_query in cmd_info.c:cmd_info(),the oc command would free it in core.c: r_core_fini, which didn't NULL it out. So execute in 0 again would cause a double/invalid free.
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub <#16303>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAG75FR5OPXGU4YIH4B2QQTRJGCMNANCNFSM4LTFSZOA>.
Work environment
Expected behavior
Handle input error
Actual behavior
double free/invalid pointer to free
Steps to reproduce the behavior
$ r2 -
[0x00000000]> in 0
[0x00000000]> oc 0
[0x00000000]> in 0
*** Error in `r2': free(): invalid pointer: 0x00007fffed1bcd00 ***
……
Additional Logs, screenshots, source-code, configuration dump, ...
The
incommand would first free the originalcore->table_query, then create a newcore->table_queryincmd_info.c:cmd_info(),The
occommand would free it incore.c: r_core_fini, which didn't NULL it out.So execute
in 0again would cause a double/invalid free.The text was updated successfully, but these errors were encountered: