Re: AddressSanitizer: heap-buffer-overflow lib/readline/bind.c:437 in rl

bug-bash

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: AddressSanitizer: heap-buffer-overflow lib/readline/bind.c:437 in rl

From:	Eduardo Bustamante
Subject:	Re: AddressSanitizer: heap-buffer-overflow lib/readline/bind.c:437 in rl_translate_keyseq
Date:	Thu, 27 Apr 2017 20:34:01 -0500

On Thu, Apr 27, 2017 at 2:35 PM, Chet Ramey <chet.ramey@case.edu> wrote:
[...]
> Thanks for the report.  This was an easy fix. You must be fuzzing
> readline's key sequence parser.

Yes. I'm currently trying a few approaches. I got this crash from:

afl-fuzz -i i1/ -o o1/ -- ./bash/bash --noprofile --norc -ic 'bind -f @@'

After compiling with CC=afl-gcc ...

With this seed:

# cat i1/1
"\e\C-e": shell-expand-line
"\C-x(": start-kbd-macro
"\e&": tilde-expand
"\C-t": transpose-chars
"\et": transpose-words
"\C-x\C-u": undo
"\C-_": undo
"\C-u": unix-line-discard
"\C-w": unix-word-rubout
"\eu": upcase-word
"\C-y": yank
"\e.": yank-last-arg
"\e_": yank-last-arg
"\e\C-y": yank-nth-arg
"\ey": yank-pop

[Prev in Thread]

Current Thread

[Next in Thread]

AddressSanitizer: heap-buffer-overflow lib/readline/bind.c:437 in rl_translate_keyseq, Eduardo Bustamante, 2017/04/27
- Re: AddressSanitizer: heap-buffer-overflow lib/readline/bind.c:437 in rl_translate_keyseq, Chet Ramey, 2017/04/27
  - Re: AddressSanitizer: heap-buffer-overflow lib/readline/bind.c:437 in rl_translate_keyseq, Eduardo Bustamante <=

Prev by Date: Re: Core dump
Next by Date: command builtin should disable different behavior for special built-ins
Previous by thread: Re: AddressSanitizer: heap-buffer-overflow lib/readline/bind.c:437 in rl_translate_keyseq
Next by thread: free(): invalid next size (fast): 0x00005555558cac00 ***
Index(es):
- Date
- Thread