bug-bash
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

AddressSanitizer: heap-buffer-overflow in rl_search_history


From: Eduardo Bustamante
Subject: AddressSanitizer: heap-buffer-overflow in rl_search_history
Date: Thu, 15 Jun 2017 09:43:54 -0500
User-agent: NeoMutt/20170113 (1.7.2)

Found by fuzzing `read -e' with AFL. The stacktrace reported by Address
Sanitizer is followed by the base64 encoded crashing input.


==15910==ERROR: AddressSanitizer: heap-buffer-overflow on address 
0x61100000977f at pc 0x55794384fd88 bp 0x7ffd35b10720 sp 0x7ffd35b10718
READ of size 1 at 0x61100000977f thread T0
    #0 0x55794384fd87 in _rl_isearch_dispatch 
(/home/dualbus/src/gnu/bash-build/bash+0x22ad87)
    #1 0x557943850cae in rl_search_history 
(/home/dualbus/src/gnu/bash-build/bash+0x22bcae)
    #2 0x55794384b7ac in rl_reverse_search_history 
(/home/dualbus/src/gnu/bash-build/bash+0x2267ac)
    #3 0x55794382130d in _rl_dispatch_subseq 
(/home/dualbus/src/gnu/bash-build/bash+0x1fc30d)
    #4 0x557943820ee8 in _rl_dispatch 
(/home/dualbus/src/gnu/bash-build/bash+0x1fbee8)
    #5 0x557943820727 in readline_internal_char 
(/home/dualbus/src/gnu/bash-build/bash+0x1fb727)
    #6 0x5579438207b9 in readline_internal_charloop 
(/home/dualbus/src/gnu/bash-build/bash+0x1fb7b9)
    #7 0x5579438207dd in readline_internal 
(/home/dualbus/src/gnu/bash-build/bash+0x1fb7dd)
    #8 0x55794381fe93 in readline 
(/home/dualbus/src/gnu/bash-build/bash+0x1fae93)
    #9 0x5579437db136 in edit_line 
(/home/dualbus/src/gnu/bash-build/bash+0x1b6136)
    #10 0x5579437d8aa4 in read_builtin 
(/home/dualbus/src/gnu/bash-build/bash+0x1b3aa4)
    #11 0x5579436eec89 in execute_builtin 
(/home/dualbus/src/gnu/bash-build/bash+0xc9c89)
    #12 0x5579436f089f in execute_builtin_or_function 
(/home/dualbus/src/gnu/bash-build/bash+0xcb89f)
    #13 0x5579436ee11f in execute_simple_command 
(/home/dualbus/src/gnu/bash-build/bash+0xc911f)
    #14 0x5579436dbf42 in execute_command_internal 
(/home/dualbus/src/gnu/bash-build/bash+0xb6f42)
    #15 0x5579436e482e in execute_connection 
(/home/dualbus/src/gnu/bash-build/bash+0xbf82e)
    #16 0x5579436dcd17 in execute_command_internal 
(/home/dualbus/src/gnu/bash-build/bash+0xb7d17)
    #17 0x5579437c60f4 in parse_and_execute 
(/home/dualbus/src/gnu/bash-build/bash+0x1a10f4)
    #18 0x5579436a7401 in run_one_command 
(/home/dualbus/src/gnu/bash-build/bash+0x82401)
    #19 0x5579436a58da in main (/home/dualbus/src/gnu/bash-build/bash+0x808da)
    #20 0x7fd76993a2b0 in __libc_start_main 
(/lib/x86_64-linux-gnu/libc.so.6+0x202b0)
    #21 0x5579436a4749 in _start (/home/dualbus/src/gnu/bash-build/bash+0x7f749)
0x61100000977f is located 1 bytes to the left of 256-byte region 
[0x611000009780,0x611000009880)
allocated by thread T0 here:
    #0 0x7fd76a1a7d28 in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.3+0xc1d28)
    #1 0x5579437b4d95 in xmalloc 
(/home/dualbus/src/gnu/bash-build/bash+0x18fd95)
    #2 0x557943822220 in readline_initialize_everything 
(/home/dualbus/src/gnu/bash-build/bash+0x1fd220)
    #3 0x5579438220c6 in rl_initialize 
(/home/dualbus/src/gnu/bash-build/bash+0x1fd0c6)
    #4 0x55794378fc28 in initialize_readline 
(/home/dualbus/src/gnu/bash-build/bash+0x16ac28)
    #5 0x5579437db096 in edit_line 
(/home/dualbus/src/gnu/bash-build/bash+0x1b6096)
    #6 0x5579437d8aa4 in read_builtin 
(/home/dualbus/src/gnu/bash-build/bash+0x1b3aa4)
    #7 0x5579436eec89 in execute_builtin 
(/home/dualbus/src/gnu/bash-build/bash+0xc9c89)
    #8 0x5579436f089f in execute_builtin_or_function 
(/home/dualbus/src/gnu/bash-build/bash+0xcb89f)
    #9 0x5579436ee11f in execute_simple_command 
(/home/dualbus/src/gnu/bash-build/bash+0xc911f)
    #10 0x5579436dbf42 in execute_command_internal 
(/home/dualbus/src/gnu/bash-build/bash+0xb6f42)
    #11 0x5579436e482e in execute_connection 
(/home/dualbus/src/gnu/bash-build/bash+0xbf82e)
    #12 0x5579436dcd17 in execute_command_internal 
(/home/dualbus/src/gnu/bash-build/bash+0xb7d17)
    #13 0x5579437c60f4 in parse_and_execute 
(/home/dualbus/src/gnu/bash-build/bash+0x1a10f4)
    #14 0x5579436a7401 in run_one_command 
(/home/dualbus/src/gnu/bash-build/bash+0x82401)
    #15 0x5579436a58da in main (/home/dualbus/src/gnu/bash-build/bash+0x808da)
    #16 0x7fd76993a2b0 in __libc_start_main 
(/lib/x86_64-linux-gnu/libc.so.6+0x202b0)
SUMMARY: AddressSanitizer: heap-buffer-overflow 
(/home/dualbus/src/gnu/bash-build/bash+0x22ad87) in _rl_isearch_dispatch
Shadow bytes around the buggy address:
  0x0c227fff9290: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c227fff92a0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c227fff92b0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c227fff92c0: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00
  0x0c227fff92d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0c227fff92e0: 00 00 fa fa fa fa fa fa fa fa fa fa fa fa fa[fa]
  0x0c227fff92f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c227fff9300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c227fff9310: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00
  0x0c227fff9320: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c227fff9330: 00 00 00 00 00 00 00 00 fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Heap right redzone:      fb
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack partial redzone:   f4
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==15910==ABORTING

INPUT
AAEbLbUA9loQGDIYLhwYGBkYGJgYGBj4FwAYGBj/HgAAAEAYGBgYEhISEhISEhISEhISEhISEhIS
EhISEhISEhISEhJFbFIT+gH6Av9yzGxuRWxSE/oB+jBkAOpsgv8AIOSwzIwAAGwGbG5sXGxsIID/
//93d0B3d2BOZ2dn+vr6+mwqF+xsPQsaAQCOl36Ojhs9IFcPEAA8PCuAjgAB/+4APDwxQAuCYKUA
/n9bHlUAAQgAKFcZZf//XV07XX8c/xsF



==23875==ERROR: AddressSanitizer: heap-buffer-overflow on address 
0x61100000977e at pc 0x55e5af432d88 bp 0x7ffcf0a9ec10 sp 0x7ffcf0a9ec08
READ of size 1 at 0x61100000977e thread T0
    #0 0x55e5af432d87 in _rl_isearch_dispatch 
(/home/dualbus/src/gnu/bash-build/bash+0x22ad87)
    #1 0x55e5af433cae in rl_search_history 
(/home/dualbus/src/gnu/bash-build/bash+0x22bcae)
    #2 0x55e5af42e7cb in rl_forward_search_history 
(/home/dualbus/src/gnu/bash-build/bash+0x2267cb)
    #3 0x55e5af40430d in _rl_dispatch_subseq 
(/home/dualbus/src/gnu/bash-build/bash+0x1fc30d)
    #4 0x55e5af403ee8 in _rl_dispatch 
(/home/dualbus/src/gnu/bash-build/bash+0x1fbee8)
    #5 0x55e5af403727 in readline_internal_char 
(/home/dualbus/src/gnu/bash-build/bash+0x1fb727)
    #6 0x55e5af4037b9 in readline_internal_charloop 
(/home/dualbus/src/gnu/bash-build/bash+0x1fb7b9)
    #7 0x55e5af4037dd in readline_internal 
(/home/dualbus/src/gnu/bash-build/bash+0x1fb7dd)
    #8 0x55e5af402e93 in readline 
(/home/dualbus/src/gnu/bash-build/bash+0x1fae93)
    #9 0x55e5af3be136 in edit_line 
(/home/dualbus/src/gnu/bash-build/bash+0x1b6136)
    #10 0x55e5af3bbaa4 in read_builtin 
(/home/dualbus/src/gnu/bash-build/bash+0x1b3aa4)
    #11 0x55e5af2d1c89 in execute_builtin 
(/home/dualbus/src/gnu/bash-build/bash+0xc9c89)
    #12 0x55e5af2d389f in execute_builtin_or_function 
(/home/dualbus/src/gnu/bash-build/bash+0xcb89f)
    #13 0x55e5af2d111f in execute_simple_command 
(/home/dualbus/src/gnu/bash-build/bash+0xc911f)
    #14 0x55e5af2bef42 in execute_command_internal 
(/home/dualbus/src/gnu/bash-build/bash+0xb6f42)
    #15 0x55e5af2c782e in execute_connection 
(/home/dualbus/src/gnu/bash-build/bash+0xbf82e)
    #16 0x55e5af2bfd17 in execute_command_internal 
(/home/dualbus/src/gnu/bash-build/bash+0xb7d17)
    #17 0x55e5af3a90f4 in parse_and_execute 
(/home/dualbus/src/gnu/bash-build/bash+0x1a10f4)
    #18 0x55e5af28a401 in run_one_command 
(/home/dualbus/src/gnu/bash-build/bash+0x82401)
    #19 0x55e5af2888da in main (/home/dualbus/src/gnu/bash-build/bash+0x808da)
    #20 0x7f0c847b62b0 in __libc_start_main 
(/lib/x86_64-linux-gnu/libc.so.6+0x202b0)
    #21 0x55e5af287749 in _start (/home/dualbus/src/gnu/bash-build/bash+0x7f749)
0x61100000977e is located 2 bytes to the left of 256-byte region 
[0x611000009780,0x611000009880)
allocated by thread T0 here:
    #0 0x7f0c85023d28 in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.3+0xc1d28)
    #1 0x55e5af397d95 in xmalloc 
(/home/dualbus/src/gnu/bash-build/bash+0x18fd95)
    #2 0x55e5af405220 in readline_initialize_everything 
(/home/dualbus/src/gnu/bash-build/bash+0x1fd220)
    #3 0x55e5af4050c6 in rl_initialize 
(/home/dualbus/src/gnu/bash-build/bash+0x1fd0c6)
    #4 0x55e5af372c28 in initialize_readline 
(/home/dualbus/src/gnu/bash-build/bash+0x16ac28)
    #5 0x55e5af3be096 in edit_line 
(/home/dualbus/src/gnu/bash-build/bash+0x1b6096)
    #6 0x55e5af3bbaa4 in read_builtin 
(/home/dualbus/src/gnu/bash-build/bash+0x1b3aa4)
    #7 0x55e5af2d1c89 in execute_builtin 
(/home/dualbus/src/gnu/bash-build/bash+0xc9c89)
    #8 0x55e5af2d389f in execute_builtin_or_function 
(/home/dualbus/src/gnu/bash-build/bash+0xcb89f)
    #9 0x55e5af2d111f in execute_simple_command 
(/home/dualbus/src/gnu/bash-build/bash+0xc911f)
    #10 0x55e5af2bef42 in execute_command_internal 
(/home/dualbus/src/gnu/bash-build/bash+0xb6f42)
    #11 0x55e5af2c782e in execute_connection 
(/home/dualbus/src/gnu/bash-build/bash+0xbf82e)
    #12 0x55e5af2bfd17 in execute_command_internal 
(/home/dualbus/src/gnu/bash-build/bash+0xb7d17)
    #13 0x55e5af3a90f4 in parse_and_execute 
(/home/dualbus/src/gnu/bash-build/bash+0x1a10f4)
    #14 0x55e5af28a401 in run_one_command 
(/home/dualbus/src/gnu/bash-build/bash+0x82401)
    #15 0x55e5af2888da in main (/home/dualbus/src/gnu/bash-build/bash+0x808da)
    #16 0x7f0c847b62b0 in __libc_start_main 
(/lib/x86_64-linux-gnu/libc.so.6+0x202b0)
SUMMARY: AddressSanitizer: heap-buffer-overflow 
(/home/dualbus/src/gnu/bash-build/bash+0x22ad87) in _rl_isearch_dispatch
Shadow bytes around the buggy address:
  0x0c227fff9290: fd fd fd fd fd fd fd fa fa fa fa fa fa fa fa fa
  0x0c227fff92a0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c227fff92b0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fa
  0x0c227fff92c0: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00
  0x0c227fff92d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0c227fff92e0: 00 00 fa fa fa fa fa fa fa fa fa fa fa fa fa[fa]
  0x0c227fff92f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c227fff9300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c227fff9310: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00
  0x0c227fff9320: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c227fff9330: 00 00 00 00 00 00 00 00 fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Heap right redzone:      fb
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack partial redzone:   f4
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==23875==ABORTING

INPUT
/wIbLbUA/38QfzsYFRwYGBkYGJgYGBj4F14wGAAAAEAEANAY+xcYGRg9C0AARRgDJ3hs51seLRAA
EFsQAQASEhITR0fHR0cTUkdHR0dAzARAAQEYKDgLJ3iA/yhhHUD/gP8oYR1A/xsTVSguGzgM1X88
PDw9f0DMBEABARgo/wAGGCdzABAAAKnw8PAbzC/I0+qvAQDMIAn9AIAAR0dHR0dHR0dHSUdHzMzQ
0NDQYWFhYWH/AADMzCkDARsSJAMA/xLMzMjT6q8BAMwgCf0AgAhHR0dHR0dHR0dJR0cSEhMSEszM
f6kTISEhISFHR0dHRxISE1ISzMx/qRMhGiEhISEhISEhISHM0szMzKAXf4DOEhISAxISEgMSEhIT
R0fHR0cTUkdHR0dHR0dHEhITUhLMzH+pExIgAxISAY+PAAD///9/gM4SEjMDEhISj4+qHAD//xCA
gBIaAxISEgES5kdHR0eAIxKwzH+pj4uPj3mPj48cAP///39AAAAA9QIBGxLxEQAAAEDMz8xuE1Dg
8GdnZ26A/wCPAPP/AAAG/QAD6PmAABPoIiAA6AMAAPr//38cyM5/8RIOEhISAxISIAMSEgGPEBcA
///wf4ASEgMSEhITEhITEp5vAQA8VBwG/xIDEhIgAxISAY+PAAD///9/gM4SEhIDA+j0DwASEgMB
GxI0LRITj48A/39Xj2SPjhISEgMA/xKPj4+ijwJkIg==



==29731==ERROR: AddressSanitizer: heap-buffer-overflow on address 
0x61100000977e at pc 0x56359e3dfd88 bp 0x7ffc11f40910 sp 0x7ffc11f40908
READ of size 1 at 0x61100000977e thread T0
    #0 0x56359e3dfd87 in _rl_isearch_dispatch 
(/home/dualbus/src/gnu/bash-build/bash+0x22ad87)
    #1 0x56359e3e0cae in rl_search_history 
(/home/dualbus/src/gnu/bash-build/bash+0x22bcae)
    #2 0x56359e3db7ac in rl_reverse_search_history 
(/home/dualbus/src/gnu/bash-build/bash+0x2267ac)
    #3 0x56359e3b130d in _rl_dispatch_subseq 
(/home/dualbus/src/gnu/bash-build/bash+0x1fc30d)
    #4 0x56359e3b0ee8 in _rl_dispatch 
(/home/dualbus/src/gnu/bash-build/bash+0x1fbee8)
    #5 0x56359e3b0727 in readline_internal_char 
(/home/dualbus/src/gnu/bash-build/bash+0x1fb727)
    #6 0x56359e3b07b9 in readline_internal_charloop 
(/home/dualbus/src/gnu/bash-build/bash+0x1fb7b9)
    #7 0x56359e3b07dd in readline_internal 
(/home/dualbus/src/gnu/bash-build/bash+0x1fb7dd)
    #8 0x56359e3afe93 in readline 
(/home/dualbus/src/gnu/bash-build/bash+0x1fae93)
    #9 0x56359e36b136 in edit_line 
(/home/dualbus/src/gnu/bash-build/bash+0x1b6136)
    #10 0x56359e368aa4 in read_builtin 
(/home/dualbus/src/gnu/bash-build/bash+0x1b3aa4)
    #11 0x56359e27ec89 in execute_builtin 
(/home/dualbus/src/gnu/bash-build/bash+0xc9c89)
    #12 0x56359e28089f in execute_builtin_or_function 
(/home/dualbus/src/gnu/bash-build/bash+0xcb89f)
    #13 0x56359e27e11f in execute_simple_command 
(/home/dualbus/src/gnu/bash-build/bash+0xc911f)
    #14 0x56359e26bf42 in execute_command_internal 
(/home/dualbus/src/gnu/bash-build/bash+0xb6f42)
    #15 0x56359e27482e in execute_connection 
(/home/dualbus/src/gnu/bash-build/bash+0xbf82e)
    #16 0x56359e26cd17 in execute_command_internal 
(/home/dualbus/src/gnu/bash-build/bash+0xb7d17)
    #17 0x56359e3560f4 in parse_and_execute 
(/home/dualbus/src/gnu/bash-build/bash+0x1a10f4)
    #18 0x56359e237401 in run_one_command 
(/home/dualbus/src/gnu/bash-build/bash+0x82401)
    #19 0x56359e2358da in main (/home/dualbus/src/gnu/bash-build/bash+0x808da)
    #20 0x7f1ea74872b0 in __libc_start_main 
(/lib/x86_64-linux-gnu/libc.so.6+0x202b0)
    #21 0x56359e234749 in _start (/home/dualbus/src/gnu/bash-build/bash+0x7f749)
0x61100000977e is located 2 bytes to the left of 256-byte region 
[0x611000009780,0x611000009880)
allocated by thread T0 here:
    #0 0x7f1ea7cf4d28 in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.3+0xc1d28)
    #1 0x56359e344d95 in xmalloc 
(/home/dualbus/src/gnu/bash-build/bash+0x18fd95)
    #2 0x56359e3b2220 in readline_initialize_everything 
(/home/dualbus/src/gnu/bash-build/bash+0x1fd220)
    #3 0x56359e3b20c6 in rl_initialize 
(/home/dualbus/src/gnu/bash-build/bash+0x1fd0c6)
    #4 0x56359e31fc28 in initialize_readline 
(/home/dualbus/src/gnu/bash-build/bash+0x16ac28)
    #5 0x56359e36b096 in edit_line 
(/home/dualbus/src/gnu/bash-build/bash+0x1b6096)
    #6 0x56359e368aa4 in read_builtin 
(/home/dualbus/src/gnu/bash-build/bash+0x1b3aa4)
    #7 0x56359e27ec89 in execute_builtin 
(/home/dualbus/src/gnu/bash-build/bash+0xc9c89)
    #8 0x56359e28089f in execute_builtin_or_function 
(/home/dualbus/src/gnu/bash-build/bash+0xcb89f)
    #9 0x56359e27e11f in execute_simple_command 
(/home/dualbus/src/gnu/bash-build/bash+0xc911f)
    #10 0x56359e26bf42 in execute_command_internal 
(/home/dualbus/src/gnu/bash-build/bash+0xb6f42)
    #11 0x56359e27482e in execute_connection 
(/home/dualbus/src/gnu/bash-build/bash+0xbf82e)
    #12 0x56359e26cd17 in execute_command_internal 
(/home/dualbus/src/gnu/bash-build/bash+0xb7d17)
    #13 0x56359e3560f4 in parse_and_execute 
(/home/dualbus/src/gnu/bash-build/bash+0x1a10f4)
    #14 0x56359e237401 in run_one_command 
(/home/dualbus/src/gnu/bash-build/bash+0x82401)
    #15 0x56359e2358da in main (/home/dualbus/src/gnu/bash-build/bash+0x808da)
    #16 0x7f1ea74872b0 in __libc_start_main 
(/lib/x86_64-linux-gnu/libc.so.6+0x202b0)
SUMMARY: AddressSanitizer: heap-buffer-overflow 
(/home/dualbus/src/gnu/bash-build/bash+0x22ad87) in _rl_isearch_dispatch
Shadow bytes around the buggy address:
  0x0c227fff9290: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c227fff92a0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c227fff92b0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c227fff92c0: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00
  0x0c227fff92d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0c227fff92e0: 00 00 fa fa fa fa fa fa fa fa fa fa fa fa fa[fa]
  0x0c227fff92f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c227fff9300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c227fff9310: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00
  0x0c227fff9320: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c227fff9330: 00 00 00 00 00 00 00 00 fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Heap right redzone:      fb
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack partial redzone:   f4
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==29731==ABORTING

INPUT
AAAbLbUA9loQGDIYLhwYGBkYGJgYGBj4FwAEGBgwHgAAAEAYGBgYAOADgP85+xcYGRg9C0AAdGB3
aOgDAAAAAFNgPDxA0tJMTExMTExMTEwkf//6/97g+v/6DjUAggAAcknpTE1Nj3+PzhIAAACA/xLM
zACA//8BANV4Hf0AgAAAAO3AEBISEgMSQAAA8hETEhLMEughISEAAABkzMzMIBdlgM4SEhIDEhIS
AxJAFgDyERMSEszMf6kTEiADEhIGjwAABABb/3+AxhISEgMSEhJvj6ocAP//EIAQ6BL0EhKAEhoD
EhISARIDAID/AIAjErDMf6mPi4+PeY+PfwAR////f4DaEhISJAH6EvERjxwA////f4DaEhISAwEb
AAABAPYAEhIDARsSNC0SE1Dg8GdnZ257IACPAPP/AAAGAAAD6PmAAP/oIiD8//8/s//vX2eK////
fxzIzoASEg4SEhIDEhISEgGPgAAACwMAAABAEhIBj48yAP//8H+A/9h/gM4SEjMDEhISAxISEhMx
EgMA/xLMzACA//8BAMyAHf0AgADOEhIzAxISEgMSEhITEhIDAP8SzMwAgP//AQDMgB39AAAA7cAQ
APIRExISzMx/qRMSIAMSEgaPAAAEAFv/f4+Lj495j49/ABH///9/gNoSEhIkAfoSEhISExISzMx/
jxwA4v//dIASEhIDEh8gAxISAY+PAAD///+dgM4SEhISEgCd9gASgBIDARsSNC0SE4+PAwB/V49k
j44SEhLp//8Sg4+Pj48CCiI=



==29732==ERROR: AddressSanitizer: heap-buffer-overflow on address 
0x61100000977f at pc 0x562ef1644d88 bp 0x7ffdd726f7a0 sp 0x7ffdd726f798
READ of size 1 at 0x61100000977f thread T0
    #0 0x562ef1644d87 in _rl_isearch_dispatch 
(/home/dualbus/src/gnu/bash-build/bash+0x22ad87)
    #1 0x562ef1645cae in rl_search_history 
(/home/dualbus/src/gnu/bash-build/bash+0x22bcae)
    #2 0x562ef16407ac in rl_reverse_search_history 
(/home/dualbus/src/gnu/bash-build/bash+0x2267ac)
    #3 0x562ef161630d in _rl_dispatch_subseq 
(/home/dualbus/src/gnu/bash-build/bash+0x1fc30d)
    #4 0x562ef1615ee8 in _rl_dispatch 
(/home/dualbus/src/gnu/bash-build/bash+0x1fbee8)
    #5 0x562ef1615727 in readline_internal_char 
(/home/dualbus/src/gnu/bash-build/bash+0x1fb727)
    #6 0x562ef16157b9 in readline_internal_charloop 
(/home/dualbus/src/gnu/bash-build/bash+0x1fb7b9)
    #7 0x562ef16157dd in readline_internal 
(/home/dualbus/src/gnu/bash-build/bash+0x1fb7dd)
    #8 0x562ef1614e93 in readline 
(/home/dualbus/src/gnu/bash-build/bash+0x1fae93)
    #9 0x562ef15d0136 in edit_line 
(/home/dualbus/src/gnu/bash-build/bash+0x1b6136)
    #10 0x562ef15cdaa4 in read_builtin 
(/home/dualbus/src/gnu/bash-build/bash+0x1b3aa4)
    #11 0x562ef14e3c89 in execute_builtin 
(/home/dualbus/src/gnu/bash-build/bash+0xc9c89)
    #12 0x562ef14e589f in execute_builtin_or_function 
(/home/dualbus/src/gnu/bash-build/bash+0xcb89f)
    #13 0x562ef14e311f in execute_simple_command 
(/home/dualbus/src/gnu/bash-build/bash+0xc911f)
    #14 0x562ef14d0f42 in execute_command_internal 
(/home/dualbus/src/gnu/bash-build/bash+0xb6f42)
    #15 0x562ef14d982e in execute_connection 
(/home/dualbus/src/gnu/bash-build/bash+0xbf82e)
    #16 0x562ef14d1d17 in execute_command_internal 
(/home/dualbus/src/gnu/bash-build/bash+0xb7d17)
    #17 0x562ef15bb0f4 in parse_and_execute 
(/home/dualbus/src/gnu/bash-build/bash+0x1a10f4)
    #18 0x562ef149c401 in run_one_command 
(/home/dualbus/src/gnu/bash-build/bash+0x82401)
    #19 0x562ef149a8da in main (/home/dualbus/src/gnu/bash-build/bash+0x808da)
    #20 0x7fd6d39212b0 in __libc_start_main 
(/lib/x86_64-linux-gnu/libc.so.6+0x202b0)
    #21 0x562ef1499749 in _start (/home/dualbus/src/gnu/bash-build/bash+0x7f749)
0x61100000977f is located 1 bytes to the left of 256-byte region 
[0x611000009780,0x611000009880)
allocated by thread T0 here:
    #0 0x7fd6d418ed28 in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.3+0xc1d28)
    #1 0x562ef15a9d95 in xmalloc 
(/home/dualbus/src/gnu/bash-build/bash+0x18fd95)
    #2 0x562ef1617220 in readline_initialize_everything 
(/home/dualbus/src/gnu/bash-build/bash+0x1fd220)
    #3 0x562ef16170c6 in rl_initialize 
(/home/dualbus/src/gnu/bash-build/bash+0x1fd0c6)
    #4 0x562ef1584c28 in initialize_readline 
(/home/dualbus/src/gnu/bash-build/bash+0x16ac28)
    #5 0x562ef15d0096 in edit_line 
(/home/dualbus/src/gnu/bash-build/bash+0x1b6096)
    #6 0x562ef15cdaa4 in read_builtin 
(/home/dualbus/src/gnu/bash-build/bash+0x1b3aa4)
    #7 0x562ef14e3c89 in execute_builtin 
(/home/dualbus/src/gnu/bash-build/bash+0xc9c89)
    #8 0x562ef14e589f in execute_builtin_or_function 
(/home/dualbus/src/gnu/bash-build/bash+0xcb89f)
    #9 0x562ef14e311f in execute_simple_command 
(/home/dualbus/src/gnu/bash-build/bash+0xc911f)
    #10 0x562ef14d0f42 in execute_command_internal 
(/home/dualbus/src/gnu/bash-build/bash+0xb6f42)
    #11 0x562ef14d982e in execute_connection 
(/home/dualbus/src/gnu/bash-build/bash+0xbf82e)
    #12 0x562ef14d1d17 in execute_command_internal 
(/home/dualbus/src/gnu/bash-build/bash+0xb7d17)
    #13 0x562ef15bb0f4 in parse_and_execute 
(/home/dualbus/src/gnu/bash-build/bash+0x1a10f4)
    #14 0x562ef149c401 in run_one_command 
(/home/dualbus/src/gnu/bash-build/bash+0x82401)
    #15 0x562ef149a8da in main (/home/dualbus/src/gnu/bash-build/bash+0x808da)
    #16 0x7fd6d39212b0 in __libc_start_main 
(/lib/x86_64-linux-gnu/libc.so.6+0x202b0)
SUMMARY: AddressSanitizer: heap-buffer-overflow 
(/home/dualbus/src/gnu/bash-build/bash+0x22ad87) in _rl_isearch_dispatch
Shadow bytes around the buggy address:
  0x0c227fff9290: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c227fff92a0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c227fff92b0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c227fff92c0: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00
  0x0c227fff92d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0c227fff92e0: 00 00 fa fa fa fa fa fa fa fa fa fa fa fa fa[fa]
  0x0c227fff92f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c227fff9300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c227fff9310: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00
  0x0c227fff9320: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c227fff9330: 00 00 00 00 00 00 00 00 fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Heap right redzone:      fb
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack partial redzone:   f4
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==29732==ABORTING

INPUT
AAAbLbUA9loQGDIYLhwYGBkYGJgYGBj4FwAYGBgwHgAAAEAYGBgYAOADgP85+xcYGRg9C0AAlGB3
aOgDAAAAAFNgPDxg0tJMTExMTExMTEwkf//6/97g+v/6DjUAggAAcknpTE1Nj3+PzhISEgMA/xLM
zACA//8BANWAHf0AgAAAAO3AEBISEgMSQAAA8hETEhLMEgAhISEAAABkzMzMIBdlEhIDEkAWAPIR
ExISzMx/qRMSIAMSEgaPAAAEAFv/aIDOEhISAxISEmSPqhwA//8QgBDoEhITEoASGgMSEhIBEgMA
gP8AgCMSsMx/qY+Lj495j49/ABH///9/gNoAEhIkAfoS8RGPHAD///9/gNoSEhIDARsAAAEA9gAS
EgMBGxI0LRITUODwZ2dnbnsgAI8A8/8AAAYAAAPo+YAAE+giIPz//z+z/+9fZ4r///9/HMjOgBIS
DhISEgMSEhISAY+AAAALAwAAAEASEgGPjzIA///wf4D/2H9lzhIBMwMSEhIDEhISExISAwD/EszM
AID//wEAzIAd/QCAAM4SEjMDEhISAxISEhMSEgMA/xLMAAAAAf8BAMyAHf0AAADtwBDoEhITEhLM
zH+PHAD///90gBISEgMSHyADEhIBj48AAP///52AzpqPZI+OEhIS6f//EoOPj4+PAgoi



==29733==ERROR: AddressSanitizer: heap-buffer-overflow on address 
0x61100000977f at pc 0x56211a7b6d88 bp 0x7ffd3baee1a0 sp 0x7ffd3baee198
READ of size 1 at 0x61100000977f thread T0
    #0 0x56211a7b6d87 in _rl_isearch_dispatch 
(/home/dualbus/src/gnu/bash-build/bash+0x22ad87)
    #1 0x56211a7b7cae in rl_search_history 
(/home/dualbus/src/gnu/bash-build/bash+0x22bcae)
    #2 0x56211a7b27ac in rl_reverse_search_history 
(/home/dualbus/src/gnu/bash-build/bash+0x2267ac)
    #3 0x56211a78830d in _rl_dispatch_subseq 
(/home/dualbus/src/gnu/bash-build/bash+0x1fc30d)
    #4 0x56211a787ee8 in _rl_dispatch 
(/home/dualbus/src/gnu/bash-build/bash+0x1fbee8)
    #5 0x56211a787727 in readline_internal_char 
(/home/dualbus/src/gnu/bash-build/bash+0x1fb727)
    #6 0x56211a7877b9 in readline_internal_charloop 
(/home/dualbus/src/gnu/bash-build/bash+0x1fb7b9)
    #7 0x56211a7877dd in readline_internal 
(/home/dualbus/src/gnu/bash-build/bash+0x1fb7dd)
    #8 0x56211a786e93 in readline 
(/home/dualbus/src/gnu/bash-build/bash+0x1fae93)
    #9 0x56211a742136 in edit_line 
(/home/dualbus/src/gnu/bash-build/bash+0x1b6136)
    #10 0x56211a73faa4 in read_builtin 
(/home/dualbus/src/gnu/bash-build/bash+0x1b3aa4)
    #11 0x56211a655c89 in execute_builtin 
(/home/dualbus/src/gnu/bash-build/bash+0xc9c89)
    #12 0x56211a65789f in execute_builtin_or_function 
(/home/dualbus/src/gnu/bash-build/bash+0xcb89f)
    #13 0x56211a65511f in execute_simple_command 
(/home/dualbus/src/gnu/bash-build/bash+0xc911f)
    #14 0x56211a642f42 in execute_command_internal 
(/home/dualbus/src/gnu/bash-build/bash+0xb6f42)
    #15 0x56211a64b82e in execute_connection 
(/home/dualbus/src/gnu/bash-build/bash+0xbf82e)
    #16 0x56211a643d17 in execute_command_internal 
(/home/dualbus/src/gnu/bash-build/bash+0xb7d17)
    #17 0x56211a72d0f4 in parse_and_execute 
(/home/dualbus/src/gnu/bash-build/bash+0x1a10f4)
    #18 0x56211a60e401 in run_one_command 
(/home/dualbus/src/gnu/bash-build/bash+0x82401)
    #19 0x56211a60c8da in main (/home/dualbus/src/gnu/bash-build/bash+0x808da)
    #20 0x7f4820b292b0 in __libc_start_main 
(/lib/x86_64-linux-gnu/libc.so.6+0x202b0)
    #21 0x56211a60b749 in _start (/home/dualbus/src/gnu/bash-build/bash+0x7f749)
0x61100000977f is located 1 bytes to the left of 256-byte region 
[0x611000009780,0x611000009880)
allocated by thread T0 here:
    #0 0x7f4821396d28 in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.3+0xc1d28)
    #1 0x56211a71bd95 in xmalloc 
(/home/dualbus/src/gnu/bash-build/bash+0x18fd95)
    #2 0x56211a789220 in readline_initialize_everything 
(/home/dualbus/src/gnu/bash-build/bash+0x1fd220)
    #3 0x56211a7890c6 in rl_initialize 
(/home/dualbus/src/gnu/bash-build/bash+0x1fd0c6)
    #4 0x56211a6f6c28 in initialize_readline 
(/home/dualbus/src/gnu/bash-build/bash+0x16ac28)
    #5 0x56211a742096 in edit_line 
(/home/dualbus/src/gnu/bash-build/bash+0x1b6096)
    #6 0x56211a73faa4 in read_builtin 
(/home/dualbus/src/gnu/bash-build/bash+0x1b3aa4)
    #7 0x56211a655c89 in execute_builtin 
(/home/dualbus/src/gnu/bash-build/bash+0xc9c89)
    #8 0x56211a65789f in execute_builtin_or_function 
(/home/dualbus/src/gnu/bash-build/bash+0xcb89f)
    #9 0x56211a65511f in execute_simple_command 
(/home/dualbus/src/gnu/bash-build/bash+0xc911f)
    #10 0x56211a642f42 in execute_command_internal 
(/home/dualbus/src/gnu/bash-build/bash+0xb6f42)
    #11 0x56211a64b82e in execute_connection 
(/home/dualbus/src/gnu/bash-build/bash+0xbf82e)
    #12 0x56211a643d17 in execute_command_internal 
(/home/dualbus/src/gnu/bash-build/bash+0xb7d17)
    #13 0x56211a72d0f4 in parse_and_execute 
(/home/dualbus/src/gnu/bash-build/bash+0x1a10f4)
    #14 0x56211a60e401 in run_one_command 
(/home/dualbus/src/gnu/bash-build/bash+0x82401)
    #15 0x56211a60c8da in main (/home/dualbus/src/gnu/bash-build/bash+0x808da)
    #16 0x7f4820b292b0 in __libc_start_main 
(/lib/x86_64-linux-gnu/libc.so.6+0x202b0)
SUMMARY: AddressSanitizer: heap-buffer-overflow 
(/home/dualbus/src/gnu/bash-build/bash+0x22ad87) in _rl_isearch_dispatch
Shadow bytes around the buggy address:
  0x0c227fff9290: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c227fff92a0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c227fff92b0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c227fff92c0: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00
  0x0c227fff92d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0c227fff92e0: 00 00 fa fa fa fa fa fa fa fa fa fa fa fa fa[fa]
  0x0c227fff92f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c227fff9300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c227fff9310: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00
  0x0c227fff9320: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c227fff9330: 00 00 00 00 00 00 00 00 fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Heap right redzone:      fb
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack partial redzone:   f4
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==29733==ABORTING

INPUT
AAAbLbUA9loQGDIYLhwYGBkYGJgYGBj4FwAYGBgwHgAAAEAYGBgYAOADgP85+xcYGRg9C0AAlGB3
aOgDAAAAAFNgPDxg0tJMTExMTExJTEwkf//6/97g+v/6DjUAggAAcknpTE1Nj3+PzhISEgMA/xLM
zACA//8BANWAHf0AgAAAAO3AEBISEgMSQAAA8hETEhLMEgAhISEAAABkzMzMIBdlgM4SEhIDEhIS
A/hAFgDyERMSEszMf6kTEiADEhIGjwAABABb/3+AzhISEgMSEhJkj6ocAP//EIAQ6BISExKAEhoD
EhISARIDAID/AIAjErDMf6mPi4+PeY+PfwIR////f4DaEhISJAH6EvERjxwA////f4DaEhISAwEb
AAABAPYAEhIDARsSNC0SE1Dg8GdnZ257IACPAPP/AAAGAAAD6PmAAIAAIiD8//8/s//vX2eK////
fxzIyYASEg4SEgGPjzIA///wf4D/2H+AzhISMwMSEhIDEhISExISAwD/EszMAID//wEAzIAd8gCA
AM4SEjMDEhISAxISEhMSEgMA/xLMzACA//8BAMyAHf0AAADtwBDoEhITEhLMzH+PHAD///90gBIS
EgMSHyADEhIBj48AAP///52AzhISEhISAJ32ABISAwEbEjQtEhOPjwMAf1ePZI+OEhIS6f//QIOP
j4+PAgoi



==29734==ERROR: AddressSanitizer: heap-buffer-overflow on address 
0x61100000977f at pc 0x5611c6942d88 bp 0x7fffd2ff9ed0 sp 0x7fffd2ff9ec8
READ of size 1 at 0x61100000977f thread T0
    #0 0x5611c6942d87 in _rl_isearch_dispatch 
(/home/dualbus/src/gnu/bash-build/bash+0x22ad87)
    #1 0x5611c6943cae in rl_search_history 
(/home/dualbus/src/gnu/bash-build/bash+0x22bcae)
    #2 0x5611c693e7ac in rl_reverse_search_history 
(/home/dualbus/src/gnu/bash-build/bash+0x2267ac)
    #3 0x5611c691430d in _rl_dispatch_subseq 
(/home/dualbus/src/gnu/bash-build/bash+0x1fc30d)
    #4 0x5611c6913ee8 in _rl_dispatch 
(/home/dualbus/src/gnu/bash-build/bash+0x1fbee8)
    #5 0x5611c6913727 in readline_internal_char 
(/home/dualbus/src/gnu/bash-build/bash+0x1fb727)
    #6 0x5611c69137b9 in readline_internal_charloop 
(/home/dualbus/src/gnu/bash-build/bash+0x1fb7b9)
    #7 0x5611c69137dd in readline_internal 
(/home/dualbus/src/gnu/bash-build/bash+0x1fb7dd)
    #8 0x5611c6912e93 in readline 
(/home/dualbus/src/gnu/bash-build/bash+0x1fae93)
    #9 0x5611c68ce136 in edit_line 
(/home/dualbus/src/gnu/bash-build/bash+0x1b6136)
    #10 0x5611c68cbaa4 in read_builtin 
(/home/dualbus/src/gnu/bash-build/bash+0x1b3aa4)
    #11 0x5611c67e1c89 in execute_builtin 
(/home/dualbus/src/gnu/bash-build/bash+0xc9c89)
    #12 0x5611c67e389f in execute_builtin_or_function 
(/home/dualbus/src/gnu/bash-build/bash+0xcb89f)
    #13 0x5611c67e111f in execute_simple_command 
(/home/dualbus/src/gnu/bash-build/bash+0xc911f)
    #14 0x5611c67cef42 in execute_command_internal 
(/home/dualbus/src/gnu/bash-build/bash+0xb6f42)
    #15 0x5611c67d782e in execute_connection 
(/home/dualbus/src/gnu/bash-build/bash+0xbf82e)
    #16 0x5611c67cfd17 in execute_command_internal 
(/home/dualbus/src/gnu/bash-build/bash+0xb7d17)
    #17 0x5611c68b90f4 in parse_and_execute 
(/home/dualbus/src/gnu/bash-build/bash+0x1a10f4)
    #18 0x5611c679a401 in run_one_command 
(/home/dualbus/src/gnu/bash-build/bash+0x82401)
    #19 0x5611c67988da in main (/home/dualbus/src/gnu/bash-build/bash+0x808da)
    #20 0x7f660833e2b0 in __libc_start_main 
(/lib/x86_64-linux-gnu/libc.so.6+0x202b0)
    #21 0x5611c6797749 in _start (/home/dualbus/src/gnu/bash-build/bash+0x7f749)
0x61100000977f is located 1 bytes to the left of 256-byte region 
[0x611000009780,0x611000009880)
allocated by thread T0 here:
    #0 0x7f6608babd28 in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.3+0xc1d28)
    #1 0x5611c68a7d95 in xmalloc 
(/home/dualbus/src/gnu/bash-build/bash+0x18fd95)
    #2 0x5611c6915220 in readline_initialize_everything 
(/home/dualbus/src/gnu/bash-build/bash+0x1fd220)
    #3 0x5611c69150c6 in rl_initialize 
(/home/dualbus/src/gnu/bash-build/bash+0x1fd0c6)
    #4 0x5611c6882c28 in initialize_readline 
(/home/dualbus/src/gnu/bash-build/bash+0x16ac28)
    #5 0x5611c68ce096 in edit_line 
(/home/dualbus/src/gnu/bash-build/bash+0x1b6096)
    #6 0x5611c68cbaa4 in read_builtin 
(/home/dualbus/src/gnu/bash-build/bash+0x1b3aa4)
    #7 0x5611c67e1c89 in execute_builtin 
(/home/dualbus/src/gnu/bash-build/bash+0xc9c89)
    #8 0x5611c67e389f in execute_builtin_or_function 
(/home/dualbus/src/gnu/bash-build/bash+0xcb89f)
    #9 0x5611c67e111f in execute_simple_command 
(/home/dualbus/src/gnu/bash-build/bash+0xc911f)
    #10 0x5611c67cef42 in execute_command_internal 
(/home/dualbus/src/gnu/bash-build/bash+0xb6f42)
    #11 0x5611c67d782e in execute_connection 
(/home/dualbus/src/gnu/bash-build/bash+0xbf82e)
    #12 0x5611c67cfd17 in execute_command_internal 
(/home/dualbus/src/gnu/bash-build/bash+0xb7d17)
    #13 0x5611c68b90f4 in parse_and_execute 
(/home/dualbus/src/gnu/bash-build/bash+0x1a10f4)
    #14 0x5611c679a401 in run_one_command 
(/home/dualbus/src/gnu/bash-build/bash+0x82401)
    #15 0x5611c67988da in main (/home/dualbus/src/gnu/bash-build/bash+0x808da)
    #16 0x7f660833e2b0 in __libc_start_main 
(/lib/x86_64-linux-gnu/libc.so.6+0x202b0)
SUMMARY: AddressSanitizer: heap-buffer-overflow 
(/home/dualbus/src/gnu/bash-build/bash+0x22ad87) in _rl_isearch_dispatch
Shadow bytes around the buggy address:
  0x0c227fff9290: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c227fff92a0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c227fff92b0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c227fff92c0: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00
  0x0c227fff92d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0c227fff92e0: 00 00 fa fa fa fa fa fa fa fa fa fa fa fa fa[fa]
  0x0c227fff92f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c227fff9300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c227fff9310: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00
  0x0c227fff9320: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c227fff9330: 00 00 00 00 00 00 00 00 fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Heap right redzone:      fb
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack partial redzone:   f4
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==29734==ABORTING

INPUT
AAAbLbUA9loQGDIYLhwYGBkYGJgYGBj4FwAYGBgwHgAAAEAYGBgYAOADgP85+xcYGRg9C0AAlGB3
aOgDAAAAAFNgPDxg0tJMTExMTExMTEwkf//6/97g+v/6DjUAggAAcknpTE1Nj3+PzhISEgMA/xLM
zACA//8BANWAHf0AgAAAAO3AEBISEgMSQAAA8hETEhLMEgAhISEAAABkzMzMIBdlgM4SEhIDEhIS
AxJAFgDyERMSEszMf6kTEiADEhIGjwAABABb/3+AzhIS/wASEhJkj6ocAP//EIAQ6BISExKAEhoD
EhISARIDAID/AIAjErDMf6mPi4+PeY+PfwAR////f4DaEhISJAH6EvERjxwA////f4DaEhISAwEb
AAABAPYAEhIDARsSNC0SE1Dg8GdnZ257IACPAPP/AAAGAAAD6PmAABPoIiD8//8/s//vX2eK////
fxzIzoASEg4SEhIDEhISEgGPgAAACwMAAABAEhIBj48yAP//8H+A/9h/gM4SEjMDEhISAxISEhMS
EgMA/xLMzACA//8BAMyAHf0AgADOEhIzAxISEgMSEhITEhIDAP8SzMwAgP//AQDMgB39AAAA7cAQ
6BISExISzMx/jxwA////dIASEhIDEh8gAxISAY+PAAD///+dgM4SEhISEgCd9gASEgMBGxI0LRIT
gI8DAH9Xj2SPjhISEun//xKDj4+PjwIKIg==

-- 
Eduardo Bustamante
https://dualbus.me/



reply via email to

[Prev in Thread] Current Thread [Next in Thread]