[POC2](https://drive.google.com/file/d/1mwTNmF7uWuD8gbN7RCH68qQNvxA1DGmT/view?usp=sharing)
Program received signal SIGABRT, Aborted.
[----------------------------------registers-----------------------------------]
RAX: 0x0
RBX: 0x7ffff7fb2600 (0x00007ffff7fb2600)
RCX: 0x7ffff7e0518b (<__GI_raise+203>: mov rax,QWORD PTR [rsp+0x108])
RDX: 0x0
RSI: 0x7fffffffdd00 --> 0x0
RDI: 0x2
RBP: 0x7fffffffe050 --> 0x5555555815a0 --> 0x0
RSP: 0x7fffffffdd00 --> 0x0
RIP: 0x7ffff7e0518b (<__GI_raise+203>: mov rax,QWORD PTR [rsp+0x108])
R8 : 0x0
R9 : 0x7fffffffdd00 --> 0x0
R10: 0x8
R11: 0x246
R12: 0x7fffffffdf70 --> 0x0
R13: 0x10
R14: 0x7ffff7ffb000 --> 0x6c61657200001000
R15: 0x1
EFLAGS: 0x246 (carry PARITY adjust ZERO sign trap INTERRUPT direction overflow)
[-------------------------------------code-------------------------------------]
0x7ffff7e0517f <__GI_raise+191>: mov edi,0x2
0x7ffff7e05184 <__GI_raise+196>: mov eax,0xe
0x7ffff7e05189 <__GI_raise+201>: syscall
=> 0x7ffff7e0518b <__GI_raise+203>: mov rax,QWORD PTR [rsp+0x108]
0x7ffff7e05193 <__GI_raise+211>: xor rax,QWORD PTR fs:0x28
0x7ffff7e0519c <__GI_raise+220>: jne 0x7ffff7e051c4 <__GI_raise+260>
0x7ffff7e0519e <__GI_raise+222>: mov eax,r8d
0x7ffff7e051a1 <__GI_raise+225>: add rsp,0x118
[------------------------------------stack-------------------------------------]
0000| 0x7fffffffdd00 --> 0x0
0008| 0x7fffffffdd08 --> 0x55555557f0c0 --> 0x55555557ebb0 --> 0x7ffff7539000 --> 0x10102464c457f
0016| 0x7fffffffdd10 --> 0x3
0024| 0x7fffffffdd18 --> 0xd45be60417d36d00
0032| 0x7fffffffdd20 --> 0x1f7fcf580
0040| 0x7fffffffdd28 --> 0x7ffff753a000 --> 0x11001200000565
0048| 0x7fffffffdd30 --> 0x555555581790 --> 0x0
0056| 0x7fffffffdd38 --> 0xffffffffffffffff
[------------------------------------------------------------------------------]
Legend: code, data, rodata, value
Stopped reason: SIGABRT
__GI_raise (sig=sig@entry=0x6) at ../sysdeps/unix/sysv/linux/raise.c:50
50 ../sysdeps/unix/sysv/linux/raise.c: No such file or directory.
gdb-peda$ bt
#0 __GI_raise (sig=sig@entry=0x6) at ../sysdeps/unix/sysv/linux/raise.c:50
#1 0x00007ffff7de4859 in __GI_abort () at abort.c:79
#2 0x00007ffff7e4f3ee in __libc_message (action="" fmt=fmt@entry=0x7ffff7f79285 "%s\n") at ../sysdeps/posix/libc_fatal.c:155
#3 0x00007ffff7e5747c in malloc_printerr (str=str@entry=0x7ffff7f775a8 "realloc(): invalid next size") at malloc.c:5347
#4 0x00007ffff7e5b12c in _int_realloc (av=av@entry=0x7ffff7faab80 <main_arena>, oldp=oldp@entry=0x5555555815a0, oldsize=oldsize@entry=0x20, nb=0x20) at malloc.c:4564
#5 0x00007ffff7e5d136 in __GI___libc_realloc (oldmem=0x5555555815b0, bytes=0x11) at malloc.c:3226
#6 0x000055555555a8a0 in another (pargc=pargc@entry=0x7fffffffe16c, pargv=pargv@entry=0x7fffffffe160, prompt=prompt@entry=0x55555556d727 "macro name") at cmds.c:202
#7 0x000055555555f2ac in macdef (argc=<optimized out>, argv=<optimized out>) at /usr/include/x86_64-linux-gnu/bits/stdio2.h:107
#8 0x000055555555fb93 in domacro (argc=<optimized out>, argv=<optimized out>) at domacro.c:261
#9 0x0000555555564e12 in cmdscanner (top=<optimized out>) at main.c:464
#10 0x000055555555a1c2 in main (argc=0x0, argc@entry=0x1, argv=<optimized out>, argv@entry=0x7fffffffe388) at main.c:313
#11 0x00007ffff7de60b3 in __libc_start_main (main=0x555555559f10 <main>, argc=0x1, argv=0x7fffffffe388, init=<optimized out>, fini=<optimized out>,
rtld_fini=<optimized out>, stack_end=0x7fffffffe378) at ../csu/libc-start.c:308
#12 0x000055555555a27e in _start ()
==2120832==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x602000000dbe at pc 0x000000480e4e bp 0x7fff39918270 sp 0x7fff39917a30
WRITE of size 39 at 0x602000000dbe thread T0
#0 0x480e4d in strcpy (/home/zxq/CVE_testing/project/inetutils-2.2/build/bin/ftp+0x480e4d)
#1 0x4de01b in domacro /home/zxq/CVE_testing/project/inetutils-2.2/ftp/domacro.c:269:8
#2 0x4f3068 in cmdscanner /home/zxq/CVE_testing/project/inetutils-2.2/ftp/main.c:464:7
#3 0x4f2165 in main /home/zxq/CVE_testing/project/inetutils-2.2/ftp/main.c:313:7
#4 0x7effdd27b0b2 in __libc_start_main /build/glibc-eX1tMB/glibc-2.31/csu/../csu/libc-start.c:308:16
#5 0x41c5cd in _start (/home/zxq/CVE_testing/project/inetutils-2.2/build/bin/ftp+0x41c5cd)
0x602000000dbe is located 0 bytes to the right of 14-byte region [0x602000000db0,0x602000000dbe)
allocated by thread T0 here:
#0 0x495029 in realloc (/home/zxq/CVE_testing/project/inetutils-2.2/build/bin/ftp+0x495029)
#1 0x4c4910 in another /home/zxq/CVE_testing/project/inetutils-2.2/ftp/cmds.c:202:9
#2 0x4da640 in macdef /home/zxq/CVE_testing/project/inetutils-2.2/ftp/cmds.c:2594:20
#3 0x4ddf28 in domacro /home/zxq/CVE_testing/project/inetutils-2.2/ftp/domacro.c:261:8
#4 0x4ddf28 in domacro /home/zxq/CVE_testing/project/inetutils-2.2/ftp/domacro.c:261:8
#5 0x4f3068 in cmdscanner /home/zxq/CVE_testing/project/inetutils-2.2/ftp/main.c:464:7
SUMMARY: AddressSanitizer: heap-buffer-overflow (/home/zxq/CVE_testing/project/inetutils-2.2/build/bin/ftp+0x480e4d) in strcpy
Shadow bytes around the buggy address:
0x0c047fff8160: fa fa 00 fa fa fa fd fa fa fa fd fa fa fa fd fa
0x0c047fff8170: fa fa fd fd fa fa fd fa fa fa fd fa fa fa fd fa
0x0c047fff8180: fa fa fd fa fa fa fd fa fa fa fd fa fa fa fd fd
0x0c047fff8190: fa fa fd fd fa fa fd fa fa fa fd fa fa fa fd fa
0x0c047fff81a0: fa fa fd fa fa fa fd fa fa fa fd fa fa fa fd fa
=>0x0c047fff81b0: fa fa fd fd fa fa 00[06]fa fa fd fa fa fa fd fa
0x0c047fff81c0: fa fa 04 fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c047fff81d0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c047fff81e0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c047fff81f0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c047fff8200: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
==2120832==ABORTING