[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Stack exhaustion issue in the GNU Readline
|
From: |
Neeraj Pal |
|
Subject: |
Stack exhaustion issue in the GNU Readline |
|
Date: |
Mon, 5 Apr 2021 01:49:24 +0530 |
Hi there,
While fuzzing the GNU Readline with hongfuzz, I found a stack
exhaustion issue which seems to be happened due to deep recursion
This bug report tested on following GNU Readline versions:
- GNU Readline git devel rev: 109eadf6fe5c6a7e95ef0298820897ce6ee9172e
- GNU Readline git master rev: cf3c762ecfff5b2f445647a0f1543693984a5540
- GNU Readline 8.1-rc3
- GNU Readline 8.1
Attaching a reproducer link where I have uploaded the test input, (my
apologies if not allowed to post links, please let me know if any
issues): https://github.com/bsdb0y/investigations/raw/master/stack-exhaust-poc1
Issue can be reproduced by running:
cat stack-exhaust-poc1|./examples/rlbasic
=================================================================
==1879148==ERROR: AddressSanitizer: stack-overflow on address
0x7fffff7fed00 (pc 0x000000498ae6 bp 0x7fffff7ff540 sp 0x7fffff7fed00
T0)
#0 0x498ae6 in realloc
(/src/readline-devel/readline/examples/rlbasic+0x498ae6)
#1 0x655002 in xrealloc /src/readline-devel/readline/xmalloc.c:70:20
#2 0x4d167c in _rl_dispatch_subseq
/src/readline-devel/readline/readline.c:895:4
#3 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9
#4 0x4d16fa in _rl_dispatch_subseq
/src/readline-devel/readline/readline.c:901:8
#5 0x4f8f62 in rl_domove_motion_callback
/src/readline-devel/readline/vi_mode.c:1184:3
#6 0x4f8f62 in rl_vi_change_to
/src/readline-devel/readline/vi_mode.c:1500:11
#7 0x4d16fa in _rl_dispatch_subseq
/src/readline-devel/readline/readline.c:901:8
#8 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9
#9 0x4d16fa in _rl_dispatch_subseq
/src/readline-devel/readline/readline.c:901:8
#10 0x4f8f62 in rl_domove_motion_callback
/src/readline-devel/readline/vi_mode.c:1184:3
#11 0x4f8f62 in rl_vi_change_to
/src/readline-devel/readline/vi_mode.c:1500:11
#12 0x4d16fa in _rl_dispatch_subseq
/src/readline-devel/readline/readline.c:901:8
#13 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9
#14 0x4d16fa in _rl_dispatch_subseq
/src/readline-devel/readline/readline.c:901:8
#15 0x4f8f62 in rl_domove_motion_callback
/src/readline-devel/readline/vi_mode.c:1184:3
#16 0x4f8f62 in rl_vi_change_to
/src/readline-devel/readline/vi_mode.c:1500:11
#17 0x4d16fa in _rl_dispatch_subseq
/src/readline-devel/readline/readline.c:901:8
#18 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9
#19 0x4d16fa in _rl_dispatch_subseq
/src/readline-devel/readline/readline.c:901:8
#20 0x4f8f62 in rl_domove_motion_callback
/src/readline-devel/readline/vi_mode.c:1184:3
#21 0x4f8f62 in rl_vi_change_to
/src/readline-devel/readline/vi_mode.c:1500:11
#22 0x4d16fa in _rl_dispatch_subseq
/src/readline-devel/readline/readline.c:901:8
#23 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9
#24 0x4d16fa in _rl_dispatch_subseq
/src/readline-devel/readline/readline.c:901:8
#25 0x4f8f62 in rl_domove_motion_callback
/src/readline-devel/readline/vi_mode.c:1184:3
#26 0x4f8f62 in rl_vi_change_to
/src/readline-devel/readline/vi_mode.c:1500:11
#27 0x4d16fa in _rl_dispatch_subseq
/src/readline-devel/readline/readline.c:901:8
#28 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9
#29 0x4d16fa in _rl_dispatch_subseq
/src/readline-devel/readline/readline.c:901:8
#30 0x4f8f62 in rl_domove_motion_callback
/src/readline-devel/readline/vi_mode.c:1184:3
#31 0x4f8f62 in rl_vi_change_to
/src/readline-devel/readline/vi_mode.c:1500:11
#32 0x4d16fa in _rl_dispatch_subseq
/src/readline-devel/readline/readline.c:901:8
#33 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9
#34 0x4d16fa in _rl_dispatch_subseq
/src/readline-devel/readline/readline.c:901:8
#35 0x4f8f62 in rl_domove_motion_callback
/src/readline-devel/readline/vi_mode.c:1184:3
#36 0x4f8f62 in rl_vi_change_to
/src/readline-devel/readline/vi_mode.c:1500:11
#37 0x4d16fa in _rl_dispatch_subseq
/src/readline-devel/readline/readline.c:901:8
#38 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9
#39 0x4d16fa in _rl_dispatch_subseq
/src/readline-devel/readline/readline.c:901:8
#40 0x4f8f62 in rl_domove_motion_callback
/src/readline-devel/readline/vi_mode.c:1184:3
#41 0x4f8f62 in rl_vi_change_to
/src/readline-devel/readline/vi_mode.c:1500:11
#42 0x4d16fa in _rl_dispatch_subseq
/src/readline-devel/readline/readline.c:901:8
#43 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9
#44 0x4d16fa in _rl_dispatch_subseq
/src/readline-devel/readline/readline.c:901:8
#45 0x4f8f62 in rl_domove_motion_callback
/src/readline-devel/readline/vi_mode.c:1184:3
#46 0x4f8f62 in rl_vi_change_to
/src/readline-devel/readline/vi_mode.c:1500:11
#47 0x4d16fa in _rl_dispatch_subseq
/src/readline-devel/readline/readline.c:901:8
#48 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9
#49 0x4d16fa in _rl_dispatch_subseq
/src/readline-devel/readline/readline.c:901:8
#50 0x4f8f62 in rl_domove_motion_callback
/src/readline-devel/readline/vi_mode.c:1184:3
#51 0x4f8f62 in rl_vi_change_to
/src/readline-devel/readline/vi_mode.c:1500:11
#52 0x4d16fa in _rl_dispatch_subseq
/src/readline-devel/readline/readline.c:901:8
#53 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9
#54 0x4d16fa in _rl_dispatch_subseq
/src/readline-devel/readline/readline.c:901:8
#55 0x4f8f62 in rl_domove_motion_callback
/src/readline-devel/readline/vi_mode.c:1184:3
#56 0x4f8f62 in rl_vi_change_to
/src/readline-devel/readline/vi_mode.c:1500:11
#57 0x4d16fa in _rl_dispatch_subseq
/src/readline-devel/readline/readline.c:901:8
#58 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9
#59 0x4d16fa in _rl_dispatch_subseq
/src/readline-devel/readline/readline.c:901:8
#60 0x4f8f62 in rl_domove_motion_callback
/src/readline-devel/readline/vi_mode.c:1184:3
#61 0x4f8f62 in rl_vi_change_to
/src/readline-devel/readline/vi_mode.c:1500:11
#62 0x4d16fa in _rl_dispatch_subseq
/src/readline-devel/readline/readline.c:901:8
#63 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9
#64 0x4d16fa in _rl_dispatch_subseq
/src/readline-devel/readline/readline.c:901:8
#65 0x4f8f62 in rl_domove_motion_callback
/src/readline-devel/readline/vi_mode.c:1184:3
#66 0x4f8f62 in rl_vi_change_to
/src/readline-devel/readline/vi_mode.c:1500:11
#67 0x4d16fa in _rl_dispatch_subseq
/src/readline-devel/readline/readline.c:901:8
#68 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9
#69 0x4d16fa in _rl_dispatch_subseq
/src/readline-devel/readline/readline.c:901:8
#70 0x4f8f62 in rl_domove_motion_callback
/src/readline-devel/readline/vi_mode.c:1184:3
#71 0x4f8f62 in rl_vi_change_to
/src/readline-devel/readline/vi_mode.c:1500:11
#72 0x4d16fa in _rl_dispatch_subseq
/src/readline-devel/readline/readline.c:901:8
#73 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9
#74 0x4d16fa in _rl_dispatch_subseq
/src/readline-devel/readline/readline.c:901:8
#75 0x4f8f62 in rl_domove_motion_callback
/src/readline-devel/readline/vi_mode.c:1184:3
#76 0x4f8f62 in rl_vi_change_to
/src/readline-devel/readline/vi_mode.c:1500:11
#77 0x4d16fa in _rl_dispatch_subseq
/src/readline-devel/readline/readline.c:901:8
#78 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9
#79 0x4d16fa in _rl_dispatch_subseq
/src/readline-devel/readline/readline.c:901:8
#80 0x4f8f62 in rl_domove_motion_callback
/src/readline-devel/readline/vi_mode.c:1184:3
#81 0x4f8f62 in rl_vi_change_to
/src/readline-devel/readline/vi_mode.c:1500:11
#82 0x4d16fa in _rl_dispatch_subseq
/src/readline-devel/readline/readline.c:901:8
#83 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9
#84 0x4d16fa in _rl_dispatch_subseq
/src/readline-devel/readline/readline.c:901:8
#85 0x4f8f62 in rl_domove_motion_callback
/src/readline-devel/readline/vi_mode.c:1184:3
#86 0x4f8f62 in rl_vi_change_to
/src/readline-devel/readline/vi_mode.c:1500:11
#87 0x4d16fa in _rl_dispatch_subseq
/src/readline-devel/readline/readline.c:901:8
#88 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9
#89 0x4d16fa in _rl_dispatch_subseq
/src/readline-devel/readline/readline.c:901:8
#90 0x4f8f62 in rl_domove_motion_callback
/src/readline-devel/readline/vi_mode.c:1184:3
#91 0x4f8f62 in rl_vi_change_to
/src/readline-devel/readline/vi_mode.c:1500:11
#92 0x4d16fa in _rl_dispatch_subseq
/src/readline-devel/readline/readline.c:901:8
#93 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9
#94 0x4d16fa in _rl_dispatch_subseq
/src/readline-devel/readline/readline.c:901:8
#95 0x4f8f62 in rl_domove_motion_callback
/src/readline-devel/readline/vi_mode.c:1184:3
#96 0x4f8f62 in rl_vi_change_to
/src/readline-devel/readline/vi_mode.c:1500:11
#97 0x4d16fa in _rl_dispatch_subseq
/src/readline-devel/readline/readline.c:901:8
#98 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9
#99 0x4d16fa in _rl_dispatch_subseq
/src/readline-devel/readline/readline.c:901:8
#100 0x4f8f62 in rl_domove_motion_callback
/src/readline-devel/readline/vi_mode.c:1184:3
#101 0x4f8f62 in rl_vi_change_to
/src/readline-devel/readline/vi_mode.c:1500:11
#102 0x4d16fa in _rl_dispatch_subseq
/src/readline-devel/readline/readline.c:901:8
#103 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9
#104 0x4d16fa in _rl_dispatch_subseq
/src/readline-devel/readline/readline.c:901:8
#105 0x4f8f62 in rl_domove_motion_callback
/src/readline-devel/readline/vi_mode.c:1184:3
#106 0x4f8f62 in rl_vi_change_to
/src/readline-devel/readline/vi_mode.c:1500:11
#107 0x4d16fa in _rl_dispatch_subseq
/src/readline-devel/readline/readline.c:901:8
#108 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9
#109 0x4d16fa in _rl_dispatch_subseq
/src/readline-devel/readline/readline.c:901:8
#110 0x4f8f62 in rl_domove_motion_callback
/src/readline-devel/readline/vi_mode.c:1184:3
#111 0x4f8f62 in rl_vi_change_to
/src/readline-devel/readline/vi_mode.c:1500:11
#112 0x4d16fa in _rl_dispatch_subseq
/src/readline-devel/readline/readline.c:901:8
#113 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9
#114 0x4d16fa in _rl_dispatch_subseq
/src/readline-devel/readline/readline.c:901:8
#115 0x4f8f62 in rl_domove_motion_callback
/src/readline-devel/readline/vi_mode.c:1184:3
#116 0x4f8f62 in rl_vi_change_to
/src/readline-devel/readline/vi_mode.c:1500:11
#117 0x4d16fa in _rl_dispatch_subseq
/src/readline-devel/readline/readline.c:901:8
#118 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9
#119 0x4d16fa in _rl_dispatch_subseq
/src/readline-devel/readline/readline.c:901:8
#120 0x4f8f62 in rl_domove_motion_callback
/src/readline-devel/readline/vi_mode.c:1184:3
#121 0x4f8f62 in rl_vi_change_to
/src/readline-devel/readline/vi_mode.c:1500:11
#122 0x4d16fa in _rl_dispatch_subseq
/src/readline-devel/readline/readline.c:901:8
#123 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9
#124 0x4d16fa in _rl_dispatch_subseq
/src/readline-devel/readline/readline.c:901:8
#125 0x4f8f62 in rl_domove_motion_callback
/src/readline-devel/readline/vi_mode.c:1184:3
#126 0x4f8f62 in rl_vi_change_to
/src/readline-devel/readline/vi_mode.c:1500:11
#127 0x4d16fa in _rl_dispatch_subseq
/src/readline-devel/readline/readline.c:901:8
#128 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9
#129 0x4d16fa in _rl_dispatch_subseq
/src/readline-devel/readline/readline.c:901:8
#130 0x4f8f62 in rl_domove_motion_callback
/src/readline-devel/readline/vi_mode.c:1184:3
#131 0x4f8f62 in rl_vi_change_to
/src/readline-devel/readline/vi_mode.c:1500:11
#132 0x4d16fa in _rl_dispatch_subseq
/src/readline-devel/readline/readline.c:901:8
#133 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9
#134 0x4d16fa in _rl_dispatch_subseq
/src/readline-devel/readline/readline.c:901:8
#135 0x4f8f62 in rl_domove_motion_callback
/src/readline-devel/readline/vi_mode.c:1184:3
#136 0x4f8f62 in rl_vi_change_to
/src/readline-devel/readline/vi_mode.c:1500:11
#137 0x4d16fa in _rl_dispatch_subseq
/src/readline-devel/readline/readline.c:901:8
#138 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9
#139 0x4d16fa in _rl_dispatch_subseq
/src/readline-devel/readline/readline.c:901:8
#140 0x4f8f62 in rl_domove_motion_callback
/src/readline-devel/readline/vi_mode.c:1184:3
#141 0x4f8f62 in rl_vi_change_to
/src/readline-devel/readline/vi_mode.c:1500:11
#142 0x4d16fa in _rl_dispatch_subseq
/src/readline-devel/readline/readline.c:901:8
#143 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9
#144 0x4d16fa in _rl_dispatch_subseq
/src/readline-devel/readline/readline.c:901:8
#145 0x4f8f62 in rl_domove_motion_callback
/src/readline-devel/readline/vi_mode.c:1184:3
#146 0x4f8f62 in rl_vi_change_to
/src/readline-devel/readline/vi_mode.c:1500:11
#147 0x4d16fa in _rl_dispatch_subseq
/src/readline-devel/readline/readline.c:901:8
#148 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9
#149 0x4d16fa in _rl_dispatch_subseq
/src/readline-devel/readline/readline.c:901:8
#150 0x4f8f62 in rl_domove_motion_callback
/src/readline-devel/readline/vi_mode.c:1184:3
#151 0x4f8f62 in rl_vi_change_to
/src/readline-devel/readline/vi_mode.c:1500:11
#152 0x4d16fa in _rl_dispatch_subseq
/src/readline-devel/readline/readline.c:901:8
#153 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9
#154 0x4d16fa in _rl_dispatch_subseq
/src/readline-devel/readline/readline.c:901:8
#155 0x4f8f62 in rl_domove_motion_callback
/src/readline-devel/readline/vi_mode.c:1184:3
#156 0x4f8f62 in rl_vi_change_to
/src/readline-devel/readline/vi_mode.c:1500:11
#157 0x4d16fa in _rl_dispatch_subseq
/src/readline-devel/readline/readline.c:901:8
#158 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9
#159 0x4d16fa in _rl_dispatch_subseq
/src/readline-devel/readline/readline.c:901:8
#160 0x4f8f62 in rl_domove_motion_callback
/src/readline-devel/readline/vi_mode.c:1184:3
#161 0x4f8f62 in rl_vi_change_to
/src/readline-devel/readline/vi_mode.c:1500:11
#162 0x4d16fa in _rl_dispatch_subseq
/src/readline-devel/readline/readline.c:901:8
#163 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9
#164 0x4d16fa in _rl_dispatch_subseq
/src/readline-devel/readline/readline.c:901:8
#165 0x4f8f62 in rl_domove_motion_callback
/src/readline-devel/readline/vi_mode.c:1184:3
#166 0x4f8f62 in rl_vi_change_to
/src/readline-devel/readline/vi_mode.c:1500:11
#167 0x4d16fa in _rl_dispatch_subseq
/src/readline-devel/readline/readline.c:901:8
#168 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9
#169 0x4d16fa in _rl_dispatch_subseq
/src/readline-devel/readline/readline.c:901:8
#170 0x4f8f62 in rl_domove_motion_callback
/src/readline-devel/readline/vi_mode.c:1184:3
#171 0x4f8f62 in rl_vi_change_to
/src/readline-devel/readline/vi_mode.c:1500:11
#172 0x4d16fa in _rl_dispatch_subseq
/src/readline-devel/readline/readline.c:901:8
#173 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9
#174 0x4d16fa in _rl_dispatch_subseq
/src/readline-devel/readline/readline.c:901:8
#175 0x4f8f62 in rl_domove_motion_callback
/src/readline-devel/readline/vi_mode.c:1184:3
#176 0x4f8f62 in rl_vi_change_to
/src/readline-devel/readline/vi_mode.c:1500:11
#177 0x4d16fa in _rl_dispatch_subseq
/src/readline-devel/readline/readline.c:901:8
#178 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9
#179 0x4d16fa in _rl_dispatch_subseq
/src/readline-devel/readline/readline.c:901:8
#180 0x4f8f62 in rl_domove_motion_callback
/src/readline-devel/readline/vi_mode.c:1184:3
#181 0x4f8f62 in rl_vi_change_to
/src/readline-devel/readline/vi_mode.c:1500:11
#182 0x4d16fa in _rl_dispatch_subseq
/src/readline-devel/readline/readline.c:901:8
#183 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9
#184 0x4d16fa in _rl_dispatch_subseq
/src/readline-devel/readline/readline.c:901:8
#185 0x4f8f62 in rl_domove_motion_callback
/src/readline-devel/readline/vi_mode.c:1184:3
#186 0x4f8f62 in rl_vi_change_to
/src/readline-devel/readline/vi_mode.c:1500:11
#187 0x4d16fa in _rl_dispatch_subseq
/src/readline-devel/readline/readline.c:901:8
#188 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9
#189 0x4d16fa in _rl_dispatch_subseq
/src/readline-devel/readline/readline.c:901:8
#190 0x4f8f62 in rl_domove_motion_callback
/src/readline-devel/readline/vi_mode.c:1184:3
#191 0x4f8f62 in rl_vi_change_to
/src/readline-devel/readline/vi_mode.c:1500:11
#192 0x4d16fa in _rl_dispatch_subseq
/src/readline-devel/readline/readline.c:901:8
#193 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9
#194 0x4d16fa in _rl_dispatch_subseq
/src/readline-devel/readline/readline.c:901:8
#195 0x4f8f62 in rl_domove_motion_callback
/src/readline-devel/readline/vi_mode.c:1184:3
#196 0x4f8f62 in rl_vi_change_to
/src/readline-devel/readline/vi_mode.c:1500:11
#197 0x4d16fa in _rl_dispatch_subseq
/src/readline-devel/readline/readline.c:901:8
#198 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9
#199 0x4d16fa in _rl_dispatch_subseq
/src/readline-devel/readline/readline.c:901:8
#200 0x4f8f62 in rl_domove_motion_callback
/src/readline-devel/readline/vi_mode.c:1184:3
#201 0x4f8f62 in rl_vi_change_to
/src/readline-devel/readline/vi_mode.c:1500:11
#202 0x4d16fa in _rl_dispatch_subseq
/src/readline-devel/readline/readline.c:901:8
#203 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9
#204 0x4d16fa in _rl_dispatch_subseq
/src/readline-devel/readline/readline.c:901:8
#205 0x4f8f62 in rl_domove_motion_callback
/src/readline-devel/readline/vi_mode.c:1184:3
#206 0x4f8f62 in rl_vi_change_to
/src/readline-devel/readline/vi_mode.c:1500:11
#207 0x4d16fa in _rl_dispatch_subseq
/src/readline-devel/readline/readline.c:901:8
#208 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9
#209 0x4d16fa in _rl_dispatch_subseq
/src/readline-devel/readline/readline.c:901:8
#210 0x4f8f62 in rl_domove_motion_callback
/src/readline-devel/readline/vi_mode.c:1184:3
#211 0x4f8f62 in rl_vi_change_to
/src/readline-devel/readline/vi_mode.c:1500:11
#212 0x4d16fa in _rl_dispatch_subseq
/src/readline-devel/readline/readline.c:901:8
#213 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9
#214 0x4d16fa in _rl_dispatch_subseq
/src/readline-devel/readline/readline.c:901:8
#215 0x4f8f62 in rl_domove_motion_callback
/src/readline-devel/readline/vi_mode.c:1184:3
#216 0x4f8f62 in rl_vi_change_to
/src/readline-devel/readline/vi_mode.c:1500:11
#217 0x4d16fa in _rl_dispatch_subseq
/src/readline-devel/readline/readline.c:901:8
#218 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9
#219 0x4d16fa in _rl_dispatch_subseq
/src/readline-devel/readline/readline.c:901:8
#220 0x4f8f62 in rl_domove_motion_callback
/src/readline-devel/readline/vi_mode.c:1184:3
#221 0x4f8f62 in rl_vi_change_to
/src/readline-devel/readline/vi_mode.c:1500:11
#222 0x4d16fa in _rl_dispatch_subseq
/src/readline-devel/readline/readline.c:901:8
#223 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9
#224 0x4d16fa in _rl_dispatch_subseq
/src/readline-devel/readline/readline.c:901:8
#225 0x4f8f62 in rl_domove_motion_callback
/src/readline-devel/readline/vi_mode.c:1184:3
#226 0x4f8f62 in rl_vi_change_to
/src/readline-devel/readline/vi_mode.c:1500:11
#227 0x4d16fa in _rl_dispatch_subseq
/src/readline-devel/readline/readline.c:901:8
#228 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9
#229 0x4d16fa in _rl_dispatch_subseq
/src/readline-devel/readline/readline.c:901:8
#230 0x4f8f62 in rl_domove_motion_callback
/src/readline-devel/readline/vi_mode.c:1184:3
#231 0x4f8f62 in rl_vi_change_to
/src/readline-devel/readline/vi_mode.c:1500:11
#232 0x4d16fa in _rl_dispatch_subseq
/src/readline-devel/readline/readline.c:901:8
#233 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9
#234 0x4d16fa in _rl_dispatch_subseq
/src/readline-devel/readline/readline.c:901:8
#235 0x4f8f62 in rl_domove_motion_callback
/src/readline-devel/readline/vi_mode.c:1184:3
#236 0x4f8f62 in rl_vi_change_to
/src/readline-devel/readline/vi_mode.c:1500:11
#237 0x4d16fa in _rl_dispatch_subseq
/src/readline-devel/readline/readline.c:901:8
#238 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9
#239 0x4d16fa in _rl_dispatch_subseq
/src/readline-devel/readline/readline.c:901:8
#240 0x4f8f62 in rl_domove_motion_callback
/src/readline-devel/readline/vi_mode.c:1184:3
#241 0x4f8f62 in rl_vi_change_to
/src/readline-devel/readline/vi_mode.c:1500:11
#242 0x4d16fa in _rl_dispatch_subseq
/src/readline-devel/readline/readline.c:901:8
#243 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9
#244 0x4d16fa in _rl_dispatch_subseq
/src/readline-devel/readline/readline.c:901:8
#245 0x4f8f62 in rl_domove_motion_callback
/src/readline-devel/readline/vi_mode.c:1184:3
#246 0x4f8f62 in rl_vi_change_to
/src/readline-devel/readline/vi_mode.c:1500:11
#247 0x4d16fa in _rl_dispatch_subseq
/src/readline-devel/readline/readline.c:901:8
#248 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9
#249 0x4d16fa in _rl_dispatch_subseq
/src/readline-devel/readline/readline.c:901:8
#250 0x4f8f62 in rl_domove_motion_callback
/src/readline-devel/readline/vi_mode.c:1184:3
#251 0x4f8f62 in rl_vi_change_to
/src/readline-devel/readline/vi_mode.c:1500:11
#252 0x4d16fa in _rl_dispatch_subseq
/src/readline-devel/readline/readline.c:901:8
#253 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9
#254 0x4d16fa in _rl_dispatch_subseq
/src/readline-devel/readline/readline.c:901:8
#255 0x4f8f62 in rl_domove_motion_callback
/src/readline-devel/readline/vi_mode.c:1184:3
#256 0x4f8f62 in rl_vi_change_to
/src/readline-devel/readline/vi_mode.c:1500:11
#257 0x4d16fa in _rl_dispatch_subseq
/src/readline-devel/readline/readline.c:901:8
#258 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9
#259 0x4d16fa in _rl_dispatch_subseq
/src/readline-devel/readline/readline.c:901:8
#260 0x4f8f62 in rl_domove_motion_callback
/src/readline-devel/readline/vi_mode.c:1184:3
#261 0x4f8f62 in rl_vi_change_to
/src/readline-devel/readline/vi_mode.c:1500:11
#262 0x4d16fa in _rl_dispatch_subseq
/src/readline-devel/readline/readline.c:901:8
#263 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9
#264 0x4d16fa in _rl_dispatch_subseq
/src/readline-devel/readline/readline.c:901:8
#265 0x4f8f62 in rl_domove_motion_callback
/src/readline-devel/readline/vi_mode.c:1184:3
#266 0x4f8f62 in rl_vi_change_to
/src/readline-devel/readline/vi_mode.c:1500:11
#267 0x4d16fa in _rl_dispatch_subseq
/src/readline-devel/readline/readline.c:901:8
#268 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9
#269 0x4d16fa in _rl_dispatch_subseq
/src/readline-devel/readline/readline.c:901:8
#270 0x4f8f62 in rl_domove_motion_callback
/src/readline-devel/readline/vi_mode.c:1184:3
#271 0x4f8f62 in rl_vi_change_to
/src/readline-devel/readline/vi_mode.c:1500:11
#272 0x4d16fa in _rl_dispatch_subseq
/src/readline-devel/readline/readline.c:901:8
#273 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9
#274 0x4d16fa in _rl_dispatch_subseq
/src/readline-devel/readline/readline.c:901:8
#275 0x4f8f62 in rl_domove_motion_callback
/src/readline-devel/readline/vi_mode.c:1184:3
#276 0x4f8f62 in rl_vi_change_to
/src/readline-devel/readline/vi_mode.c:1500:11
#277 0x4d16fa in _rl_dispatch_subseq
/src/readline-devel/readline/readline.c:901:8
#278 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9
#279 0x4d16fa in _rl_dispatch_subseq
/src/readline-devel/readline/readline.c:901:8
#280 0x4f8f62 in rl_domove_motion_callback
/src/readline-devel/readline/vi_mode.c:1184:3
#281 0x4f8f62 in rl_vi_change_to
/src/readline-devel/readline/vi_mode.c:1500:11
#282 0x4d16fa in _rl_dispatch_subseq
/src/readline-devel/readline/readline.c:901:8
#283 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9
#284 0x4d16fa in _rl_dispatch_subseq
/src/readline-devel/readline/readline.c:901:8
#285 0x4f8f62 in rl_domove_motion_callback
/src/readline-devel/readline/vi_mode.c:1184:3
#286 0x4f8f62 in rl_vi_change_to
/src/readline-devel/readline/vi_mode.c:1500:11
#287 0x4d16fa in _rl_dispatch_subseq
/src/readline-devel/readline/readline.c:901:8
#288 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9
#289 0x4d16fa in _rl_dispatch_subseq
/src/readline-devel/readline/readline.c:901:8
#290 0x4f8f62 in rl_domove_motion_callback
/src/readline-devel/readline/vi_mode.c:1184:3
#291 0x4f8f62 in rl_vi_change_to
/src/readline-devel/readline/vi_mode.c:1500:11
#292 0x4d16fa in _rl_dispatch_subseq
/src/readline-devel/readline/readline.c:901:8
#293 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9
#294 0x4d16fa in _rl_dispatch_subseq
/src/readline-devel/readline/readline.c:901:8
#295 0x4f8f62 in rl_domove_motion_callback
/src/readline-devel/readline/vi_mode.c:1184:3
#296 0x4f8f62 in rl_vi_change_to
/src/readline-devel/readline/vi_mode.c:1500:11
#297 0x4d16fa in _rl_dispatch_subseq
/src/readline-devel/readline/readline.c:901:8
#298 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9
#299 0x4d16fa in _rl_dispatch_subseq
/src/readline-devel/readline/readline.c:901:8
#300 0x4f8f62 in rl_domove_motion_callback
/src/readline-devel/readline/vi_mode.c:1184:3
#301 0x4f8f62 in rl_vi_change_to
/src/readline-devel/readline/vi_mode.c:1500:11
#302 0x4d16fa in _rl_dispatch_subseq
/src/readline-devel/readline/readline.c:901:8
#303 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9
#304 0x4d16fa in _rl_dispatch_subseq
/src/readline-devel/readline/readline.c:901:8
#305 0x4f8f62 in rl_domove_motion_callback
/src/readline-devel/readline/vi_mode.c:1184:3
#306 0x4f8f62 in rl_vi_change_to
/src/readline-devel/readline/vi_mode.c:1500:11
#307 0x4d16fa in _rl_dispatch_subseq
/src/readline-devel/readline/readline.c:901:8
#308 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9
#309 0x4d16fa in _rl_dispatch_subseq
/src/readline-devel/readline/readline.c:901:8
SUMMARY: AddressSanitizer: stack-overflow
(/src/readline-devel/readline/examples/rlbasic+0x498ae6) in realloc
==1879148==ABORTING
Valgrind Log:
valgrind --tool=memcheck ./examples/rlbasic > /dev/null < stack-exhaust-poc1
==1881919== Memcheck, a memory error detector
==1881919== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==1881919== Using Valgrind-3.15.0 and LibVEX; rerun with -h for copyright info
==1881919== Command: ./rlbasic
==1881919==
==1881919== Stack overflow in thread #1: can't grow stack to 0x1ffe801000
==1881919==
==1881919== Process terminating with default action of signal 11
(SIGSEGV): dumping core
==1881919== Access not within mapped region at address 0x1FFE801FF8
==1881919== Stack overflow in thread #1: can't grow stack to 0x1ffe801000
==1881919== at 0x13C4DD: xrealloc (xmalloc.c:70)
==1881919== If you believe this happened as a result of a stack
==1881919== overflow in your program's main thread (unlikely but
==1881919== possible), you can try to increase the size of the
==1881919== main thread stack using the --main-stacksize= flag.
==1881919== The main thread stack size used in this run was 8388608.
==1881919== Stack overflow in thread #1: can't grow stack to 0x1ffe801000
==1881919==
==1881919== Process terminating with default action of signal 11 (SIGSEGV)
==1881919== Access not within mapped region at address 0x1FFE801FF0
==1881919== Stack overflow in thread #1: can't grow stack to 0x1ffe801000
==1881919== at 0x4831134: _vgnU_freeres (in
/usr/lib/x86_64-linux-gnu/valgrind/vgpreload_core-amd64-linux.so)
==1881919== If you believe this happened as a result of a stack
==1881919== overflow in your program's main thread (unlikely but
==1881919== possible), you can try to increase the size of the
==1881919== main thread stack using the --main-stacksize= flag.
==1881919== The main thread stack size used in this run was 8388608.
==1881919==
==1881919== HEAP SUMMARY:
==1881919== in use at exit: 328,096 bytes in 231 blocks
==1881919== total heap usage: 5,620 allocs, 5,389 frees, 206,448,120
bytes allocated
==1881919==
==1881919== LEAK SUMMARY:
==1881919== definitely lost: 0 bytes in 0 blocks
==1881919== indirectly lost: 0 bytes in 0 blocks
==1881919== possibly lost: 0 bytes in 0 blocks
==1881919== still reachable: 328,096 bytes in 231 blocks
==1881919== suppressed: 0 bytes in 0 blocks
==1881919== Rerun with --leak-check=full to see details of leaked memory
==1881919==
==1881919== For lists of detected and suppressed errors, rerun with: -s
==1881919== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 0 from 0)
Segmentation fault
- ulimit value is unlimited on the machine.
Extra crash logs:
---CRASH SUMMARY---
Filename: ./stack-exhaust-poc1
SHA1: 6fd48596f8a3b4feffbf7067b0907268498491bf
Classification: EXPLOITABLE
Hash: d9e1794af557ab233c5c737b811074fb.34edfa84bd548bbbe15ff87f814291b8
Command: ./rlbasic
Faulting Frame:
_rl_dispatch_subseq @ 0x00000000004caaef: in
/src/readline-devel/readline/examples/rlbasic
Disassembly:
0x00000000004caad1: mov QWORD PTR ds:0xe70a20,rax
0x00000000004caad9: mov rax,QWORD PTR [rbp-0x30]
0x00000000004caadd: mov edi,DWORD PTR ds:0x5b4f00
0x00000000004caae4: imul edi,DWORD PTR ds:0x5b4f40
0x00000000004caaec: mov esi,DWORD PTR [rbp-0x8]
=> 0x00000000004caaef: call rax
0x00000000004caaf1: mov DWORD PTR [rbp-0x18],eax
0x00000000004caaf4: mov rax,QWORD PTR ds:0xe70a20
0x00000000004caafc: and rax,0xffffffffffffffdf
0x00000000004cab00: mov QWORD PTR ds:0xe70a20,rax
Stack Head (1000 entries):
_rl_dispatch_subseq @ 0x00000000004caaef: in
/src/readline-devel/readline/examples/rlbasic
_rl_dispatch @ 0x00000000004c9ca9: in
/src/readline-devel/readline/examples/rlbasic
rl_domove_motion_callback @ 0x00000000004db810: in
/src/readline-devel/readline/examples/rlbasic
rl_vi_change_to @ 0x00000000004dbce6: in
/src/readline-devel/readline/examples/rlbasic
_rl_dispatch_subseq @ 0x00000000004caaf1: in
/src/readline-devel/readline/examples/rlbasic
_rl_dispatch @ 0x00000000004c9ca9: in
/src/readline-devel/readline/examples/rlbasic
rl_vi_redo @ 0x00000000004ce86d: in
/src/readline-devel/readline/examples/rlbasic
_rl_dispatch_subseq @ 0x00000000004caaf1: in
/src/readline-devel/readline/examples/rlbasic
_rl_dispatch @ 0x00000000004c9ca9: in
/src/readline-devel/readline/examples/rlbasic
rl_domove_motion_callback @ 0x00000000004db810: in
/src/readline-devel/readline/examples/rlbasic
rl_vi_change_to @ 0x00000000004dbce6: in
/src/readline-devel/readline/examples/rlbasic
_rl_dispatch_subseq @ 0x00000000004caaf1: in
/src/readline-devel/readline/examples/rlbasic
_rl_dispatch @ 0x00000000004c9ca9: in
/src/readline-devel/readline/examples/rlbasic
rl_vi_redo @ 0x00000000004ce86d: in
/src/readline-devel/readline/examples/rlbasic
_rl_dispatch_subseq @ 0x00000000004caaf1: in
/src/readline-devel/readline/examples/rlbasic
_rl_dispatch @ 0x00000000004c9ca9: in
/src/readline-devel/readline/examples/rlbasic
Registers:
rax=0x00000000004ce240 rbx=0x00007fffff7ff280 rcx=0x000000000000234c
rdx=0x000000000000234c
rsi=0x000000000000002e rdi=0x0000000000000001 rbp=0x00007fffff7ff1a0
rsp=0x00007fffff7fef60
r8=0x0000000000002340 r9=0x0000000000000000 r10=0x000000000000001e
r11=0x00006250000b8c30
r12=0x000000000041c510 r13=0x00007fffffffe570 r14=0x0000000000000000
r15=0x0000000000000000
rip=0x00000000004caaef efl=0x0000000000010202 cs=0x0000000000000033
ss=0x000000000000002b
ds=0x0000000000000000 es=0x0000000000000000 fs=0x0000000000000000
gs=0x0000000000000000
Please let me know for any information or for any support.
Thanks,
Kind regards,
Neeraj Pal
- Stack exhaustion issue in the GNU Readline,
Neeraj Pal <=