bug-bash
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: double free or corruption read builtin


From: Eduardo Bustamante
Subject: Re: double free or corruption read builtin
Date: Sat, 6 May 2017 16:54:27 -0500

On Sat, May 6, 2017 at 4:25 PM, Chet Ramey <chet.ramey@case.edu> wrote:
[...]
> Thanks for the report.  This will get fixed.

I'm not sure if this one is related to the above, or a different bug.
But I'm leaving it here anyways in case it helps:

(gdb) r -c 'read -n 128  < foo'
Starting program: /bash/bash -c 'read -n 128  < foo'

malloc: ./read.def:805: assertion botched
malloc: 0x915108: allocated: last allocated from ./read.def:361
free: start and end chunk sizes differ
Aborting...
Program received signal SIGABRT, Aborted.
__GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:58
58      ../sysdeps/unix/sysv/linux/raise.c: No such file or directory.
(gdb) bt
#0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:58
#1  0x00007ffff761a37a in __GI_abort () at abort.c:89
#2  0x00000000004873d3 in programming_error (format=<optimized out>)
at error.c:175
#3  0x00000000005fe795 in xbotch (e=0, mem=<optimized out>,
s=<optimized out>, file=<optimized out>,
    line=<optimized out>) at malloc.c:329
#4  internal_free (mem=0x915108, file=<optimized out>, line=<optimized
out>, flags=<optimized out>)
    at malloc.c:916
#5  0x0000000000523e38 in sh_xfree (string=0x2, file=0x7fffffffd980
"", line=0) at xmalloc.c:221
#6  0x000000000054729d in read_builtin (list=<optimized out>) at ./read.def:805
#7  0x000000000046b76d in execute_builtin (builtin=0x543af0
<read_builtin>, words=0x912b48,
    flags=<optimized out>, subshell=0) at execute_cmd.c:4605
#8  0x0000000000461f99 in execute_builtin_or_function (words=0x912b48,
builtin=0x543af0 <read_builtin>,
    var=0x0, redirects=0x9128c8, fds_to_close=<optimized out>,
flags=<optimized out>) at execute_cmd.c:5103
#9  execute_simple_command (simple_command=<optimized out>,
pipe_in=-1, pipe_out=-1, async=<optimized out>,
    fds_to_close=<optimized out>) at execute_cmd.c:4391
#10 execute_command_internal (command=<optimized out>,
asynchronous=<optimized out>, pipe_in=<optimized out>,
    pipe_out=<optimized out>, fds_to_close=<optimized out>) at execute_cmd.c:812
#11 0x00000000005342dd in parse_and_execute (string=<optimized out>,
from_file=<optimized out>,
    flags=<optimized out>) at evalstring.c:430
#12 0x0000000000429c84 in run_one_command (command=<optimized out>) at
shell.c:1405
#13 0x0000000000427e28 in main (argc=<optimized out>, argv=<optimized
out>, env=<optimized out>) at shell.c:718
(gdb) q
A debugging session is active.

        Inferior 1 [process 15091] will be killed.

Quit anyway? (y or n) y

dualbus@afl-read-ifs-ckd9:~$ xxd foo
00000000: 3030 3030 7f30 3030 3030 7f7f 7f30 7f30  0000.00000...0.0
00000010: 3030 3030 3030 3030 7f7f 7f30 7f7f 307f  00000000...0..0.
00000020: 307f 7f30 7f30 3030 3030 3030 3030 3030  0..0.00000000000
00000030: 3030 3030 3030 3030 3030 3030 3030 3030  0000000000000000
00000040: 3030 3030 3030 3030 3030 3030 3030 3030  0000000000000000
00000050: 3030 3030 3030 3030 3030 ddb6 fd         0000000000...



reply via email to

[Prev in Thread] Current Thread [Next in Thread]