[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
AddressSanitizer: heap-buffer-overflow in rl_kill_text
|
From: |
Eduardo Bustamante |
|
Subject: |
AddressSanitizer: heap-buffer-overflow in rl_kill_text |
|
Date: |
Thu, 15 Jun 2017 09:42:41 -0500 |
|
User-agent: |
NeoMutt/20170113 (1.7.2) |
Found by fuzzing `read -e' with AFL. The stacktrace reported by Address
Sanitizer is followed by the base64 encoded crashing input.
==11018==ERROR: AddressSanitizer: heap-buffer-overflow on address
0x60700000ccc0 at pc 0x559bb60f1be7 bp 0x7ffc36ec8710 sp 0x7ffc36ec8708
READ of size 8 at 0x60700000ccc0 thread T0
#0 0x559bb60f1be6 in _rl_copy_to_kill_ring
(/home/dualbus/src/gnu/bash-build/bash+0x23cbe6)
#1 0x559bb60f1f79 in rl_kill_text
(/home/dualbus/src/gnu/bash-build/bash+0x23cf79)
#2 0x559bb60f31f9 in rl_unix_line_discard
(/home/dualbus/src/gnu/bash-build/bash+0x23e1f9)
#3 0x559bb60b130d in _rl_dispatch_subseq
(/home/dualbus/src/gnu/bash-build/bash+0x1fc30d)
#4 0x559bb60b0ee8 in _rl_dispatch
(/home/dualbus/src/gnu/bash-build/bash+0x1fbee8)
#5 0x559bb60b0727 in readline_internal_char
(/home/dualbus/src/gnu/bash-build/bash+0x1fb727)
#6 0x559bb60b07b9 in readline_internal_charloop
(/home/dualbus/src/gnu/bash-build/bash+0x1fb7b9)
#7 0x559bb60b07dd in readline_internal
(/home/dualbus/src/gnu/bash-build/bash+0x1fb7dd)
#8 0x559bb60afe93 in readline
(/home/dualbus/src/gnu/bash-build/bash+0x1fae93)
#9 0x559bb606b136 in edit_line
(/home/dualbus/src/gnu/bash-build/bash+0x1b6136)
#10 0x559bb6068aa4 in read_builtin
(/home/dualbus/src/gnu/bash-build/bash+0x1b3aa4)
#11 0x559bb5f7ec89 in execute_builtin
(/home/dualbus/src/gnu/bash-build/bash+0xc9c89)
#12 0x559bb5f8089f in execute_builtin_or_function
(/home/dualbus/src/gnu/bash-build/bash+0xcb89f)
#13 0x559bb5f7e11f in execute_simple_command
(/home/dualbus/src/gnu/bash-build/bash+0xc911f)
#14 0x559bb5f6bf42 in execute_command_internal
(/home/dualbus/src/gnu/bash-build/bash+0xb6f42)
#15 0x559bb5f7482e in execute_connection
(/home/dualbus/src/gnu/bash-build/bash+0xbf82e)
#16 0x559bb5f6cd17 in execute_command_internal
(/home/dualbus/src/gnu/bash-build/bash+0xb7d17)
#17 0x559bb60560f4 in parse_and_execute
(/home/dualbus/src/gnu/bash-build/bash+0x1a10f4)
#18 0x559bb5f37401 in run_one_command
(/home/dualbus/src/gnu/bash-build/bash+0x82401)
#19 0x559bb5f358da in main (/home/dualbus/src/gnu/bash-build/bash+0x808da)
#20 0x7f50ebc9d2b0 in __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x202b0)
#21 0x559bb5f34749 in _start (/home/dualbus/src/gnu/bash-build/bash+0x7f749)
0x60700000ccc0 is located 0 bytes to the right of 80-byte region
[0x60700000cc70,0x60700000ccc0)
allocated by thread T0 here:
#0 0x7f50ec50b090 in realloc
(/usr/lib/x86_64-linux-gnu/libasan.so.3+0xc2090)
#1 0x559bb6044e00 in xrealloc
(/home/dualbus/src/gnu/bash-build/bash+0x18fe00)
#2 0x559bb60f1c4e in _rl_copy_to_kill_ring
(/home/dualbus/src/gnu/bash-build/bash+0x23cc4e)
#3 0x559bb60f1f79 in rl_kill_text
(/home/dualbus/src/gnu/bash-build/bash+0x23cf79)
#4 0x559bb60f23eb in rl_kill_line
(/home/dualbus/src/gnu/bash-build/bash+0x23d3eb)
#5 0x559bb60b130d in _rl_dispatch_subseq
(/home/dualbus/src/gnu/bash-build/bash+0x1fc30d)
#6 0x559bb60b0ee8 in _rl_dispatch
(/home/dualbus/src/gnu/bash-build/bash+0x1fbee8)
#7 0x559bb60b0727 in readline_internal_char
(/home/dualbus/src/gnu/bash-build/bash+0x1fb727)
#8 0x559bb60b07b9 in readline_internal_charloop
(/home/dualbus/src/gnu/bash-build/bash+0x1fb7b9)
#9 0x559bb60b07dd in readline_internal
(/home/dualbus/src/gnu/bash-build/bash+0x1fb7dd)
#10 0x559bb60afe93 in readline
(/home/dualbus/src/gnu/bash-build/bash+0x1fae93)
#11 0x559bb606b136 in edit_line
(/home/dualbus/src/gnu/bash-build/bash+0x1b6136)
#12 0x559bb6068aa4 in read_builtin
(/home/dualbus/src/gnu/bash-build/bash+0x1b3aa4)
#13 0x559bb5f7ec89 in execute_builtin
(/home/dualbus/src/gnu/bash-build/bash+0xc9c89)
#14 0x559bb5f8089f in execute_builtin_or_function
(/home/dualbus/src/gnu/bash-build/bash+0xcb89f)
#15 0x559bb5f7e11f in execute_simple_command
(/home/dualbus/src/gnu/bash-build/bash+0xc911f)
#16 0x559bb5f6bf42 in execute_command_internal
(/home/dualbus/src/gnu/bash-build/bash+0xb6f42)
#17 0x559bb5f7482e in execute_connection
(/home/dualbus/src/gnu/bash-build/bash+0xbf82e)
#18 0x559bb5f6cd17 in execute_command_internal
(/home/dualbus/src/gnu/bash-build/bash+0xb7d17)
#19 0x559bb60560f4 in parse_and_execute
(/home/dualbus/src/gnu/bash-build/bash+0x1a10f4)
#20 0x559bb5f37401 in run_one_command
(/home/dualbus/src/gnu/bash-build/bash+0x82401)
#21 0x559bb5f358da in main (/home/dualbus/src/gnu/bash-build/bash+0x808da)
#22 0x7f50ebc9d2b0 in __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x202b0)
SUMMARY: AddressSanitizer: heap-buffer-overflow
(/home/dualbus/src/gnu/bash-build/bash+0x23cbe6) in _rl_copy_to_kill_ring
Shadow bytes around the buggy address:
0x0c0e7fff9940: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c0e7fff9950: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c0e7fff9960: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c0e7fff9970: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c0e7fff9980: fa fa fa fa fa fa fa fa fa fa fa fa fa fa 00 00
=>0x0c0e7fff9990: 00 00 00 00 00 00 00 00[fa]fa fa fa fd fd fd fd
0x0c0e7fff99a0: fd fd fd fd fd fa fa fa fa fa fd fd fd fd fd fd
0x0c0e7fff99b0: fd fd fd fd fa fa fa fa 00 00 00 00 00 00 00 00
0x0c0e7fff99c0: 02 fa fa fa fa fa 00 00 00 00 00 00 00 00 00 06
0x0c0e7fff99d0: fa fa fa fa fd fd fd fd fd fd fd fd fd fd fa fa
0x0c0e7fff99e0: fa fa 00 00 00 00 00 00 00 00 00 fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap right redzone: fb
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==11018==ABORTING
INPUT
AAIbLbUAAlsQGDIYFRkYGBn//4DdHxgYGAAYGGQAAICAgICAgICAgICAgICAgICAgICAgICAgICA
GBj6FxgZGBgjGAAYGGjw8PAgAAAA8Gjw8PDwjisrK448PDw9C0BdC0A+BP///38BARgoFRUVmBAQ
EC8BEAsQEBUVFRUVFPQUGC8IEDgbOBMYKDiTkxAQFRUFFRUVFRUVFPQUGC8IEDgbOBMYKDgbOBMU
RRgAAAYBJyJhHQIAGzgTGCh/GzgTGGUYAAAGGCf3AD8AGzgkGEX3ABAAAAAQGEUYZAAGABDbAIAA
ABjEAj9ADjs=
==11019==ERROR: AddressSanitizer: heap-buffer-overflow on address
0x60700000ccc0 at pc 0x55d397c1bbe7 bp 0x7ffe1d93d800 sp 0x7ffe1d93d7f8
READ of size 8 at 0x60700000ccc0 thread T0
#0 0x55d397c1bbe6 in _rl_copy_to_kill_ring
(/home/dualbus/src/gnu/bash-build/bash+0x23cbe6)
#1 0x55d397c1bf79 in rl_kill_text
(/home/dualbus/src/gnu/bash-build/bash+0x23cf79)
#2 0x55d397c1c3eb in rl_kill_line
(/home/dualbus/src/gnu/bash-build/bash+0x23d3eb)
#3 0x55d397bdb30d in _rl_dispatch_subseq
(/home/dualbus/src/gnu/bash-build/bash+0x1fc30d)
#4 0x55d397bdaee8 in _rl_dispatch
(/home/dualbus/src/gnu/bash-build/bash+0x1fbee8)
#5 0x55d397bda727 in readline_internal_char
(/home/dualbus/src/gnu/bash-build/bash+0x1fb727)
#6 0x55d397bda7b9 in readline_internal_charloop
(/home/dualbus/src/gnu/bash-build/bash+0x1fb7b9)
#7 0x55d397bda7dd in readline_internal
(/home/dualbus/src/gnu/bash-build/bash+0x1fb7dd)
#8 0x55d397bd9e93 in readline
(/home/dualbus/src/gnu/bash-build/bash+0x1fae93)
#9 0x55d397b95136 in edit_line
(/home/dualbus/src/gnu/bash-build/bash+0x1b6136)
#10 0x55d397b92aa4 in read_builtin
(/home/dualbus/src/gnu/bash-build/bash+0x1b3aa4)
#11 0x55d397aa8c89 in execute_builtin
(/home/dualbus/src/gnu/bash-build/bash+0xc9c89)
#12 0x55d397aaa89f in execute_builtin_or_function
(/home/dualbus/src/gnu/bash-build/bash+0xcb89f)
#13 0x55d397aa811f in execute_simple_command
(/home/dualbus/src/gnu/bash-build/bash+0xc911f)
#14 0x55d397a95f42 in execute_command_internal
(/home/dualbus/src/gnu/bash-build/bash+0xb6f42)
#15 0x55d397a9e82e in execute_connection
(/home/dualbus/src/gnu/bash-build/bash+0xbf82e)
#16 0x55d397a96d17 in execute_command_internal
(/home/dualbus/src/gnu/bash-build/bash+0xb7d17)
#17 0x55d397b800f4 in parse_and_execute
(/home/dualbus/src/gnu/bash-build/bash+0x1a10f4)
#18 0x55d397a61401 in run_one_command
(/home/dualbus/src/gnu/bash-build/bash+0x82401)
#19 0x55d397a5f8da in main (/home/dualbus/src/gnu/bash-build/bash+0x808da)
#20 0x7f27342a32b0 in __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x202b0)
#21 0x55d397a5e749 in _start (/home/dualbus/src/gnu/bash-build/bash+0x7f749)
0x60700000ccc0 is located 0 bytes to the right of 80-byte region
[0x60700000cc70,0x60700000ccc0)
allocated by thread T0 here:
#0 0x7f2734b11090 in realloc
(/usr/lib/x86_64-linux-gnu/libasan.so.3+0xc2090)
#1 0x55d397b6ee00 in xrealloc
(/home/dualbus/src/gnu/bash-build/bash+0x18fe00)
#2 0x55d397c1bc4e in _rl_copy_to_kill_ring
(/home/dualbus/src/gnu/bash-build/bash+0x23cc4e)
#3 0x55d397c1bf79 in rl_kill_text
(/home/dualbus/src/gnu/bash-build/bash+0x23cf79)
#4 0x55d397c1d1f9 in rl_unix_line_discard
(/home/dualbus/src/gnu/bash-build/bash+0x23e1f9)
#5 0x55d397bdb30d in _rl_dispatch_subseq
(/home/dualbus/src/gnu/bash-build/bash+0x1fc30d)
#6 0x55d397bdaee8 in _rl_dispatch
(/home/dualbus/src/gnu/bash-build/bash+0x1fbee8)
#7 0x55d397bda727 in readline_internal_char
(/home/dualbus/src/gnu/bash-build/bash+0x1fb727)
#8 0x55d397bda7b9 in readline_internal_charloop
(/home/dualbus/src/gnu/bash-build/bash+0x1fb7b9)
#9 0x55d397bda7dd in readline_internal
(/home/dualbus/src/gnu/bash-build/bash+0x1fb7dd)
#10 0x55d397bd9e93 in readline
(/home/dualbus/src/gnu/bash-build/bash+0x1fae93)
#11 0x55d397b95136 in edit_line
(/home/dualbus/src/gnu/bash-build/bash+0x1b6136)
#12 0x55d397b92aa4 in read_builtin
(/home/dualbus/src/gnu/bash-build/bash+0x1b3aa4)
#13 0x55d397aa8c89 in execute_builtin
(/home/dualbus/src/gnu/bash-build/bash+0xc9c89)
#14 0x55d397aaa89f in execute_builtin_or_function
(/home/dualbus/src/gnu/bash-build/bash+0xcb89f)
#15 0x55d397aa811f in execute_simple_command
(/home/dualbus/src/gnu/bash-build/bash+0xc911f)
#16 0x55d397a95f42 in execute_command_internal
(/home/dualbus/src/gnu/bash-build/bash+0xb6f42)
#17 0x55d397a9e82e in execute_connection
(/home/dualbus/src/gnu/bash-build/bash+0xbf82e)
#18 0x55d397a96d17 in execute_command_internal
(/home/dualbus/src/gnu/bash-build/bash+0xb7d17)
#19 0x55d397b800f4 in parse_and_execute
(/home/dualbus/src/gnu/bash-build/bash+0x1a10f4)
#20 0x55d397a61401 in run_one_command
(/home/dualbus/src/gnu/bash-build/bash+0x82401)
#21 0x55d397a5f8da in main (/home/dualbus/src/gnu/bash-build/bash+0x808da)
#22 0x7f27342a32b0 in __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x202b0)
SUMMARY: AddressSanitizer: heap-buffer-overflow
(/home/dualbus/src/gnu/bash-build/bash+0x23cbe6) in _rl_copy_to_kill_ring
Shadow bytes around the buggy address:
0x0c0e7fff9940: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c0e7fff9950: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c0e7fff9960: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c0e7fff9970: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c0e7fff9980: fa fa fa fa fa fa fa fa fa fa fa fa fa fa 00 00
=>0x0c0e7fff9990: 00 00 00 00 00 00 00 00[fa]fa fa fa fd fd fd fd
0x0c0e7fff99a0: fd fd fd fd fd fa fa fa fa fa fd fd fd fd fd fd
0x0c0e7fff99b0: fd fd fd fd fa fa fa fa 00 00 00 00 00 00 00 00
0x0c0e7fff99c0: 02 fa fa fa fa fa 00 00 00 00 00 00 00 00 00 06
0x0c0e7fff99d0: fa fa fa fa fd fd fd fd fd fd fd fd fd fd fa fa
0x0c0e7fff99e0: fa fa 00 00 00 00 00 00 00 00 00 fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap right redzone: fb
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==11019==ABORTING
INPUT
AAIbLbUAAlsQGDIYFRkYGBn//4DdHxgYGAAYGGQAAICAgICAgICAgICAgICAgICAgICAgICAgICA
GBj6FxgZGBgjGAAYGGjw8PDwjh4S8Gjw8PDwjisrK448PDw9C0BdC0A+BP///38BARgoFRUVmBAQ
EC8BEAsQEBUVFRUVFPQUGC8IEDgbOBMYKDiTkxAQFRUFFRUVFRUVFPQUGC8IEDgbOBMYKDgfOBMU
RRgAAAYBJyJhHQIAGzgTGCh/GzgTCmUYAAAGGCf3AD8AGzgTGEX3ABAAAAAQGEUYZAAGABDbAIAA
ABjEAj9ADjs=
==11020==ERROR: AddressSanitizer: heap-buffer-overflow on address
0x60700000cc50 at pc 0x556a2aae1be7 bp 0x7ffc9f2602d0 sp 0x7ffc9f2602c8
READ of size 8 at 0x60700000cc50 thread T0
#0 0x556a2aae1be6 in _rl_copy_to_kill_ring
(/home/dualbus/src/gnu/bash-build/bash+0x23cbe6)
#1 0x556a2aae1f79 in rl_kill_text
(/home/dualbus/src/gnu/bash-build/bash+0x23cf79)
#2 0x556a2aae31f9 in rl_unix_line_discard
(/home/dualbus/src/gnu/bash-build/bash+0x23e1f9)
#3 0x556a2aaa130d in _rl_dispatch_subseq
(/home/dualbus/src/gnu/bash-build/bash+0x1fc30d)
#4 0x556a2aaa0ee8 in _rl_dispatch
(/home/dualbus/src/gnu/bash-build/bash+0x1fbee8)
#5 0x556a2aaa0727 in readline_internal_char
(/home/dualbus/src/gnu/bash-build/bash+0x1fb727)
#6 0x556a2aaa07b9 in readline_internal_charloop
(/home/dualbus/src/gnu/bash-build/bash+0x1fb7b9)
#7 0x556a2aaa07dd in readline_internal
(/home/dualbus/src/gnu/bash-build/bash+0x1fb7dd)
#8 0x556a2aa9fe93 in readline
(/home/dualbus/src/gnu/bash-build/bash+0x1fae93)
#9 0x556a2aa5b136 in edit_line
(/home/dualbus/src/gnu/bash-build/bash+0x1b6136)
#10 0x556a2aa58aa4 in read_builtin
(/home/dualbus/src/gnu/bash-build/bash+0x1b3aa4)
#11 0x556a2a96ec89 in execute_builtin
(/home/dualbus/src/gnu/bash-build/bash+0xc9c89)
#12 0x556a2a97089f in execute_builtin_or_function
(/home/dualbus/src/gnu/bash-build/bash+0xcb89f)
#13 0x556a2a96e11f in execute_simple_command
(/home/dualbus/src/gnu/bash-build/bash+0xc911f)
#14 0x556a2a95bf42 in execute_command_internal
(/home/dualbus/src/gnu/bash-build/bash+0xb6f42)
#15 0x556a2a96482e in execute_connection
(/home/dualbus/src/gnu/bash-build/bash+0xbf82e)
#16 0x556a2a95cd17 in execute_command_internal
(/home/dualbus/src/gnu/bash-build/bash+0xb7d17)
#17 0x556a2aa460f4 in parse_and_execute
(/home/dualbus/src/gnu/bash-build/bash+0x1a10f4)
#18 0x556a2a927401 in run_one_command
(/home/dualbus/src/gnu/bash-build/bash+0x82401)
#19 0x556a2a9258da in main (/home/dualbus/src/gnu/bash-build/bash+0x808da)
#20 0x7f4fef4b92b0 in __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x202b0)
#21 0x556a2a924749 in _start (/home/dualbus/src/gnu/bash-build/bash+0x7f749)
0x60700000cc50 is located 0 bytes to the right of 80-byte region
[0x60700000cc00,0x60700000cc50)
allocated by thread T0 here:
#0 0x7f4fefd27090 in realloc
(/usr/lib/x86_64-linux-gnu/libasan.so.3+0xc2090)
#1 0x556a2aa34e00 in xrealloc
(/home/dualbus/src/gnu/bash-build/bash+0x18fe00)
#2 0x556a2aae1c4e in _rl_copy_to_kill_ring
(/home/dualbus/src/gnu/bash-build/bash+0x23cc4e)
#3 0x556a2aae1f79 in rl_kill_text
(/home/dualbus/src/gnu/bash-build/bash+0x23cf79)
#4 0x556a2aae31f9 in rl_unix_line_discard
(/home/dualbus/src/gnu/bash-build/bash+0x23e1f9)
#5 0x556a2aaa130d in _rl_dispatch_subseq
(/home/dualbus/src/gnu/bash-build/bash+0x1fc30d)
#6 0x556a2aaa0ee8 in _rl_dispatch
(/home/dualbus/src/gnu/bash-build/bash+0x1fbee8)
#7 0x556a2aaa0727 in readline_internal_char
(/home/dualbus/src/gnu/bash-build/bash+0x1fb727)
#8 0x556a2aaa07b9 in readline_internal_charloop
(/home/dualbus/src/gnu/bash-build/bash+0x1fb7b9)
#9 0x556a2aaa07dd in readline_internal
(/home/dualbus/src/gnu/bash-build/bash+0x1fb7dd)
#10 0x556a2aa9fe93 in readline
(/home/dualbus/src/gnu/bash-build/bash+0x1fae93)
#11 0x556a2aa5b136 in edit_line
(/home/dualbus/src/gnu/bash-build/bash+0x1b6136)
#12 0x556a2aa58aa4 in read_builtin
(/home/dualbus/src/gnu/bash-build/bash+0x1b3aa4)
#13 0x556a2a96ec89 in execute_builtin
(/home/dualbus/src/gnu/bash-build/bash+0xc9c89)
#14 0x556a2a97089f in execute_builtin_or_function
(/home/dualbus/src/gnu/bash-build/bash+0xcb89f)
#15 0x556a2a96e11f in execute_simple_command
(/home/dualbus/src/gnu/bash-build/bash+0xc911f)
#16 0x556a2a95bf42 in execute_command_internal
(/home/dualbus/src/gnu/bash-build/bash+0xb6f42)
#17 0x556a2a96482e in execute_connection
(/home/dualbus/src/gnu/bash-build/bash+0xbf82e)
#18 0x556a2a95cd17 in execute_command_internal
(/home/dualbus/src/gnu/bash-build/bash+0xb7d17)
#19 0x556a2aa460f4 in parse_and_execute
(/home/dualbus/src/gnu/bash-build/bash+0x1a10f4)
#20 0x556a2a927401 in run_one_command
(/home/dualbus/src/gnu/bash-build/bash+0x82401)
#21 0x556a2a9258da in main (/home/dualbus/src/gnu/bash-build/bash+0x808da)
#22 0x7f4fef4b92b0 in __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x202b0)
SUMMARY: AddressSanitizer: heap-buffer-overflow
(/home/dualbus/src/gnu/bash-build/bash+0x23cbe6) in _rl_copy_to_kill_ring
Shadow bytes around the buggy address:
0x0c0e7fff9930: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c0e7fff9940: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c0e7fff9950: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c0e7fff9960: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c0e7fff9970: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
=>0x0c0e7fff9980: 00 00 00 00 00 00 00 00 00 00[fa]fa fa fa fd fd
0x0c0e7fff9990: fd fd fd fd fd fd fd fa fa fa fa fa fd fd fd fd
0x0c0e7fff99a0: fd fd fd fd fd fa fa fa fa fa fd fd fd fd fd fd
0x0c0e7fff99b0: fd fd fd fd fa fa fa fa 00 00 00 00 00 00 00 00
0x0c0e7fff99c0: 02 fa fa fa fa fa 00 00 00 00 00 00 00 00 00 06
0x0c0e7fff99d0: fa fa fa fa fd fd fd fd fd fd fd fd fd fd fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap right redzone: fb
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==11020==ABORTING
INPUT
AAIbLbUAAlsQGDIYFRkYGBn//4DdHxgYGAAYGGQAAICAgICAgICAgICAgICAgICAgICAgICAgICA
GBj6FxgZGBhFGAAYGGjw8PDwjh4S8Gjw8PABGCgVFRWYEBAQLwEQEBAQFRUVFRUU9BgoFRUVmBAQ
EC8BEAsQEBUVFRUVFPQUGC8IEDgbOBMYKDiTk/sQFRUFFRUVFRUVFPQUGC8IEDgbOBMYKDgbOBMU
RRgAAAYBJyJhHQIAGzgTGCh/GzgTGGUYAAAGGCf3AD8AGzgTGEX3ABAAAAAQGEUYZAAGABDbAIAA
ABjEAj9ADjs=
==15290==ERROR: AddressSanitizer: heap-buffer-overflow on address
0x60700000ccc0 at pc 0x55bf58a71be7 bp 0x7fff2f94b4c0 sp 0x7fff2f94b4b8
READ of size 8 at 0x60700000ccc0 thread T0
#0 0x55bf58a71be6 in _rl_copy_to_kill_ring
(/home/dualbus/src/gnu/bash-build/bash+0x23cbe6)
#1 0x55bf58a71f79 in rl_kill_text
(/home/dualbus/src/gnu/bash-build/bash+0x23cf79)
#2 0x55bf58a731f9 in rl_unix_line_discard
(/home/dualbus/src/gnu/bash-build/bash+0x23e1f9)
#3 0x55bf58a3130d in _rl_dispatch_subseq
(/home/dualbus/src/gnu/bash-build/bash+0x1fc30d)
#4 0x55bf58a30ee8 in _rl_dispatch
(/home/dualbus/src/gnu/bash-build/bash+0x1fbee8)
#5 0x55bf58a30727 in readline_internal_char
(/home/dualbus/src/gnu/bash-build/bash+0x1fb727)
#6 0x55bf58a307b9 in readline_internal_charloop
(/home/dualbus/src/gnu/bash-build/bash+0x1fb7b9)
#7 0x55bf58a307dd in readline_internal
(/home/dualbus/src/gnu/bash-build/bash+0x1fb7dd)
#8 0x55bf58a2fe93 in readline
(/home/dualbus/src/gnu/bash-build/bash+0x1fae93)
#9 0x55bf589eb136 in edit_line
(/home/dualbus/src/gnu/bash-build/bash+0x1b6136)
#10 0x55bf589e8aa4 in read_builtin
(/home/dualbus/src/gnu/bash-build/bash+0x1b3aa4)
#11 0x55bf588fec89 in execute_builtin
(/home/dualbus/src/gnu/bash-build/bash+0xc9c89)
#12 0x55bf5890089f in execute_builtin_or_function
(/home/dualbus/src/gnu/bash-build/bash+0xcb89f)
#13 0x55bf588fe11f in execute_simple_command
(/home/dualbus/src/gnu/bash-build/bash+0xc911f)
#14 0x55bf588ebf42 in execute_command_internal
(/home/dualbus/src/gnu/bash-build/bash+0xb6f42)
#15 0x55bf588f482e in execute_connection
(/home/dualbus/src/gnu/bash-build/bash+0xbf82e)
#16 0x55bf588ecd17 in execute_command_internal
(/home/dualbus/src/gnu/bash-build/bash+0xb7d17)
#17 0x55bf589d60f4 in parse_and_execute
(/home/dualbus/src/gnu/bash-build/bash+0x1a10f4)
#18 0x55bf588b7401 in run_one_command
(/home/dualbus/src/gnu/bash-build/bash+0x82401)
#19 0x55bf588b58da in main (/home/dualbus/src/gnu/bash-build/bash+0x808da)
#20 0x7fd3c37bd2b0 in __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x202b0)
#21 0x55bf588b4749 in _start (/home/dualbus/src/gnu/bash-build/bash+0x7f749)
0x60700000ccc0 is located 0 bytes to the right of 80-byte region
[0x60700000cc70,0x60700000ccc0)
allocated by thread T0 here:
#0 0x7fd3c402b090 in realloc
(/usr/lib/x86_64-linux-gnu/libasan.so.3+0xc2090)
#1 0x55bf589c4e00 in xrealloc
(/home/dualbus/src/gnu/bash-build/bash+0x18fe00)
#2 0x55bf58a71c4e in _rl_copy_to_kill_ring
(/home/dualbus/src/gnu/bash-build/bash+0x23cc4e)
#3 0x55bf58a71f79 in rl_kill_text
(/home/dualbus/src/gnu/bash-build/bash+0x23cf79)
#4 0x55bf58a731f9 in rl_unix_line_discard
(/home/dualbus/src/gnu/bash-build/bash+0x23e1f9)
#5 0x55bf58a3130d in _rl_dispatch_subseq
(/home/dualbus/src/gnu/bash-build/bash+0x1fc30d)
#6 0x55bf58a30ee8 in _rl_dispatch
(/home/dualbus/src/gnu/bash-build/bash+0x1fbee8)
#7 0x55bf58a30727 in readline_internal_char
(/home/dualbus/src/gnu/bash-build/bash+0x1fb727)
#8 0x55bf58a307b9 in readline_internal_charloop
(/home/dualbus/src/gnu/bash-build/bash+0x1fb7b9)
#9 0x55bf58a307dd in readline_internal
(/home/dualbus/src/gnu/bash-build/bash+0x1fb7dd)
#10 0x55bf58a2fe93 in readline
(/home/dualbus/src/gnu/bash-build/bash+0x1fae93)
#11 0x55bf589eb136 in edit_line
(/home/dualbus/src/gnu/bash-build/bash+0x1b6136)
#12 0x55bf589e8aa4 in read_builtin
(/home/dualbus/src/gnu/bash-build/bash+0x1b3aa4)
#13 0x55bf588fec89 in execute_builtin
(/home/dualbus/src/gnu/bash-build/bash+0xc9c89)
#14 0x55bf5890089f in execute_builtin_or_function
(/home/dualbus/src/gnu/bash-build/bash+0xcb89f)
#15 0x55bf588fe11f in execute_simple_command
(/home/dualbus/src/gnu/bash-build/bash+0xc911f)
#16 0x55bf588ebf42 in execute_command_internal
(/home/dualbus/src/gnu/bash-build/bash+0xb6f42)
#17 0x55bf588f482e in execute_connection
(/home/dualbus/src/gnu/bash-build/bash+0xbf82e)
#18 0x55bf588ecd17 in execute_command_internal
(/home/dualbus/src/gnu/bash-build/bash+0xb7d17)
#19 0x55bf589d60f4 in parse_and_execute
(/home/dualbus/src/gnu/bash-build/bash+0x1a10f4)
#20 0x55bf588b7401 in run_one_command
(/home/dualbus/src/gnu/bash-build/bash+0x82401)
#21 0x55bf588b58da in main (/home/dualbus/src/gnu/bash-build/bash+0x808da)
#22 0x7fd3c37bd2b0 in __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x202b0)
SUMMARY: AddressSanitizer: heap-buffer-overflow
(/home/dualbus/src/gnu/bash-build/bash+0x23cbe6) in _rl_copy_to_kill_ring
Shadow bytes around the buggy address:
0x0c0e7fff9940: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c0e7fff9950: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c0e7fff9960: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c0e7fff9970: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c0e7fff9980: fa fa fa fa fa fa fa fa fa fa fa fa fa fa 00 00
=>0x0c0e7fff9990: 00 00 00 00 00 00 00 00[fa]fa fa fa fd fd fd fd
0x0c0e7fff99a0: fd fd fd fd fd fa fa fa fa fa 00 00 00 00 00 00
0x0c0e7fff99b0: 00 00 00 03 fa fa fa fa 00 00 00 00 00 00 00 00
0x0c0e7fff99c0: 02 fa fa fa fa fa 00 00 00 00 00 00 00 00 00 06
0x0c0e7fff99d0: fa fa fa fa fd fd fd fd fd fd fd fd fd fd fa fa
0x0c0e7fff99e0: fa fa 00 00 00 00 00 00 00 00 00 fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap right redzone: fb
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==15290==ABORTING
INPUT
AAIbLbUAAlsQGDIYFxwYGBkYGJgYGBgYGAAYGBgwGAAAAEAYGBggAAAEANIY+xcYGRgYGBgYIAAA
BEA+BCbMBEABARgoFRUVFRAQ////gAsQEDMQEBAQEBAVCBA4Gzj+GH84GzgTGCYQEBUVBRUV4RUV
FRUVFPkVCBA4GzgTGCg4GzgTGBgoOBs4ExgmEBAVFQUVFeEVFRUVFRT5FRUVFRT5FQgQOBs4Exgo
OBs4ExgYKDgbGAAABgEnKGEdAgAbOBMVFeEVFRUVFRT5FQgQOBs4ExgoOBs4ExgmABs4ExgoOBs4
ExhlGAAFBhgn9wAmYR0CABs4ExgoOBs4ExgQEAsQEDMQGzgTGEX3ABAAANwQIEUYZAAGABDbAAAC
ABjEAj9ADjs=
==15291==ERROR: AddressSanitizer: heap-buffer-overflow on address
0x60700000cd30 at pc 0x563cebd3dbe7 bp 0x7ffe4f50b390 sp 0x7ffe4f50b388
READ of size 8 at 0x60700000cd30 thread T0
#0 0x563cebd3dbe6 in _rl_copy_to_kill_ring
(/home/dualbus/src/gnu/bash-build/bash+0x23cbe6)
#1 0x563cebd3df79 in rl_kill_text
(/home/dualbus/src/gnu/bash-build/bash+0x23cf79)
#2 0x563cebd3f1f9 in rl_unix_line_discard
(/home/dualbus/src/gnu/bash-build/bash+0x23e1f9)
#3 0x563cebcfd30d in _rl_dispatch_subseq
(/home/dualbus/src/gnu/bash-build/bash+0x1fc30d)
#4 0x563cebcfcee8 in _rl_dispatch
(/home/dualbus/src/gnu/bash-build/bash+0x1fbee8)
#5 0x563cebcfc727 in readline_internal_char
(/home/dualbus/src/gnu/bash-build/bash+0x1fb727)
#6 0x563cebcfc7b9 in readline_internal_charloop
(/home/dualbus/src/gnu/bash-build/bash+0x1fb7b9)
#7 0x563cebcfc7dd in readline_internal
(/home/dualbus/src/gnu/bash-build/bash+0x1fb7dd)
#8 0x563cebcfbe93 in readline
(/home/dualbus/src/gnu/bash-build/bash+0x1fae93)
#9 0x563cebcb7136 in edit_line
(/home/dualbus/src/gnu/bash-build/bash+0x1b6136)
#10 0x563cebcb4aa4 in read_builtin
(/home/dualbus/src/gnu/bash-build/bash+0x1b3aa4)
#11 0x563cebbcac89 in execute_builtin
(/home/dualbus/src/gnu/bash-build/bash+0xc9c89)
#12 0x563cebbcc89f in execute_builtin_or_function
(/home/dualbus/src/gnu/bash-build/bash+0xcb89f)
#13 0x563cebbca11f in execute_simple_command
(/home/dualbus/src/gnu/bash-build/bash+0xc911f)
#14 0x563cebbb7f42 in execute_command_internal
(/home/dualbus/src/gnu/bash-build/bash+0xb6f42)
#15 0x563cebbc082e in execute_connection
(/home/dualbus/src/gnu/bash-build/bash+0xbf82e)
#16 0x563cebbb8d17 in execute_command_internal
(/home/dualbus/src/gnu/bash-build/bash+0xb7d17)
#17 0x563cebca20f4 in parse_and_execute
(/home/dualbus/src/gnu/bash-build/bash+0x1a10f4)
#18 0x563cebb83401 in run_one_command
(/home/dualbus/src/gnu/bash-build/bash+0x82401)
#19 0x563cebb818da in main (/home/dualbus/src/gnu/bash-build/bash+0x808da)
#20 0x7f2089e212b0 in __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x202b0)
#21 0x563cebb80749 in _start (/home/dualbus/src/gnu/bash-build/bash+0x7f749)
0x60700000cd30 is located 0 bytes to the right of 80-byte region
[0x60700000cce0,0x60700000cd30)
allocated by thread T0 here:
#0 0x7f208a68f090 in realloc
(/usr/lib/x86_64-linux-gnu/libasan.so.3+0xc2090)
#1 0x563cebc90e00 in xrealloc
(/home/dualbus/src/gnu/bash-build/bash+0x18fe00)
#2 0x563cebd3dc4e in _rl_copy_to_kill_ring
(/home/dualbus/src/gnu/bash-build/bash+0x23cc4e)
#3 0x563cebd3df79 in rl_kill_text
(/home/dualbus/src/gnu/bash-build/bash+0x23cf79)
#4 0x563cebd3f1f9 in rl_unix_line_discard
(/home/dualbus/src/gnu/bash-build/bash+0x23e1f9)
#5 0x563cebcfd30d in _rl_dispatch_subseq
(/home/dualbus/src/gnu/bash-build/bash+0x1fc30d)
#6 0x563cebcfcee8 in _rl_dispatch
(/home/dualbus/src/gnu/bash-build/bash+0x1fbee8)
#7 0x563cebcfc727 in readline_internal_char
(/home/dualbus/src/gnu/bash-build/bash+0x1fb727)
#8 0x563cebcfc7b9 in readline_internal_charloop
(/home/dualbus/src/gnu/bash-build/bash+0x1fb7b9)
#9 0x563cebcfc7dd in readline_internal
(/home/dualbus/src/gnu/bash-build/bash+0x1fb7dd)
#10 0x563cebcfbe93 in readline
(/home/dualbus/src/gnu/bash-build/bash+0x1fae93)
#11 0x563cebcb7136 in edit_line
(/home/dualbus/src/gnu/bash-build/bash+0x1b6136)
#12 0x563cebcb4aa4 in read_builtin
(/home/dualbus/src/gnu/bash-build/bash+0x1b3aa4)
#13 0x563cebbcac89 in execute_builtin
(/home/dualbus/src/gnu/bash-build/bash+0xc9c89)
#14 0x563cebbcc89f in execute_builtin_or_function
(/home/dualbus/src/gnu/bash-build/bash+0xcb89f)
#15 0x563cebbca11f in execute_simple_command
(/home/dualbus/src/gnu/bash-build/bash+0xc911f)
#16 0x563cebbb7f42 in execute_command_internal
(/home/dualbus/src/gnu/bash-build/bash+0xb6f42)
#17 0x563cebbc082e in execute_connection
(/home/dualbus/src/gnu/bash-build/bash+0xbf82e)
#18 0x563cebbb8d17 in execute_command_internal
(/home/dualbus/src/gnu/bash-build/bash+0xb7d17)
#19 0x563cebca20f4 in parse_and_execute
(/home/dualbus/src/gnu/bash-build/bash+0x1a10f4)
#20 0x563cebb83401 in run_one_command
(/home/dualbus/src/gnu/bash-build/bash+0x82401)
#21 0x563cebb818da in main (/home/dualbus/src/gnu/bash-build/bash+0x808da)
#22 0x7f2089e212b0 in __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x202b0)
SUMMARY: AddressSanitizer: heap-buffer-overflow
(/home/dualbus/src/gnu/bash-build/bash+0x23cbe6) in _rl_copy_to_kill_ring
Shadow bytes around the buggy address:
0x0c0e7fff9950: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c0e7fff9960: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c0e7fff9970: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c0e7fff9980: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c0e7fff9990: fa fa fa fa fa fa fa fa fa fa fa fa 00 00 00 00
=>0x0c0e7fff99a0: 00 00 00 00 00 00[fa]fa fa fa fd fd fd fd fd fd
0x0c0e7fff99b0: fd fd fd fa fa fa fa fa 00 00 00 00 00 00 00 00
0x0c0e7fff99c0: 02 fa fa fa fa fa 00 00 00 00 00 00 00 00 00 06
0x0c0e7fff99d0: fa fa fa fa fd fd fd fd fd fd fd fd fd fd fa fa
0x0c0e7fff99e0: fa fa 00 00 00 00 00 00 00 00 00 fa fa fa fa fa
0x0c0e7fff99f0: 00 00 00 00 00 00 00 00 00 fa fa fa fa fa 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap right redzone: fb
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==15291==ABORTING
INPUT
AAIbLbUAAlsQGDIYFxwYGBkYGJgYGBgYGAAYGBgwGAAAAEAYGBggAAAEANIY+xcYGRgYGBgYIAAA
BEA+BEDMBEABARgoFRUVFRAQ////gAsQEDMQEBAQEBAVCBA4Gzj+GEU4GzgTGCYQEBUVBRUV4RUV
FRUVFPkVCBA4/wAAAEE4GzgTGBgoOBs4ExgmEBAVFQUVFeEVFRUVFRT5FRUVFRT5FQgQOBs4Exgo
OBs4ExgYKDgbGAAABgEnKGEdAgAbOBMVFeEVFRUVFRQ1NTU1NTU1NTU1NfkVCBA4GzgTGCg4GzgT
GCYAGzgTGCg4GzgTGGUYAAAGGCf3ACZhHQIAGzgTGCg4GzgTGBAQCxAQMxAbOPf39/f39/f39/f3
9/f39/f39/f39wAAGMQCP0AOOw==
==15292==ERROR: AddressSanitizer: heap-buffer-overflow on address
0x60700000ccc0 at pc 0x5581a900ebe7 bp 0x7ffe212a21a0 sp 0x7ffe212a2198
READ of size 8 at 0x60700000ccc0 thread T0
#0 0x5581a900ebe6 in _rl_copy_to_kill_ring
(/home/dualbus/src/gnu/bash-build/bash+0x23cbe6)
#1 0x5581a900ef79 in rl_kill_text
(/home/dualbus/src/gnu/bash-build/bash+0x23cf79)
#2 0x5581a90101f9 in rl_unix_line_discard
(/home/dualbus/src/gnu/bash-build/bash+0x23e1f9)
#3 0x5581a8fce30d in _rl_dispatch_subseq
(/home/dualbus/src/gnu/bash-build/bash+0x1fc30d)
#4 0x5581a8fcdee8 in _rl_dispatch
(/home/dualbus/src/gnu/bash-build/bash+0x1fbee8)
#5 0x5581a8fcd727 in readline_internal_char
(/home/dualbus/src/gnu/bash-build/bash+0x1fb727)
#6 0x5581a8fcd7b9 in readline_internal_charloop
(/home/dualbus/src/gnu/bash-build/bash+0x1fb7b9)
#7 0x5581a8fcd7dd in readline_internal
(/home/dualbus/src/gnu/bash-build/bash+0x1fb7dd)
#8 0x5581a8fcce93 in readline
(/home/dualbus/src/gnu/bash-build/bash+0x1fae93)
#9 0x5581a8f88136 in edit_line
(/home/dualbus/src/gnu/bash-build/bash+0x1b6136)
#10 0x5581a8f85aa4 in read_builtin
(/home/dualbus/src/gnu/bash-build/bash+0x1b3aa4)
#11 0x5581a8e9bc89 in execute_builtin
(/home/dualbus/src/gnu/bash-build/bash+0xc9c89)
#12 0x5581a8e9d89f in execute_builtin_or_function
(/home/dualbus/src/gnu/bash-build/bash+0xcb89f)
#13 0x5581a8e9b11f in execute_simple_command
(/home/dualbus/src/gnu/bash-build/bash+0xc911f)
#14 0x5581a8e88f42 in execute_command_internal
(/home/dualbus/src/gnu/bash-build/bash+0xb6f42)
#15 0x5581a8e9182e in execute_connection
(/home/dualbus/src/gnu/bash-build/bash+0xbf82e)
#16 0x5581a8e89d17 in execute_command_internal
(/home/dualbus/src/gnu/bash-build/bash+0xb7d17)
#17 0x5581a8f730f4 in parse_and_execute
(/home/dualbus/src/gnu/bash-build/bash+0x1a10f4)
#18 0x5581a8e54401 in run_one_command
(/home/dualbus/src/gnu/bash-build/bash+0x82401)
#19 0x5581a8e528da in main (/home/dualbus/src/gnu/bash-build/bash+0x808da)
#20 0x7f40896ae2b0 in __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x202b0)
#21 0x5581a8e51749 in _start (/home/dualbus/src/gnu/bash-build/bash+0x7f749)
0x60700000ccc0 is located 0 bytes to the right of 80-byte region
[0x60700000cc70,0x60700000ccc0)
allocated by thread T0 here:
#0 0x7f4089f1c090 in realloc
(/usr/lib/x86_64-linux-gnu/libasan.so.3+0xc2090)
#1 0x5581a8f61e00 in xrealloc
(/home/dualbus/src/gnu/bash-build/bash+0x18fe00)
#2 0x5581a900ec4e in _rl_copy_to_kill_ring
(/home/dualbus/src/gnu/bash-build/bash+0x23cc4e)
#3 0x5581a900ef79 in rl_kill_text
(/home/dualbus/src/gnu/bash-build/bash+0x23cf79)
#4 0x5581a90101f9 in rl_unix_line_discard
(/home/dualbus/src/gnu/bash-build/bash+0x23e1f9)
#5 0x5581a8fce30d in _rl_dispatch_subseq
(/home/dualbus/src/gnu/bash-build/bash+0x1fc30d)
#6 0x5581a8fcdee8 in _rl_dispatch
(/home/dualbus/src/gnu/bash-build/bash+0x1fbee8)
#7 0x5581a8fcd727 in readline_internal_char
(/home/dualbus/src/gnu/bash-build/bash+0x1fb727)
#8 0x5581a8fcd7b9 in readline_internal_charloop
(/home/dualbus/src/gnu/bash-build/bash+0x1fb7b9)
#9 0x5581a8fcd7dd in readline_internal
(/home/dualbus/src/gnu/bash-build/bash+0x1fb7dd)
#10 0x5581a8fcce93 in readline
(/home/dualbus/src/gnu/bash-build/bash+0x1fae93)
#11 0x5581a8f88136 in edit_line
(/home/dualbus/src/gnu/bash-build/bash+0x1b6136)
#12 0x5581a8f85aa4 in read_builtin
(/home/dualbus/src/gnu/bash-build/bash+0x1b3aa4)
#13 0x5581a8e9bc89 in execute_builtin
(/home/dualbus/src/gnu/bash-build/bash+0xc9c89)
#14 0x5581a8e9d89f in execute_builtin_or_function
(/home/dualbus/src/gnu/bash-build/bash+0xcb89f)
#15 0x5581a8e9b11f in execute_simple_command
(/home/dualbus/src/gnu/bash-build/bash+0xc911f)
#16 0x5581a8e88f42 in execute_command_internal
(/home/dualbus/src/gnu/bash-build/bash+0xb6f42)
#17 0x5581a8e9182e in execute_connection
(/home/dualbus/src/gnu/bash-build/bash+0xbf82e)
#18 0x5581a8e89d17 in execute_command_internal
(/home/dualbus/src/gnu/bash-build/bash+0xb7d17)
#19 0x5581a8f730f4 in parse_and_execute
(/home/dualbus/src/gnu/bash-build/bash+0x1a10f4)
#20 0x5581a8e54401 in run_one_command
(/home/dualbus/src/gnu/bash-build/bash+0x82401)
#21 0x5581a8e528da in main (/home/dualbus/src/gnu/bash-build/bash+0x808da)
#22 0x7f40896ae2b0 in __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x202b0)
SUMMARY: AddressSanitizer: heap-buffer-overflow
(/home/dualbus/src/gnu/bash-build/bash+0x23cbe6) in _rl_copy_to_kill_ring
Shadow bytes around the buggy address:
0x0c0e7fff9940: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c0e7fff9950: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c0e7fff9960: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c0e7fff9970: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c0e7fff9980: fa fa fa fa fa fa fa fa fa fa fa fa fa fa 00 00
=>0x0c0e7fff9990: 00 00 00 00 00 00 00 00[fa]fa fa fa fd fd fd fd
0x0c0e7fff99a0: fd fd fd fd fd fa fa fa fa fa 00 00 00 00 00 00
0x0c0e7fff99b0: 00 00 00 03 fa fa fa fa 00 00 00 00 00 00 00 00
0x0c0e7fff99c0: 02 fa fa fa fa fa 00 00 00 00 00 00 00 00 00 06
0x0c0e7fff99d0: fa fa fa fa fd fd fd fd fd fd fd fd fd fd fa fa
0x0c0e7fff99e0: fa fa 00 00 00 00 00 00 00 00 00 fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap right redzone: fb
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==15292==ABORTING
INPUT
AAIbLbUAAlsQGDIYFxwYGBkYGJgYGBgYGAAYGBgwGAAAAEAYGBggAAAEANIY+xcYGRgYGBgYIAAA
BEA+BEDMBEABARgoFRUVFRAQ////gAsQEDMQEBAQEBAVCBA4Gzj+GEU4Gzg4GzgTGBgoOBs4Exgl
7xAVFQUVFeEVFRUVFRT5FRWAFRT5FQgQOBs4ExgoOBs4ExgYKDgbGAAABgEnKGEdAgAbOBMVFeEV
FRUVFRT5FQgQOBs4ExgoOBs4ExgmABs4ExgoOBs4ExhlGAAABhgn9wAmYSkCABs4ExgoOBs4ExgQ
EAsQEDMQGzgTGEX3ABAAANwQIEUYZAAGABDbABAAABjEAj9ADjs=
==15293==ERROR: AddressSanitizer: heap-buffer-overflow on address
0x60700000ccc0 at pc 0x557cf29f6be7 bp 0x7ffd788ea1e0 sp 0x7ffd788ea1d8
READ of size 8 at 0x60700000ccc0 thread T0
#0 0x557cf29f6be6 in _rl_copy_to_kill_ring
(/home/dualbus/src/gnu/bash-build/bash+0x23cbe6)
#1 0x557cf29f6f79 in rl_kill_text
(/home/dualbus/src/gnu/bash-build/bash+0x23cf79)
#2 0x557cf29f81f9 in rl_unix_line_discard
(/home/dualbus/src/gnu/bash-build/bash+0x23e1f9)
#3 0x557cf29b630d in _rl_dispatch_subseq
(/home/dualbus/src/gnu/bash-build/bash+0x1fc30d)
#4 0x557cf29b5ee8 in _rl_dispatch
(/home/dualbus/src/gnu/bash-build/bash+0x1fbee8)
#5 0x557cf29b5727 in readline_internal_char
(/home/dualbus/src/gnu/bash-build/bash+0x1fb727)
#6 0x557cf29b57b9 in readline_internal_charloop
(/home/dualbus/src/gnu/bash-build/bash+0x1fb7b9)
#7 0x557cf29b57dd in readline_internal
(/home/dualbus/src/gnu/bash-build/bash+0x1fb7dd)
#8 0x557cf29b4e93 in readline
(/home/dualbus/src/gnu/bash-build/bash+0x1fae93)
#9 0x557cf2970136 in edit_line
(/home/dualbus/src/gnu/bash-build/bash+0x1b6136)
#10 0x557cf296daa4 in read_builtin
(/home/dualbus/src/gnu/bash-build/bash+0x1b3aa4)
#11 0x557cf2883c89 in execute_builtin
(/home/dualbus/src/gnu/bash-build/bash+0xc9c89)
#12 0x557cf288589f in execute_builtin_or_function
(/home/dualbus/src/gnu/bash-build/bash+0xcb89f)
#13 0x557cf288311f in execute_simple_command
(/home/dualbus/src/gnu/bash-build/bash+0xc911f)
#14 0x557cf2870f42 in execute_command_internal
(/home/dualbus/src/gnu/bash-build/bash+0xb6f42)
#15 0x557cf287982e in execute_connection
(/home/dualbus/src/gnu/bash-build/bash+0xbf82e)
#16 0x557cf2871d17 in execute_command_internal
(/home/dualbus/src/gnu/bash-build/bash+0xb7d17)
#17 0x557cf295b0f4 in parse_and_execute
(/home/dualbus/src/gnu/bash-build/bash+0x1a10f4)
#18 0x557cf283c401 in run_one_command
(/home/dualbus/src/gnu/bash-build/bash+0x82401)
#19 0x557cf283a8da in main (/home/dualbus/src/gnu/bash-build/bash+0x808da)
#20 0x7f01c74ce2b0 in __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x202b0)
#21 0x557cf2839749 in _start (/home/dualbus/src/gnu/bash-build/bash+0x7f749)
0x60700000ccc0 is located 0 bytes to the right of 80-byte region
[0x60700000cc70,0x60700000ccc0)
allocated by thread T0 here:
#0 0x7f01c7d3c090 in realloc
(/usr/lib/x86_64-linux-gnu/libasan.so.3+0xc2090)
#1 0x557cf2949e00 in xrealloc
(/home/dualbus/src/gnu/bash-build/bash+0x18fe00)
#2 0x557cf29f6c4e in _rl_copy_to_kill_ring
(/home/dualbus/src/gnu/bash-build/bash+0x23cc4e)
#3 0x557cf29f6f79 in rl_kill_text
(/home/dualbus/src/gnu/bash-build/bash+0x23cf79)
#4 0x557cf29f81f9 in rl_unix_line_discard
(/home/dualbus/src/gnu/bash-build/bash+0x23e1f9)
#5 0x557cf29b630d in _rl_dispatch_subseq
(/home/dualbus/src/gnu/bash-build/bash+0x1fc30d)
#6 0x557cf29b5ee8 in _rl_dispatch
(/home/dualbus/src/gnu/bash-build/bash+0x1fbee8)
#7 0x557cf29b5727 in readline_internal_char
(/home/dualbus/src/gnu/bash-build/bash+0x1fb727)
#8 0x557cf29b57b9 in readline_internal_charloop
(/home/dualbus/src/gnu/bash-build/bash+0x1fb7b9)
#9 0x557cf29b57dd in readline_internal
(/home/dualbus/src/gnu/bash-build/bash+0x1fb7dd)
#10 0x557cf29b4e93 in readline
(/home/dualbus/src/gnu/bash-build/bash+0x1fae93)
#11 0x557cf2970136 in edit_line
(/home/dualbus/src/gnu/bash-build/bash+0x1b6136)
#12 0x557cf296daa4 in read_builtin
(/home/dualbus/src/gnu/bash-build/bash+0x1b3aa4)
#13 0x557cf2883c89 in execute_builtin
(/home/dualbus/src/gnu/bash-build/bash+0xc9c89)
#14 0x557cf288589f in execute_builtin_or_function
(/home/dualbus/src/gnu/bash-build/bash+0xcb89f)
#15 0x557cf288311f in execute_simple_command
(/home/dualbus/src/gnu/bash-build/bash+0xc911f)
#16 0x557cf2870f42 in execute_command_internal
(/home/dualbus/src/gnu/bash-build/bash+0xb6f42)
#17 0x557cf287982e in execute_connection
(/home/dualbus/src/gnu/bash-build/bash+0xbf82e)
#18 0x557cf2871d17 in execute_command_internal
(/home/dualbus/src/gnu/bash-build/bash+0xb7d17)
#19 0x557cf295b0f4 in parse_and_execute
(/home/dualbus/src/gnu/bash-build/bash+0x1a10f4)
#20 0x557cf283c401 in run_one_command
(/home/dualbus/src/gnu/bash-build/bash+0x82401)
#21 0x557cf283a8da in main (/home/dualbus/src/gnu/bash-build/bash+0x808da)
#22 0x7f01c74ce2b0 in __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x202b0)
SUMMARY: AddressSanitizer: heap-buffer-overflow
(/home/dualbus/src/gnu/bash-build/bash+0x23cbe6) in _rl_copy_to_kill_ring
Shadow bytes around the buggy address:
0x0c0e7fff9940: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c0e7fff9950: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c0e7fff9960: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c0e7fff9970: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c0e7fff9980: fa fa fa fa fa fa fa fa fa fa fa fa fa fa 00 00
=>0x0c0e7fff9990: 00 00 00 00 00 00 00 00[fa]fa fa fa fd fd fd fd
0x0c0e7fff99a0: fd fd fd fd fd fa fa fa fa fa 00 00 00 00 00 00
0x0c0e7fff99b0: 00 00 00 03 fa fa fa fa 00 00 00 00 00 00 00 00
0x0c0e7fff99c0: 02 fa fa fa fa fa 00 00 00 00 00 00 00 00 00 06
0x0c0e7fff99d0: fa fa fa fa fd fd fd fd fd fd fd fd fd fd fa fa
0x0c0e7fff99e0: fa fa 00 00 00 00 00 00 00 00 00 fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap right redzone: fb
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==15293==ABORTING
INPUT
AAIbLbUAAlsQGDIYFxwYGBkTGEX3ABAAANwYGBgwGAAAAEAYGBggAAAEANIY+xcYGRgYGBgYIAAA
BEAjBEDMBEABARgoFRUVFRAQ////gAsQEDMQEBAQEBAVCBA4Gzj+GEU4GzgTGCYQEBUdBRUV4RUV
FRUVFPkVCBA4GzgTGCg4GzgTGBgoOBs4ExgmEBAVFQUVFeEVFRUVFRT5FRUVFRRkFQgQOBs4Exgo
OBs4ExgYKDgbGAAABgEnKGEdAgAbOBMVFeEVFRUVFRT5FQgQOBs4ExgoOBs4ExgmABs4ExgoOBs4
ExhlGAAABhgn9wAmYR0CABs4ExgoOBs4ExgQEAsQEDMQGzgTGEX3ABAAANwQIEUYZAAGABDbABAA
ABjEAj9ADjs=
--
Eduardo Bustamante
https://dualbus.me/
- AddressSanitizer: heap-buffer-overflow in rl_kill_text,
Eduardo Bustamante <=