[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
AddressSanitizer: heap-buffer-overflow in rl_search_history
From: |
Eduardo Bustamante |
Subject: |
AddressSanitizer: heap-buffer-overflow in rl_search_history |
Date: |
Thu, 15 Jun 2017 09:43:54 -0500 |
User-agent: |
NeoMutt/20170113 (1.7.2) |
Found by fuzzing `read -e' with AFL. The stacktrace reported by Address
Sanitizer is followed by the base64 encoded crashing input.
==15910==ERROR: AddressSanitizer: heap-buffer-overflow on address
0x61100000977f at pc 0x55794384fd88 bp 0x7ffd35b10720 sp 0x7ffd35b10718
READ of size 1 at 0x61100000977f thread T0
#0 0x55794384fd87 in _rl_isearch_dispatch
(/home/dualbus/src/gnu/bash-build/bash+0x22ad87)
#1 0x557943850cae in rl_search_history
(/home/dualbus/src/gnu/bash-build/bash+0x22bcae)
#2 0x55794384b7ac in rl_reverse_search_history
(/home/dualbus/src/gnu/bash-build/bash+0x2267ac)
#3 0x55794382130d in _rl_dispatch_subseq
(/home/dualbus/src/gnu/bash-build/bash+0x1fc30d)
#4 0x557943820ee8 in _rl_dispatch
(/home/dualbus/src/gnu/bash-build/bash+0x1fbee8)
#5 0x557943820727 in readline_internal_char
(/home/dualbus/src/gnu/bash-build/bash+0x1fb727)
#6 0x5579438207b9 in readline_internal_charloop
(/home/dualbus/src/gnu/bash-build/bash+0x1fb7b9)
#7 0x5579438207dd in readline_internal
(/home/dualbus/src/gnu/bash-build/bash+0x1fb7dd)
#8 0x55794381fe93 in readline
(/home/dualbus/src/gnu/bash-build/bash+0x1fae93)
#9 0x5579437db136 in edit_line
(/home/dualbus/src/gnu/bash-build/bash+0x1b6136)
#10 0x5579437d8aa4 in read_builtin
(/home/dualbus/src/gnu/bash-build/bash+0x1b3aa4)
#11 0x5579436eec89 in execute_builtin
(/home/dualbus/src/gnu/bash-build/bash+0xc9c89)
#12 0x5579436f089f in execute_builtin_or_function
(/home/dualbus/src/gnu/bash-build/bash+0xcb89f)
#13 0x5579436ee11f in execute_simple_command
(/home/dualbus/src/gnu/bash-build/bash+0xc911f)
#14 0x5579436dbf42 in execute_command_internal
(/home/dualbus/src/gnu/bash-build/bash+0xb6f42)
#15 0x5579436e482e in execute_connection
(/home/dualbus/src/gnu/bash-build/bash+0xbf82e)
#16 0x5579436dcd17 in execute_command_internal
(/home/dualbus/src/gnu/bash-build/bash+0xb7d17)
#17 0x5579437c60f4 in parse_and_execute
(/home/dualbus/src/gnu/bash-build/bash+0x1a10f4)
#18 0x5579436a7401 in run_one_command
(/home/dualbus/src/gnu/bash-build/bash+0x82401)
#19 0x5579436a58da in main (/home/dualbus/src/gnu/bash-build/bash+0x808da)
#20 0x7fd76993a2b0 in __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x202b0)
#21 0x5579436a4749 in _start (/home/dualbus/src/gnu/bash-build/bash+0x7f749)
0x61100000977f is located 1 bytes to the left of 256-byte region
[0x611000009780,0x611000009880)
allocated by thread T0 here:
#0 0x7fd76a1a7d28 in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.3+0xc1d28)
#1 0x5579437b4d95 in xmalloc
(/home/dualbus/src/gnu/bash-build/bash+0x18fd95)
#2 0x557943822220 in readline_initialize_everything
(/home/dualbus/src/gnu/bash-build/bash+0x1fd220)
#3 0x5579438220c6 in rl_initialize
(/home/dualbus/src/gnu/bash-build/bash+0x1fd0c6)
#4 0x55794378fc28 in initialize_readline
(/home/dualbus/src/gnu/bash-build/bash+0x16ac28)
#5 0x5579437db096 in edit_line
(/home/dualbus/src/gnu/bash-build/bash+0x1b6096)
#6 0x5579437d8aa4 in read_builtin
(/home/dualbus/src/gnu/bash-build/bash+0x1b3aa4)
#7 0x5579436eec89 in execute_builtin
(/home/dualbus/src/gnu/bash-build/bash+0xc9c89)
#8 0x5579436f089f in execute_builtin_or_function
(/home/dualbus/src/gnu/bash-build/bash+0xcb89f)
#9 0x5579436ee11f in execute_simple_command
(/home/dualbus/src/gnu/bash-build/bash+0xc911f)
#10 0x5579436dbf42 in execute_command_internal
(/home/dualbus/src/gnu/bash-build/bash+0xb6f42)
#11 0x5579436e482e in execute_connection
(/home/dualbus/src/gnu/bash-build/bash+0xbf82e)
#12 0x5579436dcd17 in execute_command_internal
(/home/dualbus/src/gnu/bash-build/bash+0xb7d17)
#13 0x5579437c60f4 in parse_and_execute
(/home/dualbus/src/gnu/bash-build/bash+0x1a10f4)
#14 0x5579436a7401 in run_one_command
(/home/dualbus/src/gnu/bash-build/bash+0x82401)
#15 0x5579436a58da in main (/home/dualbus/src/gnu/bash-build/bash+0x808da)
#16 0x7fd76993a2b0 in __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x202b0)
SUMMARY: AddressSanitizer: heap-buffer-overflow
(/home/dualbus/src/gnu/bash-build/bash+0x22ad87) in _rl_isearch_dispatch
Shadow bytes around the buggy address:
0x0c227fff9290: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c227fff92a0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c227fff92b0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c227fff92c0: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00
0x0c227fff92d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0c227fff92e0: 00 00 fa fa fa fa fa fa fa fa fa fa fa fa fa[fa]
0x0c227fff92f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c227fff9300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c227fff9310: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00
0x0c227fff9320: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c227fff9330: 00 00 00 00 00 00 00 00 fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap right redzone: fb
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==15910==ABORTING
INPUT
AAEbLbUA9loQGDIYLhwYGBkYGJgYGBj4FwAYGBj/HgAAAEAYGBgYEhISEhISEhISEhISEhISEhIS
EhISEhISEhISEhJFbFIT+gH6Av9yzGxuRWxSE/oB+jBkAOpsgv8AIOSwzIwAAGwGbG5sXGxsIID/
//93d0B3d2BOZ2dn+vr6+mwqF+xsPQsaAQCOl36Ojhs9IFcPEAA8PCuAjgAB/+4APDwxQAuCYKUA
/n9bHlUAAQgAKFcZZf//XV07XX8c/xsF
==23875==ERROR: AddressSanitizer: heap-buffer-overflow on address
0x61100000977e at pc 0x55e5af432d88 bp 0x7ffcf0a9ec10 sp 0x7ffcf0a9ec08
READ of size 1 at 0x61100000977e thread T0
#0 0x55e5af432d87 in _rl_isearch_dispatch
(/home/dualbus/src/gnu/bash-build/bash+0x22ad87)
#1 0x55e5af433cae in rl_search_history
(/home/dualbus/src/gnu/bash-build/bash+0x22bcae)
#2 0x55e5af42e7cb in rl_forward_search_history
(/home/dualbus/src/gnu/bash-build/bash+0x2267cb)
#3 0x55e5af40430d in _rl_dispatch_subseq
(/home/dualbus/src/gnu/bash-build/bash+0x1fc30d)
#4 0x55e5af403ee8 in _rl_dispatch
(/home/dualbus/src/gnu/bash-build/bash+0x1fbee8)
#5 0x55e5af403727 in readline_internal_char
(/home/dualbus/src/gnu/bash-build/bash+0x1fb727)
#6 0x55e5af4037b9 in readline_internal_charloop
(/home/dualbus/src/gnu/bash-build/bash+0x1fb7b9)
#7 0x55e5af4037dd in readline_internal
(/home/dualbus/src/gnu/bash-build/bash+0x1fb7dd)
#8 0x55e5af402e93 in readline
(/home/dualbus/src/gnu/bash-build/bash+0x1fae93)
#9 0x55e5af3be136 in edit_line
(/home/dualbus/src/gnu/bash-build/bash+0x1b6136)
#10 0x55e5af3bbaa4 in read_builtin
(/home/dualbus/src/gnu/bash-build/bash+0x1b3aa4)
#11 0x55e5af2d1c89 in execute_builtin
(/home/dualbus/src/gnu/bash-build/bash+0xc9c89)
#12 0x55e5af2d389f in execute_builtin_or_function
(/home/dualbus/src/gnu/bash-build/bash+0xcb89f)
#13 0x55e5af2d111f in execute_simple_command
(/home/dualbus/src/gnu/bash-build/bash+0xc911f)
#14 0x55e5af2bef42 in execute_command_internal
(/home/dualbus/src/gnu/bash-build/bash+0xb6f42)
#15 0x55e5af2c782e in execute_connection
(/home/dualbus/src/gnu/bash-build/bash+0xbf82e)
#16 0x55e5af2bfd17 in execute_command_internal
(/home/dualbus/src/gnu/bash-build/bash+0xb7d17)
#17 0x55e5af3a90f4 in parse_and_execute
(/home/dualbus/src/gnu/bash-build/bash+0x1a10f4)
#18 0x55e5af28a401 in run_one_command
(/home/dualbus/src/gnu/bash-build/bash+0x82401)
#19 0x55e5af2888da in main (/home/dualbus/src/gnu/bash-build/bash+0x808da)
#20 0x7f0c847b62b0 in __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x202b0)
#21 0x55e5af287749 in _start (/home/dualbus/src/gnu/bash-build/bash+0x7f749)
0x61100000977e is located 2 bytes to the left of 256-byte region
[0x611000009780,0x611000009880)
allocated by thread T0 here:
#0 0x7f0c85023d28 in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.3+0xc1d28)
#1 0x55e5af397d95 in xmalloc
(/home/dualbus/src/gnu/bash-build/bash+0x18fd95)
#2 0x55e5af405220 in readline_initialize_everything
(/home/dualbus/src/gnu/bash-build/bash+0x1fd220)
#3 0x55e5af4050c6 in rl_initialize
(/home/dualbus/src/gnu/bash-build/bash+0x1fd0c6)
#4 0x55e5af372c28 in initialize_readline
(/home/dualbus/src/gnu/bash-build/bash+0x16ac28)
#5 0x55e5af3be096 in edit_line
(/home/dualbus/src/gnu/bash-build/bash+0x1b6096)
#6 0x55e5af3bbaa4 in read_builtin
(/home/dualbus/src/gnu/bash-build/bash+0x1b3aa4)
#7 0x55e5af2d1c89 in execute_builtin
(/home/dualbus/src/gnu/bash-build/bash+0xc9c89)
#8 0x55e5af2d389f in execute_builtin_or_function
(/home/dualbus/src/gnu/bash-build/bash+0xcb89f)
#9 0x55e5af2d111f in execute_simple_command
(/home/dualbus/src/gnu/bash-build/bash+0xc911f)
#10 0x55e5af2bef42 in execute_command_internal
(/home/dualbus/src/gnu/bash-build/bash+0xb6f42)
#11 0x55e5af2c782e in execute_connection
(/home/dualbus/src/gnu/bash-build/bash+0xbf82e)
#12 0x55e5af2bfd17 in execute_command_internal
(/home/dualbus/src/gnu/bash-build/bash+0xb7d17)
#13 0x55e5af3a90f4 in parse_and_execute
(/home/dualbus/src/gnu/bash-build/bash+0x1a10f4)
#14 0x55e5af28a401 in run_one_command
(/home/dualbus/src/gnu/bash-build/bash+0x82401)
#15 0x55e5af2888da in main (/home/dualbus/src/gnu/bash-build/bash+0x808da)
#16 0x7f0c847b62b0 in __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x202b0)
SUMMARY: AddressSanitizer: heap-buffer-overflow
(/home/dualbus/src/gnu/bash-build/bash+0x22ad87) in _rl_isearch_dispatch
Shadow bytes around the buggy address:
0x0c227fff9290: fd fd fd fd fd fd fd fa fa fa fa fa fa fa fa fa
0x0c227fff92a0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c227fff92b0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fa
0x0c227fff92c0: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00
0x0c227fff92d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0c227fff92e0: 00 00 fa fa fa fa fa fa fa fa fa fa fa fa fa[fa]
0x0c227fff92f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c227fff9300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c227fff9310: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00
0x0c227fff9320: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c227fff9330: 00 00 00 00 00 00 00 00 fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap right redzone: fb
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==23875==ABORTING
INPUT
/wIbLbUA/38QfzsYFRwYGBkYGJgYGBj4F14wGAAAAEAEANAY+xcYGRg9C0AARRgDJ3hs51seLRAA
EFsQAQASEhITR0fHR0cTUkdHR0dAzARAAQEYKDgLJ3iA/yhhHUD/gP8oYR1A/xsTVSguGzgM1X88
PDw9f0DMBEABARgo/wAGGCdzABAAAKnw8PAbzC/I0+qvAQDMIAn9AIAAR0dHR0dHR0dHSUdHzMzQ
0NDQYWFhYWH/AADMzCkDARsSJAMA/xLMzMjT6q8BAMwgCf0AgAhHR0dHR0dHR0dJR0cSEhMSEszM
f6kTISEhISFHR0dHRxISE1ISzMx/qRMhGiEhISEhISEhISHM0szMzKAXf4DOEhISAxISEgMSEhIT
R0fHR0cTUkdHR0dHR0dHEhITUhLMzH+pExIgAxISAY+PAAD///9/gM4SEjMDEhISj4+qHAD//xCA
gBIaAxISEgES5kdHR0eAIxKwzH+pj4uPj3mPj48cAP///39AAAAA9QIBGxLxEQAAAEDMz8xuE1Dg
8GdnZ26A/wCPAPP/AAAG/QAD6PmAABPoIiAA6AMAAPr//38cyM5/8RIOEhISAxISIAMSEgGPEBcA
///wf4ASEgMSEhITEhITEp5vAQA8VBwG/xIDEhIgAxISAY+PAAD///9/gM4SEhIDA+j0DwASEgMB
GxI0LRITj48A/39Xj2SPjhISEgMA/xKPj4+ijwJkIg==
==29731==ERROR: AddressSanitizer: heap-buffer-overflow on address
0x61100000977e at pc 0x56359e3dfd88 bp 0x7ffc11f40910 sp 0x7ffc11f40908
READ of size 1 at 0x61100000977e thread T0
#0 0x56359e3dfd87 in _rl_isearch_dispatch
(/home/dualbus/src/gnu/bash-build/bash+0x22ad87)
#1 0x56359e3e0cae in rl_search_history
(/home/dualbus/src/gnu/bash-build/bash+0x22bcae)
#2 0x56359e3db7ac in rl_reverse_search_history
(/home/dualbus/src/gnu/bash-build/bash+0x2267ac)
#3 0x56359e3b130d in _rl_dispatch_subseq
(/home/dualbus/src/gnu/bash-build/bash+0x1fc30d)
#4 0x56359e3b0ee8 in _rl_dispatch
(/home/dualbus/src/gnu/bash-build/bash+0x1fbee8)
#5 0x56359e3b0727 in readline_internal_char
(/home/dualbus/src/gnu/bash-build/bash+0x1fb727)
#6 0x56359e3b07b9 in readline_internal_charloop
(/home/dualbus/src/gnu/bash-build/bash+0x1fb7b9)
#7 0x56359e3b07dd in readline_internal
(/home/dualbus/src/gnu/bash-build/bash+0x1fb7dd)
#8 0x56359e3afe93 in readline
(/home/dualbus/src/gnu/bash-build/bash+0x1fae93)
#9 0x56359e36b136 in edit_line
(/home/dualbus/src/gnu/bash-build/bash+0x1b6136)
#10 0x56359e368aa4 in read_builtin
(/home/dualbus/src/gnu/bash-build/bash+0x1b3aa4)
#11 0x56359e27ec89 in execute_builtin
(/home/dualbus/src/gnu/bash-build/bash+0xc9c89)
#12 0x56359e28089f in execute_builtin_or_function
(/home/dualbus/src/gnu/bash-build/bash+0xcb89f)
#13 0x56359e27e11f in execute_simple_command
(/home/dualbus/src/gnu/bash-build/bash+0xc911f)
#14 0x56359e26bf42 in execute_command_internal
(/home/dualbus/src/gnu/bash-build/bash+0xb6f42)
#15 0x56359e27482e in execute_connection
(/home/dualbus/src/gnu/bash-build/bash+0xbf82e)
#16 0x56359e26cd17 in execute_command_internal
(/home/dualbus/src/gnu/bash-build/bash+0xb7d17)
#17 0x56359e3560f4 in parse_and_execute
(/home/dualbus/src/gnu/bash-build/bash+0x1a10f4)
#18 0x56359e237401 in run_one_command
(/home/dualbus/src/gnu/bash-build/bash+0x82401)
#19 0x56359e2358da in main (/home/dualbus/src/gnu/bash-build/bash+0x808da)
#20 0x7f1ea74872b0 in __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x202b0)
#21 0x56359e234749 in _start (/home/dualbus/src/gnu/bash-build/bash+0x7f749)
0x61100000977e is located 2 bytes to the left of 256-byte region
[0x611000009780,0x611000009880)
allocated by thread T0 here:
#0 0x7f1ea7cf4d28 in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.3+0xc1d28)
#1 0x56359e344d95 in xmalloc
(/home/dualbus/src/gnu/bash-build/bash+0x18fd95)
#2 0x56359e3b2220 in readline_initialize_everything
(/home/dualbus/src/gnu/bash-build/bash+0x1fd220)
#3 0x56359e3b20c6 in rl_initialize
(/home/dualbus/src/gnu/bash-build/bash+0x1fd0c6)
#4 0x56359e31fc28 in initialize_readline
(/home/dualbus/src/gnu/bash-build/bash+0x16ac28)
#5 0x56359e36b096 in edit_line
(/home/dualbus/src/gnu/bash-build/bash+0x1b6096)
#6 0x56359e368aa4 in read_builtin
(/home/dualbus/src/gnu/bash-build/bash+0x1b3aa4)
#7 0x56359e27ec89 in execute_builtin
(/home/dualbus/src/gnu/bash-build/bash+0xc9c89)
#8 0x56359e28089f in execute_builtin_or_function
(/home/dualbus/src/gnu/bash-build/bash+0xcb89f)
#9 0x56359e27e11f in execute_simple_command
(/home/dualbus/src/gnu/bash-build/bash+0xc911f)
#10 0x56359e26bf42 in execute_command_internal
(/home/dualbus/src/gnu/bash-build/bash+0xb6f42)
#11 0x56359e27482e in execute_connection
(/home/dualbus/src/gnu/bash-build/bash+0xbf82e)
#12 0x56359e26cd17 in execute_command_internal
(/home/dualbus/src/gnu/bash-build/bash+0xb7d17)
#13 0x56359e3560f4 in parse_and_execute
(/home/dualbus/src/gnu/bash-build/bash+0x1a10f4)
#14 0x56359e237401 in run_one_command
(/home/dualbus/src/gnu/bash-build/bash+0x82401)
#15 0x56359e2358da in main (/home/dualbus/src/gnu/bash-build/bash+0x808da)
#16 0x7f1ea74872b0 in __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x202b0)
SUMMARY: AddressSanitizer: heap-buffer-overflow
(/home/dualbus/src/gnu/bash-build/bash+0x22ad87) in _rl_isearch_dispatch
Shadow bytes around the buggy address:
0x0c227fff9290: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c227fff92a0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c227fff92b0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c227fff92c0: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00
0x0c227fff92d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0c227fff92e0: 00 00 fa fa fa fa fa fa fa fa fa fa fa fa fa[fa]
0x0c227fff92f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c227fff9300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c227fff9310: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00
0x0c227fff9320: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c227fff9330: 00 00 00 00 00 00 00 00 fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap right redzone: fb
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==29731==ABORTING
INPUT
AAAbLbUA9loQGDIYLhwYGBkYGJgYGBj4FwAEGBgwHgAAAEAYGBgYAOADgP85+xcYGRg9C0AAdGB3
aOgDAAAAAFNgPDxA0tJMTExMTExMTEwkf//6/97g+v/6DjUAggAAcknpTE1Nj3+PzhIAAACA/xLM
zACA//8BANV4Hf0AgAAAAO3AEBISEgMSQAAA8hETEhLMEughISEAAABkzMzMIBdlgM4SEhIDEhIS
AxJAFgDyERMSEszMf6kTEiADEhIGjwAABABb/3+AxhISEgMSEhJvj6ocAP//EIAQ6BL0EhKAEhoD
EhISARIDAID/AIAjErDMf6mPi4+PeY+PfwAR////f4DaEhISJAH6EvERjxwA////f4DaEhISAwEb
AAABAPYAEhIDARsSNC0SE1Dg8GdnZ257IACPAPP/AAAGAAAD6PmAAP/oIiD8//8/s//vX2eK////
fxzIzoASEg4SEhIDEhISEgGPgAAACwMAAABAEhIBj48yAP//8H+A/9h/gM4SEjMDEhISAxISEhMx
EgMA/xLMzACA//8BAMyAHf0AgADOEhIzAxISEgMSEhITEhIDAP8SzMwAgP//AQDMgB39AAAA7cAQ
APIRExISzMx/qRMSIAMSEgaPAAAEAFv/f4+Lj495j49/ABH///9/gNoSEhIkAfoSEhISExISzMx/
jxwA4v//dIASEhIDEh8gAxISAY+PAAD///+dgM4SEhISEgCd9gASgBIDARsSNC0SE4+PAwB/V49k
j44SEhLp//8Sg4+Pj48CCiI=
==29732==ERROR: AddressSanitizer: heap-buffer-overflow on address
0x61100000977f at pc 0x562ef1644d88 bp 0x7ffdd726f7a0 sp 0x7ffdd726f798
READ of size 1 at 0x61100000977f thread T0
#0 0x562ef1644d87 in _rl_isearch_dispatch
(/home/dualbus/src/gnu/bash-build/bash+0x22ad87)
#1 0x562ef1645cae in rl_search_history
(/home/dualbus/src/gnu/bash-build/bash+0x22bcae)
#2 0x562ef16407ac in rl_reverse_search_history
(/home/dualbus/src/gnu/bash-build/bash+0x2267ac)
#3 0x562ef161630d in _rl_dispatch_subseq
(/home/dualbus/src/gnu/bash-build/bash+0x1fc30d)
#4 0x562ef1615ee8 in _rl_dispatch
(/home/dualbus/src/gnu/bash-build/bash+0x1fbee8)
#5 0x562ef1615727 in readline_internal_char
(/home/dualbus/src/gnu/bash-build/bash+0x1fb727)
#6 0x562ef16157b9 in readline_internal_charloop
(/home/dualbus/src/gnu/bash-build/bash+0x1fb7b9)
#7 0x562ef16157dd in readline_internal
(/home/dualbus/src/gnu/bash-build/bash+0x1fb7dd)
#8 0x562ef1614e93 in readline
(/home/dualbus/src/gnu/bash-build/bash+0x1fae93)
#9 0x562ef15d0136 in edit_line
(/home/dualbus/src/gnu/bash-build/bash+0x1b6136)
#10 0x562ef15cdaa4 in read_builtin
(/home/dualbus/src/gnu/bash-build/bash+0x1b3aa4)
#11 0x562ef14e3c89 in execute_builtin
(/home/dualbus/src/gnu/bash-build/bash+0xc9c89)
#12 0x562ef14e589f in execute_builtin_or_function
(/home/dualbus/src/gnu/bash-build/bash+0xcb89f)
#13 0x562ef14e311f in execute_simple_command
(/home/dualbus/src/gnu/bash-build/bash+0xc911f)
#14 0x562ef14d0f42 in execute_command_internal
(/home/dualbus/src/gnu/bash-build/bash+0xb6f42)
#15 0x562ef14d982e in execute_connection
(/home/dualbus/src/gnu/bash-build/bash+0xbf82e)
#16 0x562ef14d1d17 in execute_command_internal
(/home/dualbus/src/gnu/bash-build/bash+0xb7d17)
#17 0x562ef15bb0f4 in parse_and_execute
(/home/dualbus/src/gnu/bash-build/bash+0x1a10f4)
#18 0x562ef149c401 in run_one_command
(/home/dualbus/src/gnu/bash-build/bash+0x82401)
#19 0x562ef149a8da in main (/home/dualbus/src/gnu/bash-build/bash+0x808da)
#20 0x7fd6d39212b0 in __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x202b0)
#21 0x562ef1499749 in _start (/home/dualbus/src/gnu/bash-build/bash+0x7f749)
0x61100000977f is located 1 bytes to the left of 256-byte region
[0x611000009780,0x611000009880)
allocated by thread T0 here:
#0 0x7fd6d418ed28 in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.3+0xc1d28)
#1 0x562ef15a9d95 in xmalloc
(/home/dualbus/src/gnu/bash-build/bash+0x18fd95)
#2 0x562ef1617220 in readline_initialize_everything
(/home/dualbus/src/gnu/bash-build/bash+0x1fd220)
#3 0x562ef16170c6 in rl_initialize
(/home/dualbus/src/gnu/bash-build/bash+0x1fd0c6)
#4 0x562ef1584c28 in initialize_readline
(/home/dualbus/src/gnu/bash-build/bash+0x16ac28)
#5 0x562ef15d0096 in edit_line
(/home/dualbus/src/gnu/bash-build/bash+0x1b6096)
#6 0x562ef15cdaa4 in read_builtin
(/home/dualbus/src/gnu/bash-build/bash+0x1b3aa4)
#7 0x562ef14e3c89 in execute_builtin
(/home/dualbus/src/gnu/bash-build/bash+0xc9c89)
#8 0x562ef14e589f in execute_builtin_or_function
(/home/dualbus/src/gnu/bash-build/bash+0xcb89f)
#9 0x562ef14e311f in execute_simple_command
(/home/dualbus/src/gnu/bash-build/bash+0xc911f)
#10 0x562ef14d0f42 in execute_command_internal
(/home/dualbus/src/gnu/bash-build/bash+0xb6f42)
#11 0x562ef14d982e in execute_connection
(/home/dualbus/src/gnu/bash-build/bash+0xbf82e)
#12 0x562ef14d1d17 in execute_command_internal
(/home/dualbus/src/gnu/bash-build/bash+0xb7d17)
#13 0x562ef15bb0f4 in parse_and_execute
(/home/dualbus/src/gnu/bash-build/bash+0x1a10f4)
#14 0x562ef149c401 in run_one_command
(/home/dualbus/src/gnu/bash-build/bash+0x82401)
#15 0x562ef149a8da in main (/home/dualbus/src/gnu/bash-build/bash+0x808da)
#16 0x7fd6d39212b0 in __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x202b0)
SUMMARY: AddressSanitizer: heap-buffer-overflow
(/home/dualbus/src/gnu/bash-build/bash+0x22ad87) in _rl_isearch_dispatch
Shadow bytes around the buggy address:
0x0c227fff9290: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c227fff92a0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c227fff92b0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c227fff92c0: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00
0x0c227fff92d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0c227fff92e0: 00 00 fa fa fa fa fa fa fa fa fa fa fa fa fa[fa]
0x0c227fff92f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c227fff9300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c227fff9310: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00
0x0c227fff9320: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c227fff9330: 00 00 00 00 00 00 00 00 fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap right redzone: fb
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==29732==ABORTING
INPUT
AAAbLbUA9loQGDIYLhwYGBkYGJgYGBj4FwAYGBgwHgAAAEAYGBgYAOADgP85+xcYGRg9C0AAlGB3
aOgDAAAAAFNgPDxg0tJMTExMTExMTEwkf//6/97g+v/6DjUAggAAcknpTE1Nj3+PzhISEgMA/xLM
zACA//8BANWAHf0AgAAAAO3AEBISEgMSQAAA8hETEhLMEgAhISEAAABkzMzMIBdlEhIDEkAWAPIR
ExISzMx/qRMSIAMSEgaPAAAEAFv/aIDOEhISAxISEmSPqhwA//8QgBDoEhITEoASGgMSEhIBEgMA
gP8AgCMSsMx/qY+Lj495j49/ABH///9/gNoAEhIkAfoS8RGPHAD///9/gNoSEhIDARsAAAEA9gAS
EgMBGxI0LRITUODwZ2dnbnsgAI8A8/8AAAYAAAPo+YAAE+giIPz//z+z/+9fZ4r///9/HMjOgBIS
DhISEgMSEhISAY+AAAALAwAAAEASEgGPjzIA///wf4D/2H9lzhIBMwMSEhIDEhISExISAwD/EszM
AID//wEAzIAd/QCAAM4SEjMDEhISAxISEhMSEgMA/xLMAAAAAf8BAMyAHf0AAADtwBDoEhITEhLM
zH+PHAD///90gBISEgMSHyADEhIBj48AAP///52AzpqPZI+OEhIS6f//EoOPj4+PAgoi
==29733==ERROR: AddressSanitizer: heap-buffer-overflow on address
0x61100000977f at pc 0x56211a7b6d88 bp 0x7ffd3baee1a0 sp 0x7ffd3baee198
READ of size 1 at 0x61100000977f thread T0
#0 0x56211a7b6d87 in _rl_isearch_dispatch
(/home/dualbus/src/gnu/bash-build/bash+0x22ad87)
#1 0x56211a7b7cae in rl_search_history
(/home/dualbus/src/gnu/bash-build/bash+0x22bcae)
#2 0x56211a7b27ac in rl_reverse_search_history
(/home/dualbus/src/gnu/bash-build/bash+0x2267ac)
#3 0x56211a78830d in _rl_dispatch_subseq
(/home/dualbus/src/gnu/bash-build/bash+0x1fc30d)
#4 0x56211a787ee8 in _rl_dispatch
(/home/dualbus/src/gnu/bash-build/bash+0x1fbee8)
#5 0x56211a787727 in readline_internal_char
(/home/dualbus/src/gnu/bash-build/bash+0x1fb727)
#6 0x56211a7877b9 in readline_internal_charloop
(/home/dualbus/src/gnu/bash-build/bash+0x1fb7b9)
#7 0x56211a7877dd in readline_internal
(/home/dualbus/src/gnu/bash-build/bash+0x1fb7dd)
#8 0x56211a786e93 in readline
(/home/dualbus/src/gnu/bash-build/bash+0x1fae93)
#9 0x56211a742136 in edit_line
(/home/dualbus/src/gnu/bash-build/bash+0x1b6136)
#10 0x56211a73faa4 in read_builtin
(/home/dualbus/src/gnu/bash-build/bash+0x1b3aa4)
#11 0x56211a655c89 in execute_builtin
(/home/dualbus/src/gnu/bash-build/bash+0xc9c89)
#12 0x56211a65789f in execute_builtin_or_function
(/home/dualbus/src/gnu/bash-build/bash+0xcb89f)
#13 0x56211a65511f in execute_simple_command
(/home/dualbus/src/gnu/bash-build/bash+0xc911f)
#14 0x56211a642f42 in execute_command_internal
(/home/dualbus/src/gnu/bash-build/bash+0xb6f42)
#15 0x56211a64b82e in execute_connection
(/home/dualbus/src/gnu/bash-build/bash+0xbf82e)
#16 0x56211a643d17 in execute_command_internal
(/home/dualbus/src/gnu/bash-build/bash+0xb7d17)
#17 0x56211a72d0f4 in parse_and_execute
(/home/dualbus/src/gnu/bash-build/bash+0x1a10f4)
#18 0x56211a60e401 in run_one_command
(/home/dualbus/src/gnu/bash-build/bash+0x82401)
#19 0x56211a60c8da in main (/home/dualbus/src/gnu/bash-build/bash+0x808da)
#20 0x7f4820b292b0 in __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x202b0)
#21 0x56211a60b749 in _start (/home/dualbus/src/gnu/bash-build/bash+0x7f749)
0x61100000977f is located 1 bytes to the left of 256-byte region
[0x611000009780,0x611000009880)
allocated by thread T0 here:
#0 0x7f4821396d28 in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.3+0xc1d28)
#1 0x56211a71bd95 in xmalloc
(/home/dualbus/src/gnu/bash-build/bash+0x18fd95)
#2 0x56211a789220 in readline_initialize_everything
(/home/dualbus/src/gnu/bash-build/bash+0x1fd220)
#3 0x56211a7890c6 in rl_initialize
(/home/dualbus/src/gnu/bash-build/bash+0x1fd0c6)
#4 0x56211a6f6c28 in initialize_readline
(/home/dualbus/src/gnu/bash-build/bash+0x16ac28)
#5 0x56211a742096 in edit_line
(/home/dualbus/src/gnu/bash-build/bash+0x1b6096)
#6 0x56211a73faa4 in read_builtin
(/home/dualbus/src/gnu/bash-build/bash+0x1b3aa4)
#7 0x56211a655c89 in execute_builtin
(/home/dualbus/src/gnu/bash-build/bash+0xc9c89)
#8 0x56211a65789f in execute_builtin_or_function
(/home/dualbus/src/gnu/bash-build/bash+0xcb89f)
#9 0x56211a65511f in execute_simple_command
(/home/dualbus/src/gnu/bash-build/bash+0xc911f)
#10 0x56211a642f42 in execute_command_internal
(/home/dualbus/src/gnu/bash-build/bash+0xb6f42)
#11 0x56211a64b82e in execute_connection
(/home/dualbus/src/gnu/bash-build/bash+0xbf82e)
#12 0x56211a643d17 in execute_command_internal
(/home/dualbus/src/gnu/bash-build/bash+0xb7d17)
#13 0x56211a72d0f4 in parse_and_execute
(/home/dualbus/src/gnu/bash-build/bash+0x1a10f4)
#14 0x56211a60e401 in run_one_command
(/home/dualbus/src/gnu/bash-build/bash+0x82401)
#15 0x56211a60c8da in main (/home/dualbus/src/gnu/bash-build/bash+0x808da)
#16 0x7f4820b292b0 in __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x202b0)
SUMMARY: AddressSanitizer: heap-buffer-overflow
(/home/dualbus/src/gnu/bash-build/bash+0x22ad87) in _rl_isearch_dispatch
Shadow bytes around the buggy address:
0x0c227fff9290: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c227fff92a0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c227fff92b0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c227fff92c0: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00
0x0c227fff92d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0c227fff92e0: 00 00 fa fa fa fa fa fa fa fa fa fa fa fa fa[fa]
0x0c227fff92f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c227fff9300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c227fff9310: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00
0x0c227fff9320: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c227fff9330: 00 00 00 00 00 00 00 00 fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap right redzone: fb
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==29733==ABORTING
INPUT
AAAbLbUA9loQGDIYLhwYGBkYGJgYGBj4FwAYGBgwHgAAAEAYGBgYAOADgP85+xcYGRg9C0AAlGB3
aOgDAAAAAFNgPDxg0tJMTExMTExJTEwkf//6/97g+v/6DjUAggAAcknpTE1Nj3+PzhISEgMA/xLM
zACA//8BANWAHf0AgAAAAO3AEBISEgMSQAAA8hETEhLMEgAhISEAAABkzMzMIBdlgM4SEhIDEhIS
A/hAFgDyERMSEszMf6kTEiADEhIGjwAABABb/3+AzhISEgMSEhJkj6ocAP//EIAQ6BISExKAEhoD
EhISARIDAID/AIAjErDMf6mPi4+PeY+PfwIR////f4DaEhISJAH6EvERjxwA////f4DaEhISAwEb
AAABAPYAEhIDARsSNC0SE1Dg8GdnZ257IACPAPP/AAAGAAAD6PmAAIAAIiD8//8/s//vX2eK////
fxzIyYASEg4SEgGPjzIA///wf4D/2H+AzhISMwMSEhIDEhISExISAwD/EszMAID//wEAzIAd8gCA
AM4SEjMDEhISAxISEhMSEgMA/xLMzACA//8BAMyAHf0AAADtwBDoEhITEhLMzH+PHAD///90gBIS
EgMSHyADEhIBj48AAP///52AzhISEhISAJ32ABISAwEbEjQtEhOPjwMAf1ePZI+OEhIS6f//QIOP
j4+PAgoi
==29734==ERROR: AddressSanitizer: heap-buffer-overflow on address
0x61100000977f at pc 0x5611c6942d88 bp 0x7fffd2ff9ed0 sp 0x7fffd2ff9ec8
READ of size 1 at 0x61100000977f thread T0
#0 0x5611c6942d87 in _rl_isearch_dispatch
(/home/dualbus/src/gnu/bash-build/bash+0x22ad87)
#1 0x5611c6943cae in rl_search_history
(/home/dualbus/src/gnu/bash-build/bash+0x22bcae)
#2 0x5611c693e7ac in rl_reverse_search_history
(/home/dualbus/src/gnu/bash-build/bash+0x2267ac)
#3 0x5611c691430d in _rl_dispatch_subseq
(/home/dualbus/src/gnu/bash-build/bash+0x1fc30d)
#4 0x5611c6913ee8 in _rl_dispatch
(/home/dualbus/src/gnu/bash-build/bash+0x1fbee8)
#5 0x5611c6913727 in readline_internal_char
(/home/dualbus/src/gnu/bash-build/bash+0x1fb727)
#6 0x5611c69137b9 in readline_internal_charloop
(/home/dualbus/src/gnu/bash-build/bash+0x1fb7b9)
#7 0x5611c69137dd in readline_internal
(/home/dualbus/src/gnu/bash-build/bash+0x1fb7dd)
#8 0x5611c6912e93 in readline
(/home/dualbus/src/gnu/bash-build/bash+0x1fae93)
#9 0x5611c68ce136 in edit_line
(/home/dualbus/src/gnu/bash-build/bash+0x1b6136)
#10 0x5611c68cbaa4 in read_builtin
(/home/dualbus/src/gnu/bash-build/bash+0x1b3aa4)
#11 0x5611c67e1c89 in execute_builtin
(/home/dualbus/src/gnu/bash-build/bash+0xc9c89)
#12 0x5611c67e389f in execute_builtin_or_function
(/home/dualbus/src/gnu/bash-build/bash+0xcb89f)
#13 0x5611c67e111f in execute_simple_command
(/home/dualbus/src/gnu/bash-build/bash+0xc911f)
#14 0x5611c67cef42 in execute_command_internal
(/home/dualbus/src/gnu/bash-build/bash+0xb6f42)
#15 0x5611c67d782e in execute_connection
(/home/dualbus/src/gnu/bash-build/bash+0xbf82e)
#16 0x5611c67cfd17 in execute_command_internal
(/home/dualbus/src/gnu/bash-build/bash+0xb7d17)
#17 0x5611c68b90f4 in parse_and_execute
(/home/dualbus/src/gnu/bash-build/bash+0x1a10f4)
#18 0x5611c679a401 in run_one_command
(/home/dualbus/src/gnu/bash-build/bash+0x82401)
#19 0x5611c67988da in main (/home/dualbus/src/gnu/bash-build/bash+0x808da)
#20 0x7f660833e2b0 in __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x202b0)
#21 0x5611c6797749 in _start (/home/dualbus/src/gnu/bash-build/bash+0x7f749)
0x61100000977f is located 1 bytes to the left of 256-byte region
[0x611000009780,0x611000009880)
allocated by thread T0 here:
#0 0x7f6608babd28 in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.3+0xc1d28)
#1 0x5611c68a7d95 in xmalloc
(/home/dualbus/src/gnu/bash-build/bash+0x18fd95)
#2 0x5611c6915220 in readline_initialize_everything
(/home/dualbus/src/gnu/bash-build/bash+0x1fd220)
#3 0x5611c69150c6 in rl_initialize
(/home/dualbus/src/gnu/bash-build/bash+0x1fd0c6)
#4 0x5611c6882c28 in initialize_readline
(/home/dualbus/src/gnu/bash-build/bash+0x16ac28)
#5 0x5611c68ce096 in edit_line
(/home/dualbus/src/gnu/bash-build/bash+0x1b6096)
#6 0x5611c68cbaa4 in read_builtin
(/home/dualbus/src/gnu/bash-build/bash+0x1b3aa4)
#7 0x5611c67e1c89 in execute_builtin
(/home/dualbus/src/gnu/bash-build/bash+0xc9c89)
#8 0x5611c67e389f in execute_builtin_or_function
(/home/dualbus/src/gnu/bash-build/bash+0xcb89f)
#9 0x5611c67e111f in execute_simple_command
(/home/dualbus/src/gnu/bash-build/bash+0xc911f)
#10 0x5611c67cef42 in execute_command_internal
(/home/dualbus/src/gnu/bash-build/bash+0xb6f42)
#11 0x5611c67d782e in execute_connection
(/home/dualbus/src/gnu/bash-build/bash+0xbf82e)
#12 0x5611c67cfd17 in execute_command_internal
(/home/dualbus/src/gnu/bash-build/bash+0xb7d17)
#13 0x5611c68b90f4 in parse_and_execute
(/home/dualbus/src/gnu/bash-build/bash+0x1a10f4)
#14 0x5611c679a401 in run_one_command
(/home/dualbus/src/gnu/bash-build/bash+0x82401)
#15 0x5611c67988da in main (/home/dualbus/src/gnu/bash-build/bash+0x808da)
#16 0x7f660833e2b0 in __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x202b0)
SUMMARY: AddressSanitizer: heap-buffer-overflow
(/home/dualbus/src/gnu/bash-build/bash+0x22ad87) in _rl_isearch_dispatch
Shadow bytes around the buggy address:
0x0c227fff9290: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c227fff92a0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c227fff92b0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c227fff92c0: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00
0x0c227fff92d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0c227fff92e0: 00 00 fa fa fa fa fa fa fa fa fa fa fa fa fa[fa]
0x0c227fff92f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c227fff9300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c227fff9310: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00
0x0c227fff9320: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c227fff9330: 00 00 00 00 00 00 00 00 fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap right redzone: fb
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==29734==ABORTING
INPUT
AAAbLbUA9loQGDIYLhwYGBkYGJgYGBj4FwAYGBgwHgAAAEAYGBgYAOADgP85+xcYGRg9C0AAlGB3
aOgDAAAAAFNgPDxg0tJMTExMTExMTEwkf//6/97g+v/6DjUAggAAcknpTE1Nj3+PzhISEgMA/xLM
zACA//8BANWAHf0AgAAAAO3AEBISEgMSQAAA8hETEhLMEgAhISEAAABkzMzMIBdlgM4SEhIDEhIS
AxJAFgDyERMSEszMf6kTEiADEhIGjwAABABb/3+AzhIS/wASEhJkj6ocAP//EIAQ6BISExKAEhoD
EhISARIDAID/AIAjErDMf6mPi4+PeY+PfwAR////f4DaEhISJAH6EvERjxwA////f4DaEhISAwEb
AAABAPYAEhIDARsSNC0SE1Dg8GdnZ257IACPAPP/AAAGAAAD6PmAABPoIiD8//8/s//vX2eK////
fxzIzoASEg4SEhIDEhISEgGPgAAACwMAAABAEhIBj48yAP//8H+A/9h/gM4SEjMDEhISAxISEhMS
EgMA/xLMzACA//8BAMyAHf0AgADOEhIzAxISEgMSEhITEhIDAP8SzMwAgP//AQDMgB39AAAA7cAQ
6BISExISzMx/jxwA////dIASEhIDEh8gAxISAY+PAAD///+dgM4SEhISEgCd9gASEgMBGxI0LRIT
gI8DAH9Xj2SPjhISEun//xKDj4+PjwIKIg==
--
Eduardo Bustamante
https://dualbus.me/
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- AddressSanitizer: heap-buffer-overflow in rl_search_history,
Eduardo Bustamante <=