Here's a full stack trace and error message from address sanitizer:
==14915==ERROR: AddressSanitizer: attempting free on address which was not malloc()-ed: 0x61d00001e1f0 in thread T0
#0 0x4c2020 in __interceptor_free (/mnt/ram/mawk/mawk+0x4c2020)
#1 0x554df9 in zfree /tmp/mawk-1.3.4-20160918/zmalloc.c:312:2
#2 0x5111e1 in execute /tmp/mawk-1.3.4-20160918/execute.c:486:6
#3 0x50ca4d in main /tmp/mawk-1.3.4-20160918/main.c:99:5
#4 0x7f839f5ac78f in __libc_start_main /var/tmp/portage/sys-libs/glibc-2.23-r2/work/glibc-2.23/csu/../csu/libc-start.c:289
#5 0x41a408 in _start (/mnt/ram/mawk/mawk+0x41a408)
0x61d00001e1f0 is located 368 bytes inside of 2048-byte region [0x61d00001e080,0x61d00001e880)
allocated by thread T0 here:
#0 0x4c2328 in __interceptor_malloc (/mnt/ram/mawk/mawk+0x4c2328)
#1 0x554b62 in zmalloc /tmp/mawk-1.3.4-20160918/zmalloc.c:282:28
#2 0x525d80 in process_cmdline /tmp/mawk-1.3.4-20160918/init.c:490:2
#3 0x525d80 in initialize /tmp/mawk-1.3.4-20160918/init.c:86
#4 0x50c850 in main /tmp/mawk-1.3.4-20160918/main.c:75:5
SUMMARY: AddressSanitizer: bad-free (/mnt/ram/mawk/mawk+0x4c2020) in __interceptor_free
==14915==ABORTING
This script causes an invalid free in mawk:
I'll attach a zip-ed version. This was found with the help of american fuzzy lop. mawk-invalid-free-execute.zip
Here's a full stack trace and error message from address sanitizer: