invalid free on malformed input

[hannob]

This script causes an invalid free in mawk:

BEGIN{ARGV[1]="/dev/null"x
ARGV[3]="/dev/null"
ARGC=4}END{ARGV[1]}

I'll attach a zip-ed version. This was found with the help of american fuzzy lop. mawk-invalid-free-execute.zip

Here's a full stack trace and error message from address sanitizer:

==14915==ERROR: AddressSanitizer: attempting free on address which was not malloc()-ed: 0x61d00001e1f0 in thread T0
    #0 0x4c2020 in __interceptor_free (/mnt/ram/mawk/mawk+0x4c2020)
    #1 0x554df9 in zfree /tmp/mawk-1.3.4-20160918/zmalloc.c:312:2
    #2 0x5111e1 in execute /tmp/mawk-1.3.4-20160918/execute.c:486:6
    #3 0x50ca4d in main /tmp/mawk-1.3.4-20160918/main.c:99:5
    #4 0x7f839f5ac78f in __libc_start_main /var/tmp/portage/sys-libs/glibc-2.23-r2/work/glibc-2.23/csu/../csu/libc-start.c:289
    #5 0x41a408 in _start (/mnt/ram/mawk/mawk+0x41a408)

0x61d00001e1f0 is located 368 bytes inside of 2048-byte region [0x61d00001e080,0x61d00001e880)
allocated by thread T0 here:
    #0 0x4c2328 in __interceptor_malloc (/mnt/ram/mawk/mawk+0x4c2328)
    #1 0x554b62 in zmalloc /tmp/mawk-1.3.4-20160918/zmalloc.c:282:28
    #2 0x525d80 in process_cmdline /tmp/mawk-1.3.4-20160918/init.c:490:2
    #3 0x525d80 in initialize /tmp/mawk-1.3.4-20160918/init.c:86
    #4 0x50c850 in main /tmp/mawk-1.3.4-20160918/main.c:75:5

SUMMARY: AddressSanitizer: bad-free (/mnt/ram/mawk/mawk+0x4c2020) in __interceptor_free
==14915==ABORTING

[ThomasDickey]

I can reproduce this one (thanks)

[ThomasDickey]

I uploaded a fixed version (20160927)