Closed 5hadowblad3 closed 4 years ago
given that this is likely related to the other "use-after-free" occurrences in emonics, it is better to just list them in the same issue. No need to file different issues
they seem addressed in the debug branch, but reproduce in the master. The debug branch has addressed bugs in emonics so the master is behind on this functionality.
As noted before: bugs that are triggered by smt.arith.solver = 6 are only relevant to test against the debug branch at this point. Therefore closing as it seems fixed in Debug.
Hi, there.
There is a use after free issue that causes segmentation fault using z3. It might also become exploitable since it can modify the memory space.
To reproduce this issue, simply run z3 poc.smt2
z3-uaf_emonics90.smt2.zip
OS: Ubuntu 16.06 commit 6ad261e
Here is the trace reported by ASAN.