search

janstarke / rexgen

API Documentation
https://github.com/janstarke/rexgen/blob/master/doc/api.md
GNU General Public License v2.0
52 stars 21 forks source link

segfault in updateReferences #71

Closed janstarke closed 2 years ago

janstarke commented 2 years ago

Additional segfault info:

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff7b5a8b3 in rexgen::IteratorContainer::updateReferences(rexgen::IteratorState&) () from /usr/local/lib/librexgen.so.2.1
Missing separate debuginfos, use: dnf debuginfo-install gmp-6.2.0-7.fc35.x86_64 ocl-icd-2.3.0-2.fc35.x86_64 openssl-libs-1.1.1l-2.fc35.x86_64 zlib-1.2.11-30.fc35.x86_64
(gdb) bt
#0  0x00007ffff7b5a8b3 in rexgen::IteratorContainer::updateReferences(rexgen::IteratorState&) () from /usr/local/lib/librexgen.so.2.1
#1  0x00007ffff7b60a84 in rexgen::TopIterator::TopIterator(std::shared_ptr<rexgen::Regex>&) () from /usr/local/lib/librexgen.so.2.1
#2  0x00007ffff7b61b85 in c_regex_iterator () from /usr/local/lib/librexgen.so.2.1
#3  0x00000000006feaec in do_regex_hybrid_crack (db=db@entry=0x201f9e0 <database>, regex=0x214fff8 "\\01[23]", base_word=0x7fffffffaa80 "123456", regex_case=<optimized out>, regex_alpha=0x0) at regex.c:233
#4  0x00000000006e0155 in do_wordlist_crack (db=db@entry=0x201f9e0 <database>, name=<optimized out>, rules=0) at wordlist.c:1294
#5  0x00000000006b5979 in john_run () at john.c:1809
#6  main (argc=<optimized out>, argv=<optimized out>) at john.c:2082
(gdb)

Originally posted by @frank-dittrich in https://github.com/openwall/john/issues/4905#issuecomment-983364741

magnumripper commented 2 years ago

I have a similar but a tad simpler case

$ ./john -stdout -w -regex='ab\d\0' 
Using default input encoding: UTF-8
Proceeding with wordlist:../run/password.lst
Segmentation fault: 11

Same with rexgen alone:

$ rexgen -f password.lst 'ab\d\0' 
Segmentation fault: 11

Backtrace from the latter (they are similar)

(lldb) bt
* thread #1, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x0)
  * frame #0: 0x00000001002029d3 librexgen.2.1.4.dylib`rexgen::IteratorContainer::updateReferences(rexgen::IteratorState&) + 35
    frame #1: 0x00000001002074a3 librexgen.2.1.4.dylib`rexgen::TopIterator::TopIterator(std::__1::shared_ptr<rexgen::Regex>&) + 243
    frame #2: 0x0000000100207fff librexgen.2.1.4.dylib`c_regex_iterator + 143
    frame #3: 0x000000010000477a rexgen`main + 362
    frame #4: 0x00000001000194fe dyld`start + 462