radareorg / radare2

UNIX-like reverse engineering framework and command-line toolset
https://www.radare.org/
GNU Lesser General Public License v3.0
20.63k stars 3k forks source link

r2confuzz'd crashes #11407

Closed fcasal closed 6 years ago

fcasal commented 6 years ago

Several crashes follow:

Backtraces:

$ r2 -c '?btw 1 1 1' /bin/ls
=================================================================
==27792==ERROR: AddressSanitizer: attempting free on address which was not malloc()-ed: 0x602000093eb5 in thread T0
    #0 0x7f5aca39932a in __interceptor_free (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x9832a)
    #1 0x7f5ac4749c53 in r_list_delete /home/mandlebro/Documents/repos/radare2/libr/util/list.c:93
    #2 0x7f5ac4749a21 in r_list_purge /home/mandlebro/Documents/repos/radare2/libr/util/list.c:62
    #3 0x7f5ac4749ab3 in r_list_free /home/mandlebro/Documents/repos/radare2/libr/util/list.c:72
    #4 0x7f5ac47218f3 in r_num_between /home/mandlebro/Documents/repos/radare2/libr/util/unum.c:708
    #5 0x7f5ac9d97eb5 in cmd_help /home/mandlebro/Documents/repos/radare2/libr/core/cmd_help.c:403
    #6 0x7f5ac9e6ad0f in r_cmd_call /home/mandlebro/Documents/repos/radare2/libr/core/cmd_api.c:237
    #7 0x7f5ac9dcb824 in r_core_cmd_subst_i /home/mandlebro/Documents/repos/radare2/libr/core/cmd.c:2918
    #8 0x7f5ac9dc492c in r_core_cmd_subst /home/mandlebro/Documents/repos/radare2/libr/core/cmd.c:1930
    #9 0x7f5ac9dd0c8b in r_core_cmd /home/mandlebro/Documents/repos/radare2/libr/core/cmd.c:3622
    #10 0x55bba2768783 in run_commands /home/mandlebro/Documents/repos/radare2/binr/radare2/radare2.c:366
    #11 0x55bba276d7ae in main /home/mandlebro/Documents/repos/radare2/binr/radare2/radare2.c:1345
    #12 0x7f5ac40ad82f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
    #13 0x55bba2767128 in _start (/home/mandlebro/Documents/repos/radare2/binr/radare2/radare2+0x7128)

0x602000093eb5 is located 5 bytes inside of 7-byte region [0x602000093eb0,0x602000093eb7)
freed by thread T0 here:
    #0 0x7f5aca39932a in __interceptor_free (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x9832a)
    #1 0x7f5ac47218e4 in r_num_between /home/mandlebro/Documents/repos/radare2/libr/util/unum.c:707
    #2 0x7f5ac9d97eb5 in cmd_help /home/mandlebro/Documents/repos/radare2/libr/core/cmd_help.c:403
    #3 0x7f5ac9e6ad0f in r_cmd_call /home/mandlebro/Documents/repos/radare2/libr/core/cmd_api.c:237
    #4 0x7f5ac9dcb824 in r_core_cmd_subst_i /home/mandlebro/Documents/repos/radare2/libr/core/cmd.c:2918
    #5 0x7f5ac9dc492c in r_core_cmd_subst /home/mandlebro/Documents/repos/radare2/libr/core/cmd.c:1930
    #6 0x7f5ac9dd0c8b in r_core_cmd /home/mandlebro/Documents/repos/radare2/libr/core/cmd.c:3622
    #7 0x55bba2768783 in run_commands /home/mandlebro/Documents/repos/radare2/binr/radare2/radare2.c:366
    #8 0x55bba276d7ae in main /home/mandlebro/Documents/repos/radare2/binr/radare2/radare2.c:1345
    #9 0x7f5ac40ad82f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)

previously allocated by thread T0 here:
    #0 0x7f5aca36334f in strdup (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x6234f)
    #1 0x7f5ac472180a in r_num_between /home/mandlebro/Documents/repos/radare2/libr/util/unum.c:698
    #2 0x7f5ac9d97eb5 in cmd_help /home/mandlebro/Documents/repos/radare2/libr/core/cmd_help.c:403
    #3 0x7f5ac9e6ad0f in r_cmd_call /home/mandlebro/Documents/repos/radare2/libr/core/cmd_api.c:237
    #4 0x7f5ac9dcb824 in r_core_cmd_subst_i /home/mandlebro/Documents/repos/radare2/libr/core/cmd.c:2918
    #5 0x7f5ac9dc492c in r_core_cmd_subst /home/mandlebro/Documents/repos/radare2/libr/core/cmd.c:1930
    #6 0x7f5ac9dd0c8b in r_core_cmd /home/mandlebro/Documents/repos/radare2/libr/core/cmd.c:3622
    #7 0x55bba2768783 in run_commands /home/mandlebro/Documents/repos/radare2/binr/radare2/radare2.c:366
    #8 0x55bba276d7ae in main /home/mandlebro/Documents/repos/radare2/binr/radare2/radare2.c:1345
    #9 0x7f5ac40ad82f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)

SUMMARY: AddressSanitizer: bad-free ??:0 __interceptor_free
==27792==ABORTING

$r2 -c '@x:909192;/Cr;' -
Searching 0 byte in [0x0-0x200]
=================================================================
==28248==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60200005d7b3 at pc 0x7f8e8497c6c6 bp 0x7ffc03220640 sp 0x7ffc0321fde8
READ of size 4 at 0x60200005d7b3 thread T0
    #0 0x7f8e8497c6c5 in memcmp (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x776c5)
    #1 0x7f8e83c41fcf in r_search_rsa_update /home/mandlebro/Documents/repos/radare2/libr/search/rsa-find.c:53
    #2 0x7f8e843b5cd6 in do_string_search /home/mandlebro/Documents/repos/radare2/libr/core/cmd_search.c:2199
    #3 0x7f8e843be694 in cmd_search /home/mandlebro/Documents/repos/radare2/libr/core/cmd_search.c:3381
    #4 0x7f8e8446ed0f in r_cmd_call /home/mandlebro/Documents/repos/radare2/libr/core/cmd_api.c:237
    #5 0x7f8e843cf824 in r_core_cmd_subst_i /home/mandlebro/Documents/repos/radare2/libr/core/cmd.c:2918
    #6 0x7f8e843c892c in r_core_cmd_subst /home/mandlebro/Documents/repos/radare2/libr/core/cmd.c:1930
    #7 0x7f8e843c8ca8 in r_core_cmd_subst /home/mandlebro/Documents/repos/radare2/libr/core/cmd.c:1958
    #8 0x7f8e843d4c8b in r_core_cmd /home/mandlebro/Documents/repos/radare2/libr/core/cmd.c:3622
    #9 0x558f88da9783 in run_commands /home/mandlebro/Documents/repos/radare2/binr/radare2/radare2.c:366
    #10 0x558f88dae7ae in main /home/mandlebro/Documents/repos/radare2/binr/radare2/radare2.c:1345
    #11 0x7f8e7e6b182f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
    #12 0x558f88da8128 in _start (/home/mandlebro/Documents/repos/radare2/binr/radare2/radare2+0x7128)

0x60200005d7b3 is located 0 bytes to the right of 3-byte region [0x60200005d7b0,0x60200005d7b3)
allocated by thread T0 here:
    #0 0x7f8e8499d662 in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x98662)
    #1 0x7f8e843b537d in do_string_search /home/mandlebro/Documents/repos/radare2/libr/core/cmd_search.c:2140
    #2 0x7f8e843be694 in cmd_search /home/mandlebro/Documents/repos/radare2/libr/core/cmd_search.c:3381
    #3 0x7f8e8446ed0f in r_cmd_call /home/mandlebro/Documents/repos/radare2/libr/core/cmd_api.c:237
    #4 0x7f8e843cf824 in r_core_cmd_subst_i /home/mandlebro/Documents/repos/radare2/libr/core/cmd.c:2918
    #5 0x7f8e843c892c in r_core_cmd_subst /home/mandlebro/Documents/repos/radare2/libr/core/cmd.c:1930
    #6 0x7f8e843c8ca8 in r_core_cmd_subst /home/mandlebro/Documents/repos/radare2/libr/core/cmd.c:1958
    #7 0x7f8e843d4c8b in r_core_cmd /home/mandlebro/Documents/repos/radare2/libr/core/cmd.c:3622
    #8 0x558f88da9783 in run_commands /home/mandlebro/Documents/repos/radare2/binr/radare2/radare2.c:366
    #9 0x558f88dae7ae in main /home/mandlebro/Documents/repos/radare2/binr/radare2/radare2.c:1345
    #10 0x7f8e7e6b182f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)

SUMMARY: AddressSanitizer: heap-buffer-overflow ??:0 memcmp
Shadow bytes around the buggy address:
  0x0c0480003aa0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c0480003ab0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c0480003ac0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c0480003ad0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c0480003ae0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
=>0x0c0480003af0: fa fa fa fa fa fa[03]fa fa fa 02 fa fa fa fd fa
  0x0c0480003b00: fa fa 07 fa fa fa 03 fa fa fa 01 fa fa fa 05 fa
  0x0c0480003b10: fa fa 04 fa fa fa fd fa fa fa fd fa fa fa 00 07
  0x0c0480003b20: fa fa fd fa fa fa fd fa fa fa fd fa fa fa fd fa
  0x0c0480003b30: fa fa fd fd fa fa fd fd fa fa 00 fa fa fa 04 fa
  0x0c0480003b40: fa fa 07 fa fa fa 00 01 fa fa 00 01 fa fa 00 05
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Heap right redzone:      fb
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack partial redzone:   f4
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
==28248==ABORTING

$ r2 -c '?btw 44444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444 44444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444 44444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444 44444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444;' -
=================================================================
==28922==ERROR: AddressSanitizer: attempting free on address which was not malloc()-ed: 0x61d000025283 in thread T0
    #0 0x7f9ed29e132a in __interceptor_free (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x9832a)
    #1 0x7f9eccd91c53 in r_list_delete /home/mandlebro/Documents/repos/radare2/libr/util/list.c:93
    #2 0x7f9eccd91a21 in r_list_purge /home/mandlebro/Documents/repos/radare2/libr/util/list.c:62
    #3 0x7f9eccd91ab3 in r_list_free /home/mandlebro/Documents/repos/radare2/libr/util/list.c:72
    #4 0x7f9eccd698f3 in r_num_between /home/mandlebro/Documents/repos/radare2/libr/util/unum.c:708
    #5 0x7f9ed23dfeb5 in cmd_help /home/mandlebro/Documents/repos/radare2/libr/core/cmd_help.c:403
    #6 0x7f9ed24b2d0f in r_cmd_call /home/mandlebro/Documents/repos/radare2/libr/core/cmd_api.c:237
    #7 0x7f9ed2413824 in r_core_cmd_subst_i /home/mandlebro/Documents/repos/radare2/libr/core/cmd.c:2918
    #8 0x7f9ed240c92c in r_core_cmd_subst /home/mandlebro/Documents/repos/radare2/libr/core/cmd.c:1930
    #9 0x7f9ed2418c8b in r_core_cmd /home/mandlebro/Documents/repos/radare2/libr/core/cmd.c:3622
    #10 0x55caa56a5783 in run_commands /home/mandlebro/Documents/repos/radare2/binr/radare2/radare2.c:366
    #11 0x55caa56aa7ae in main /home/mandlebro/Documents/repos/radare2/binr/radare2/radare2.c:1345
    #12 0x7f9ecc6f582f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
    #13 0x55caa56a4128 in _start (/home/mandlebro/Documents/repos/radare2/binr/radare2/radare2+0x7128)

0x61d000025283 is located 1027 bytes inside of 2053-byte region [0x61d000024e80,0x61d000025685)
freed by thread T0 here:
    #0 0x7f9ed29e132a in __interceptor_free (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x9832a)
    #1 0x7f9eccd698e4 in r_num_between /home/mandlebro/Documents/repos/radare2/libr/util/unum.c:707
    #2 0x7f9ed23dfeb5 in cmd_help /home/mandlebro/Documents/repos/radare2/libr/core/cmd_help.c:403
    #3 0x7f9ed24b2d0f in r_cmd_call /home/mandlebro/Documents/repos/radare2/libr/core/cmd_api.c:237
    #4 0x7f9ed2413824 in r_core_cmd_subst_i /home/mandlebro/Documents/repos/radare2/libr/core/cmd.c:2918
    #5 0x7f9ed240c92c in r_core_cmd_subst /home/mandlebro/Documents/repos/radare2/libr/core/cmd.c:1930
    #6 0x7f9ed2418c8b in r_core_cmd /home/mandlebro/Documents/repos/radare2/libr/core/cmd.c:3622
    #7 0x55caa56a5783 in run_commands /home/mandlebro/Documents/repos/radare2/binr/radare2/radare2.c:366
    #8 0x55caa56aa7ae in main /home/mandlebro/Documents/repos/radare2/binr/radare2/radare2.c:1345
    #9 0x7f9ecc6f582f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)

previously allocated by thread T0 here:
    #0 0x7f9ed29ab34f in strdup (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x6234f)
    #1 0x7f9eccd6980a in r_num_between /home/mandlebro/Documents/repos/radare2/libr/util/unum.c:698
    #2 0x7f9ed23dfeb5 in cmd_help /home/mandlebro/Documents/repos/radare2/libr/core/cmd_help.c:403
    #3 0x7f9ed24b2d0f in r_cmd_call /home/mandlebro/Documents/repos/radare2/libr/core/cmd_api.c:237
    #4 0x7f9ed2413824 in r_core_cmd_subst_i /home/mandlebro/Documents/repos/radare2/libr/core/cmd.c:2918
    #5 0x7f9ed240c92c in r_core_cmd_subst /home/mandlebro/Documents/repos/radare2/libr/core/cmd.c:1930
    #6 0x7f9ed2418c8b in r_core_cmd /home/mandlebro/Documents/repos/radare2/libr/core/cmd.c:3622
    #7 0x55caa56a5783 in run_commands /home/mandlebro/Documents/repos/radare2/binr/radare2/radare2.c:366
    #8 0x55caa56aa7ae in main /home/mandlebro/Documents/repos/radare2/binr/radare2/radare2.c:1345
    #9 0x7f9ecc6f582f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)

SUMMARY: AddressSanitizer: bad-free ??:0 __interceptor_free
==28922==ABORTING

$ r2 -c 'drw 22222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222  22222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222;' -
=================================================================
==29024==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7fff98102e70 at pc 0x7fa110801011 bp 0x7fff98102990 sp 0x7fff98102980
WRITE of size 1 at 0x7fff98102e70 thread T0
    #0 0x7fa110801010 in cin_get_num /home/mandlebro/Documents/repos/radare2/libr/util/calc.c:230
    #1 0x7fa110801a9e in get_token /home/mandlebro/Documents/repos/radare2/libr/util/calc.c:312
    #2 0x7fa1108027f7 in r_num_calc /home/mandlebro/Documents/repos/radare2/libr/util/calc.c:390
    #3 0x7fa1107adf6c in r_num_math /home/mandlebro/Documents/repos/radare2/libr/util/unum.c:383
    #4 0x7fa1107af87f in r_num_between /home/mandlebro/Documents/repos/radare2/libr/util/unum.c:705
    #5 0x7fa115e25eb5 in cmd_help /home/mandlebro/Documents/repos/radare2/libr/core/cmd_help.c:403
    #6 0x7fa115ef8d0f in r_cmd_call /home/mandlebro/Documents/repos/radare2/libr/core/cmd_api.c:237
    #7 0x7fa115e59824 in r_core_cmd_subst_i /home/mandlebro/Documents/repos/radare2/libr/core/cmd.c:2918
    #8 0x7fa115e5292c in r_core_cmd_subst /home/mandlebro/Documents/repos/radare2/libr/core/cmd.c:1930
    #9 0x7fa115e5ec8b in r_core_cmd /home/mandlebro/Documents/repos/radare2/libr/core/cmd.c:3622
    #10 0x5644815ba783 in run_commands /home/mandlebro/Documents/repos/radare2/binr/radare2/radare2.c:366
    #11 0x5644815bf7ae in main /home/mandlebro/Documents/repos/radare2/binr/radare2/radare2.c:1345
    #12 0x7fa11013b82f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
    #13 0x5644815b9128 in _start (/home/mandlebro/Documents/repos/radare2/binr/radare2/radare2+0x7128)

Address 0x7fff98102e70 is located in stack of thread T0 at offset 1184 in frame
    #0 0x7fa110800d84 in cin_get_num /home/mandlebro/Documents/repos/radare2/libr/util/calc.c:215

  This frame has 3 object(s):
    [32, 33) 'c'
    [96, 104) 'd'
    [160, 1184) 'str' <== Memory access at offset 1184 overflows this variable
HINT: this may be a false positive if your program uses some custom stack unwind mechanism or swapcontext
      (longjmp and C++ exceptions *are* supported)
SUMMARY: AddressSanitizer: stack-buffer-overflow /home/mandlebro/Documents/repos/radare2/libr/util/calc.c:230 cin_get_num
Shadow bytes around the buggy address:
  0x100073018570: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x100073018580: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x100073018590: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x1000730185a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x1000730185b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x1000730185c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00[f3]f3
  0x1000730185d0: f3 f3 f3 f3 f3 f3 00 00 00 00 00 00 00 00 00 00
  0x1000730185e0: 00 00 00 00 f1 f1 f1 f1 01 f4 f4 f4 f2 f2 f2 f2
  0x1000730185f0: 01 f4 f4 f4 f3 f3 f3 f3 00 00 00 00 00 00 00 00
  0x100073018600: 00 00 00 00 f1 f1 f1 f1 00 00 f4 f4 f2 f2 f2 f2
  0x100073018610: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Heap right redzone:      fb
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack partial redzone:   f4
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
==29024==ABORTING

$ r2 -c 'arw 22222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222   22222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222;' -
=================================================================
==29091==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x61600000b681 at pc 0x7f8502c77960 bp 0x7fffe66d4a50 sp 0x7fffe66d4a40
READ of size 1 at 0x61600000b681 thread T0
    #0 0x7f8502c7795f in r_hex_to_byte /home/mandlebro/Documents/repos/radare2/libr/util/hex.c:10
    #1 0x7f8502c7a504 in r_hex_str2bin /home/mandlebro/Documents/repos/radare2/libr/util/hex.c:412
    #2 0x7f8505ae4058 in r_reg_arena_set_bytes /home/mandlebro/Documents/repos/radare2/libr/reg/arena.c:302
    #3 0x7f85082670b3 in cmd_anal_reg /home/mandlebro/Documents/repos/radare2/libr/core/cmd_anal.c:3038
    #4 0x7f850828894c in cmd_anal /home/mandlebro/Documents/repos/radare2/libr/core/cmd_anal.c:7379
    #5 0x7f85083afd0f in r_cmd_call /home/mandlebro/Documents/repos/radare2/libr/core/cmd_api.c:237
    #6 0x7f8508310824 in r_core_cmd_subst_i /home/mandlebro/Documents/repos/radare2/libr/core/cmd.c:2918
    #7 0x7f850830992c in r_core_cmd_subst /home/mandlebro/Documents/repos/radare2/libr/core/cmd.c:1930
    #8 0x7f8508315c8b in r_core_cmd /home/mandlebro/Documents/repos/radare2/libr/core/cmd.c:3622
    #9 0x564fb8caf783 in run_commands /home/mandlebro/Documents/repos/radare2/binr/radare2/radare2.c:366
    #10 0x564fb8cb47ae in main /home/mandlebro/Documents/repos/radare2/binr/radare2/radare2.c:1345
    #11 0x7f85025f282f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
    #12 0x564fb8cae128 in _start (/home/mandlebro/Documents/repos/radare2/binr/radare2/radare2+0x7128)

0x61600000b681 is located 0 bytes to the right of 513-byte region [0x61600000b480,0x61600000b681)
allocated by thread T0 here:
    #0 0x7f85088de662 in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x98662)
    #1 0x7f8505ae3fe9 in r_reg_arena_set_bytes /home/mandlebro/Documents/repos/radare2/libr/reg/arena.c:297
    #2 0x7f85082670b3 in cmd_anal_reg /home/mandlebro/Documents/repos/radare2/libr/core/cmd_anal.c:3038
    #3 0x7f850828894c in cmd_anal /home/mandlebro/Documents/repos/radare2/libr/core/cmd_anal.c:7379
    #4 0x7f85083afd0f in r_cmd_call /home/mandlebro/Documents/repos/radare2/libr/core/cmd_api.c:237
    #5 0x7f8508310824 in r_core_cmd_subst_i /home/mandlebro/Documents/repos/radare2/libr/core/cmd.c:2918
    #6 0x7f850830992c in r_core_cmd_subst /home/mandlebro/Documents/repos/radare2/libr/core/cmd.c:1930
    #7 0x7f8508315c8b in r_core_cmd /home/mandlebro/Documents/repos/radare2/libr/core/cmd.c:3622
    #8 0x564fb8caf783 in run_commands /home/mandlebro/Documents/repos/radare2/binr/radare2/radare2.c:366
    #9 0x564fb8cb47ae in main /home/mandlebro/Documents/repos/radare2/binr/radare2/radare2.c:1345
    #10 0x7f85025f282f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)

SUMMARY: AddressSanitizer: heap-buffer-overflow /home/mandlebro/Documents/repos/radare2/libr/util/hex.c:10 r_hex_to_byte
Shadow bytes around the buggy address:
  0x0c2c7fff9680: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c2c7fff9690: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c2c7fff96a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c2c7fff96b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c2c7fff96c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0c2c7fff96d0:[01]fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c2c7fff96e0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c2c7fff96f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c2c7fff9700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c2c7fff9710: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c2c7fff9720: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Heap right redzone:      fb
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack partial redzone:   f4
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
==29091==ABORTING
bannsec commented 6 years ago

Found similar (same?) ASAN error:

rax2 0xaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa

==43976==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7fff479af000 at pc 0x7f71a2ae12bd bp 0x7fff479aebb0 sp 0x7fff479aeba8
WRITE of size 1 at 0x7fff479af000 thread T0
    #0 0x7f71a2ae12bc in cin_get_num /home/angr/opt/radare2/libr/util/calc.c:230:9
    #1 0x7f71a2ae12bc in get_token /home/angr/opt/radare2/libr/util/calc.c:312
    #2 0x7f71a2add77f in r_num_calc /home/angr/opt/radare2/libr/util/calc.c:390:2
    #3 0x7f71a2a037a1 in r_num_math /home/angr/opt/radare2/libr/util/unum.c:383:8
    #4 0x55d525597f27 in format_output /home/angr/opt/radare2/binr/rax2/rax2.c:23:11
    #5 0x55d525596396 in rax /home/angr/opt/radare2/binr/rax2/rax2.c:530:3
    #6 0x55d5255937e1 in main /home/angr/opt/radare2/binr/rax2/rax2.c:578:4
    #7 0x7f71a1b5bb96 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b96)
    #8 0x55d52549b309 in _start (/home/angr/opt/radare2/binr/rax2/rax2+0x1d309)

Address 0x7fff479af000 is located in stack of thread T0 at offset 1088 in frame
    #0 0x7f71a2addccf in get_token /home/angr/opt/radare2/libr/util/calc.c:244

  This frame has 2 object(s):
    [32, 40) 'd.i' (line 216)
    [64, 1088) 'str.i' (line 217) <== Memory access at offset 1088 overflows this variable
HINT: this may be a false positive if your program uses some custom stack unwind mechanism or swapcontext
      (longjmp and C++ exceptions *are* supported)
SUMMARY: AddressSanitizer: stack-buffer-overflow /home/angr/opt/radare2/libr/util/calc.c:230:9 in cin_get_num
Shadow bytes around the buggy address:
  0x100068f2ddb0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x100068f2ddc0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x100068f2ddd0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x100068f2dde0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x100068f2ddf0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x100068f2de00:[f3]f3 f3 f3 f3 f3 f3 f3 f3 f3 f3 f3 f3 f3 f3 f3
  0x100068f2de10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x100068f2de20: 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1
  0x100068f2de30: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x100068f2de40: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x100068f2de50: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==43976==ABORTING

EDIT: Using the latest pull as of right now. Can't get a -v because.. more errors:

r2 --version
=================================================================
==44092==ERROR: AddressSanitizer: odr-violation (0x7f96c112b3a0):
  [1] size=7128 'JAVA_OPS' ops.c:7:22
  [2] size=7128 'JAVA_OPS' ops.c:7:22
These globals were registered at these points:
  [1]:
    #0 0x5644cfd58dc0 in __asan_register_globals.part.11 (/home/angr/opt/radare2/binr/radare2/radare2+0x3adc0)
    #1 0x7f96c04707c3 in asan.module_ctor (/home/angr/bin/prefix/radare2/lib/libr_anal.so+0x90e7c3)

  [2]:
    #0 0x5644cfd58dc0 in __asan_register_globals.part.11 (/home/angr/opt/radare2/binr/radare2/radare2+0x3adc0)
    #1 0x7f96bdd7b9b3 in asan.module_ctor (/home/angr/bin/prefix/radare2/lib/libr_asm.so+0xb869b3)

==44092==HINT: if you don't care about these errors you may set ASAN_OPTIONS=detect_odr_violation=0
SUMMARY: AddressSanitizer: odr-violation: global 'JAVA_OPS' at ops.c:7:22
==44092==ABORTING
mscherer commented 6 years ago

@bannsec I can't reproduce the issue with odr-violation, have you done a make clean before ?

I can reproduce the other however (the rax one)

bannsec commented 6 years ago

Yep, make clean and dist clean. Maybe an older version of the sans? Compiled using version that comes with shellphish/mechaphish

On Wed, Sep 12, 2018, 4:45 AM Michael Scherer notifications@github.com wrote:

@bannsec https://github.com/bannsec I can't reproduce the issue with odr-violation, have you done a make clean before ?

I can reproduce the other however (the rax one)

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/radare/radare2/issues/11407#issuecomment-420564532, or mute the thread https://github.com/notifications/unsubscribe-auth/AHR34IHN2xEqJRDByHShpWUOkqikz8uiks5uaMm-gaJpZM4WbYF1 .

mscherer commented 6 years ago

I am building on gcc-4.8.5-28.el7_5.1.x86_64 . Let me see with a more recent gcc.

mscherer commented 6 years ago

In the mean time, here is the backtrace for the rax issue:

#0  0x00007ffff463a207 in raise () from /lib64/libc.so.6
#1  0x00007ffff463b8f8 in abort () from /lib64/libc.so.6
#2  0x00007ffff4e676b9 in ?? () from /lib64/libasan.so.0
#3  0x00007ffff4e5dc5c in ?? () from /lib64/libasan.so.0
#4  0x00007ffff4e64ce2 in ?? () from /lib64/libasan.so.0
#5  0x00007ffff4e63d91 in __asan_report_error () from /lib64/libasan.so.0
#6  0x00007ffff4e5e0b6 in __asan_report_store1 () from /lib64/libasan.so.0
#7  0x00007ffff4ab2e7a in cin_get_num (num=0x60440000fa80, nc=0x60440000fab0, n=0x60440000fab8) at calc.c:230
#8  0x00007ffff4ab3932 in get_token (num=0x60440000fa80, nc=0x60440000fab0) at calc.c:312
#9  0x00007ffff4ab46d0 in r_num_calc (num=0x60440000fa80, str=0x7fffffffacfe "0x", 'a' <repeats 198 times>..., err=0x7fffffff9260) at calc.c:390
#10 0x00007ffff4a594ad in r_num_math (num=0x60440000fa80, str=0x7fffffffacfe "0x", 'a' <repeats 198 times>...) at unum.c:383
#11 0x000055555555639e in format_output (mode=73 'I', s=0x7fffffffacfe "0x", 'a' <repeats 198 times>...) at rax2.c:23
#12 0x0000555555559482 in rax (str=0x7fffffffacfe "0x", 'a' <repeats 198 times>..., len=13294, last=1) at rax2.c:530
#13 0x000055555555974e in main (argc=2, argv=0x7fffffffa928) at rax2.c:578
mscherer commented 6 years ago

More recent gcc ( gcc-8.1.1 ), same as now, no odr-violation error. Your compiler is gcc 7.3.0, from Ubuntu Bionic, if I am reading the dockerfile correctly, or you are using clang ?

bannsec commented 6 years ago

Still getting ODR. Initially it was via gcc, i have recompiled using clang:

=================================================================
==46379==ERROR: AddressSanitizer: odr-violation (0x7fd41ee750a0):
  [1] size=7128 'JAVA_OPS' ops.c:7:22
  [2] size=7128 'JAVA_OPS' ops.c:7:22
These globals were registered at these points:
  [1]:
    #0 0x55640f16dd00 in __asan_register_globals.part.11 (/home/angr/opt/radare2/binr/radare2/radare2+0x3ad00)
    #1 0x7fd41e327a6d in asan.module_ctor (/home/angr/bin/prefix/radare2/lib/libr_anal.so+0x927a6d)

  [2]:
    #0 0x55640f16dd00 in __asan_register_globals.part.11 (/home/angr/opt/radare2/binr/radare2/radare2+0x3ad00)
    #1 0x7fd41be605ad in asan.module_ctor (/home/angr/bin/prefix/radare2/lib/libr_asm.so+0xb735ad)

==46379==HINT: if you don't care about these errors you may set ASAN_OPTIONS=detect_odr_violation=0
SUMMARY: AddressSanitizer: odr-violation: global 'JAVA_OPS' at ops.c:7:22
==46379==ABORTING
$ clang --version
clang version 6.0.0-1ubuntu2 (tags/RELEASE_600/final)
Target: x86_64-pc-linux-gnu
Thread model: posix
InstalledDir: /usr/bin
clang -g -fsanitize=address,signed-integer-overflow

On the plus side, it looks like that test case i posted before now does not throw an ASAN error.

radare commented 6 years ago

I think all of them are fixed, cant repro

radare commented 6 years ago

oh im not using signed-integer-overflow. i see

bannsec commented 6 years ago

For reference, I provided the clang version and compile line above. And yes, it's the current clang in bionic repo.

On Thu, Sep 20, 2018, 10:28 PM radare notifications@github.com wrote:

oh im not using signed-integer-overflow. i see

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/radare/radare2/issues/11407#issuecomment-423393926, or mute the thread https://github.com/notifications/unsubscribe-auth/AHR34C6wJGyVYTUgXbR8R0zs2IFDeS_qks5udE7IgaJpZM4WbYF1 .

radare commented 6 years ago

did a PR adding this flag to the default ASAN builds. let’s see how many tests are affected

On 21 Sep 2018, at 04:42, bannsec notifications@github.com wrote:

For reference, I provided the clang version and compile line above. And yes, it's the current clang in bionic repo.

On Thu, Sep 20, 2018, 10:28 PM radare notifications@github.com wrote:

oh im not using signed-integer-overflow. i see

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/radare/radare2/issues/11407#issuecomment-423393926, or mute the thread https://github.com/notifications/unsubscribe-auth/AHR34C6wJGyVYTUgXbR8R0zs2IFDeS_qks5udE7IgaJpZM4WbYF1 .

— You are receiving this because you modified the open/close state. Reply to this email directly, view it on GitHub https://github.com/radare/radare2/issues/11407#issuecomment-423396061, or mute the thread https://github.com/notifications/unsubscribe-auth/AA3-lrE8YSRCCznKy1Cy_0qJmfJnooifks5udFItgaJpZM4WbYF1.

radare commented 6 years ago

ping? is everything fixed?

ret2libc commented 6 years ago

Closing this. In case there are still issues, please open a new bug, this is becoming messy.