sdb_num_set vnversion - Githubissues

zonkzonk commented 8 years ago

fuzzed_phiole

Reading symbols from r2...done.
[New LWP 7034]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/usr/lib/libthread_db.so.1".
Core was generated by `r2 fuzzed_Phiole'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0  0x00007f955bfc8218 in store_versioninfo_gnu_verneed (bin=0x5561c7f800a0, shdr=0x5561c7f816e0, sz=32)
    at /home/zlul/src/radare2/libr/..//libr/bin/p/../format/elf/elf.c:671
671                     sdb_num_set (sdb_version, "vn_version", entry->vn_version, 0);
(gdb) x/i $pc
=> 0x7f955bfc8218 <store_versioninfo_gnu_verneed+971>:  movzwl (%rax),%eax
(gdb) i r rax
rax            0x5561cffd57c0   93878589675456
(gdb)  ir eax
eax            0xcffd57c0       -805480512
(gdb) bt
#0  0x00007f955bfc8218 in store_versioninfo_gnu_verneed (bin=0x5561c7f800a0, shdr=0x5561c7f816e0, sz=32)
    at /home/zlul/src/radare2/libr/..//libr/bin/p/../format/elf/elf.c:671
#1  0x00007f955bfc86ab in store_versioninfo (bin=0x5561c7f800a0)
    at /home/zlul/src/radare2/libr/..//libr/bin/p/../format/elf/elf.c:733
#2  0x00007f955bfc8cf5 in elf_init (bin=0x5561c7f800a0) at /home/zlul/src/radare2/libr/..//libr/bin/p/../format/elf/elf.c:815
#3  0x00007f955bfcee68 in Elf64_r_bin_elf_new_buf (buf=0x5561c7f80060)
    at /home/zlul/src/radare2/libr/..//libr/bin/p/../format/elf/elf.c:2259
#4  0x00007f955bfc208f in load_bytes (arch=0x5561c7f82620, buf=0x5561c7f82af0 "\177ELF\002\001\001", sz=92608, loadaddr=0, 
    sdb=0x5561c7f7a370) at /home/zlul/src/radare2/libr/..//libr/bin/p/bin_elf.c:46
#5  0x00007f955bf9841d in r_bin_object_new (binfile=0x5561c7f82620, plugin=0x5561c7f2a870, baseaddr=18446744073709551615, 
    loadaddr=0, offset=0, sz=92608) at bin.c:972
#6  0x00007f955bf98b28 in r_bin_file_new_from_bytes (bin=0x5561c7f26a60, file=0x5561c7f75c40 "fuzzed_Phiole", 
    bytes=0x5561c7f82af0 "\177ELF\002\001\001", sz=92608, file_sz=92608, rawstr=0, baseaddr=18446744073709551615, loadaddr=0, 
    fd=7, pluginname=0x0, xtrname=0x0, offset=0) at bin.c:1121
#7  0x00007f955bf978ea in r_bin_load_io_at_offset_as_sz (bin=0x5561c7f26a60, desc=0x5561c7f75ca0, 
    baseaddr=18446744073709551615, loadaddr=0, xtr_idx=0, offset=0, name=0x0, sz=92608) at bin.c:740
#8  0x00007f955bf97977 in r_bin_load_io_at_offset_as (bin=0x5561c7f26a60, desc=0x5561c7f75ca0, baseaddr=18446744073709551615, 
    loadaddr=0, xtr_idx=0, offset=0, name=0x0) at bin.c:753
#9  0x00007f955bf973c0 in r_bin_load_io (bin=0x5561c7f26a60, desc=0x5561c7f75ca0, baseaddr=18446744073709551615, loadaddr=0, 
    xtr_idx=0) at bin.c:646
#10 0x00007f955cb694c1 in r_core_file_do_load_for_io_plugin (r=0x5561c6ee38e0 <r>, baseaddr=18446744073709551615, loadaddr=0)
    at file.c:383
#11 0x00007f955cb69956 in r_core_bin_load (r=0x5561c6ee38e0 <r>, filenameuri=0x5561c7f75c40 "fuzzed_Phiole", 
    baddr=18446744073709551615) at file.c:462
#12 0x00005561c6ce0ac7 in main (argc=2, argv=0x7fff3cfce308, envp=0x7fff3cfce320) at radare2.c:658
(gdb) q

radare commented 8 years ago

Can u show the value oe entry? And the register statr.. Or at least provide a sample to reproduce the crash?

On 08 Apr 2016, at 19:36, zonkzonk notifications@github.com wrote:

Reading symbols from r2...done. [New LWP 7034] [Thread debugging using libthread_db enabled] Using host libthread_db library "/usr/lib/libthread_db.so.1". Core was generated by `r2 fuzzed_Phiole'. Program terminated with signal SIGSEGV, Segmentation fault.

0 0x00007f955bfc8218 in store_versioninfo_gnu_verneed (bin=0x5561c7f800a0, shdr=0x5561c7f816e0, sz=32)
at /home/zlul/src/radare2/libr/..//libr/bin/p/../format/elf/elf.c:671
671 sdb_num_set (sdb_version, "vn_version", entry->vn_version, 0); (gdb) x/i $pc => 0x7f955bfc8218 <store_versioninfo_gnu_verneed+971>: movzwl (%rax),%eax (gdb) i r rax rax 0x5561cffd57c0 93878589675456 (gdb) ir eax eax 0xcffd57c0 -805480512 (gdb) bt

0 0x00007f955bfc8218 in store_versioninfo_gnu_verneed (bin=0x5561c7f800a0, shdr=0x5561c7f816e0, sz=32)
at /home/zlul/src/radare2/libr/..//libr/bin/p/../format/elf/elf.c:671
1 0x00007f955bfc86ab in store_versioninfo (bin=0x5561c7f800a0)
at /home/zlul/src/radare2/libr/..//libr/bin/p/../format/elf/elf.c:733
2 0x00007f955bfc8cf5 in elf_init (bin=0x5561c7f800a0) at /home/zlul/src/radare2/libr/..//libr/bin/p/../format/elf/elf.c:815

3 0x00007f955bfcee68 in Elf64_r_bin_elf_new_buf (buf=0x5561c7f80060)
at /home/zlul/src/radare2/libr/..//libr/bin/p/../format/elf/elf.c:2259
4 0x00007f955bfc208f in load_bytes (arch=0x5561c7f82620, buf=0x5561c7f82af0 "\177ELF\002\001\001", sz=92608, loadaddr=0,
sdb=0x5561c7f7a370) at /home/zlul/src/radare2/libr/..//libr/bin/p/bin_elf.c:46
5 0x00007f955bf9841d in r_bin_object_new (binfile=0x5561c7f82620, plugin=0x5561c7f2a870, baseaddr=18446744073709551615,
loadaddr=0, offset=0, sz=92608) at bin.c:972
6 0x00007f955bf98b28 in r_bin_file_new_from_bytes (bin=0x5561c7f26a60, file=0x5561c7f75c40 "fuzzed_Phiole",
bytes=0x5561c7f82af0 "\177ELF\002\001\001", sz=92608, file_sz=92608, rawstr=0, baseaddr=18446744073709551615, loadaddr=0, 
fd=7, pluginname=0x0, xtrname=0x0, offset=0) at bin.c:1121
7 0x00007f955bf978ea in r_bin_load_io_at_offset_as_sz (bin=0x5561c7f26a60, desc=0x5561c7f75ca0,
baseaddr=18446744073709551615, loadaddr=0, xtr_idx=0, offset=0, name=0x0, sz=92608) at bin.c:740
8 0x00007f955bf97977 in r_bin_load_io_at_offset_as (bin=0x5561c7f26a60, desc=0x5561c7f75ca0, baseaddr=18446744073709551615,
loadaddr=0, xtr_idx=0, offset=0, name=0x0) at bin.c:753
9 0x00007f955bf973c0 in r_bin_load_io (bin=0x5561c7f26a60, desc=0x5561c7f75ca0, baseaddr=18446744073709551615, loadaddr=0,
xtr_idx=0) at bin.c:646
10 0x00007f955cb694c1 in r_core_file_do_load_for_io_plugin (r=0x5561c6ee38e0 , baseaddr=18446744073709551615, loadaddr=0)
at file.c:383
11 0x00007f955cb69956 in r_core_bin_load (r=0x5561c6ee38e0 , filenameuri=0x5561c7f75c40 "fuzzed_Phiole",
baddr=18446744073709551615) at file.c:462
12 0x00005561c6ce0ac7 in main (argc=2, argv=0x7fff3cfce308, envp=0x7fff3cfce320) at radare2.c:658

(gdb) q

— You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub

zonkzonk commented 8 years ago

@radare I provided a phile as png :)

https://cloud.githubusercontent.com/assets/5694980/14392347/34a640a2-fdc1-11e5-83f7-34a01d9391f5.png

radare commented 8 years ago

cant reproduce

alvarofe commented 8 years ago

me neither, we have been fixing a lot of issues try again from master and if it persists reopen the issue. Thx!

radareorg / radare2

sdb_num_set vnversion #4558

0 0x00007f955bfc8218 in store_versioninfo_gnu_verneed (bin=0x5561c7f800a0, shdr=0x5561c7f816e0, sz=32)

0 0x00007f955bfc8218 in store_versioninfo_gnu_verneed (bin=0x5561c7f800a0, shdr=0x5561c7f816e0, sz=32)

1 0x00007f955bfc86ab in store_versioninfo (bin=0x5561c7f800a0)

2 0x00007f955bfc8cf5 in elf_init (bin=0x5561c7f800a0) at /home/zlul/src/radare2/libr/..//libr/bin/p/../format/elf/elf.c:815

3 0x00007f955bfcee68 in Elf64_r_bin_elf_new_buf (buf=0x5561c7f80060)

4 0x00007f955bfc208f in load_bytes (arch=0x5561c7f82620, buf=0x5561c7f82af0 "\177ELF\002\001\001", sz=92608, loadaddr=0,

5 0x00007f955bf9841d in r_bin_object_new (binfile=0x5561c7f82620, plugin=0x5561c7f2a870, baseaddr=18446744073709551615,

6 0x00007f955bf98b28 in r_bin_file_new_from_bytes (bin=0x5561c7f26a60, file=0x5561c7f75c40 "fuzzed_Phiole",

7 0x00007f955bf978ea in r_bin_load_io_at_offset_as_sz (bin=0x5561c7f26a60, desc=0x5561c7f75ca0,

8 0x00007f955bf97977 in r_bin_load_io_at_offset_as (bin=0x5561c7f26a60, desc=0x5561c7f75ca0, baseaddr=18446744073709551615,

9 0x00007f955bf973c0 in r_bin_load_io (bin=0x5561c7f26a60, desc=0x5561c7f75ca0, baseaddr=18446744073709551615, loadaddr=0,

10 0x00007f955cb694c1 in r_core_file_do_load_for_io_plugin (r=0x5561c6ee38e0 , baseaddr=18446744073709551615, loadaddr=0)

11 0x00007f955cb69956 in r_core_bin_load (r=0x5561c6ee38e0 , filenameuri=0x5561c7f75c40 "fuzzed_Phiole",

12 0x00005561c6ce0ac7 in main (argc=2, argv=0x7fff3cfce308, envp=0x7fff3cfce320) at radare2.c:658