radareorg / radare2

UNIX-like reverse engineering framework and command-line toolset
https://www.radare.org/
GNU Lesser General Public License v3.0
20.81k stars 3.02k forks source link

#0 0x00007fca9a239ad5 in malloc_consolidate #655

Closed zonkzonk closed 10 years ago

zonkzonk commented 10 years ago

morrn,

problem with e

IN:

 r2 -c"e `cat buf`"  cp, where buf is uuencoded at the end.

OUT:

Program terminated with signal SIGSEGV, Segmentation fault.
#0  0x00007fca9a239ad5 in malloc_consolidate () from /usr/lib/libc.so.6
(gdb) bt
#0  0x00007fca9a239ad5 in malloc_consolidate () from /usr/lib/libc.so.6
#1  0x00007fca9a23a661 in _int_free () from /usr/lib/libc.so.6
#2  0x00007fca9e0b1678 in _zz_fd_fini () at common/fd.c:191
#3  0x00007fca9e0a984b in _zz_fini () at libzzuf/libzzuf.c:210
#4  0x00007fca9e371fda in _dl_fini () from /lib64/ld-linux-x86-64.so.2
#5  0x00007fca9a1f8e69 in __run_exit_handlers () from /usr/lib/libc.so.6
#6  0x00007fca9a1f8eb5 in exit () from /usr/lib/libc.so.6
#7  0x00007fca9a1e2b0c in __libc_start_main () from /usr/lib/libc.so.6
#8  0x0000000000402749 in _start ()
(gdb) 

traps: r2[10410] general protection ip:7f298bedead5 sp:7fff3ea70630 error:0 in libc-2.19.so[7f298be66000+19e000]

buf is now attached to avoid spam issues, sory daniel!

buf uu

radare commented 10 years ago

I think we should fix all coverity issues in cmd.c and all those bugs should be gone :p

On 24 Feb 2014, at 15:20, zonkzonk notifications@github.com wrote:

morrn,

problem with e

IN:

r2 -c"e cat buf" cp, where buf is uuencoded at the end. OUT:

Program terminated with signal SIGSEGV, Segmentation fault.

0 0x00007fca9a239ad5 in malloc_consolidate () from /usr/lib/libc.so.6

(gdb) bt

0 0x00007fca9a239ad5 in malloc_consolidate () from /usr/lib/libc.so.6

1 0x00007fca9a23a661 in _int_free () from /usr/lib/libc.so.6

2 0x00007fca9e0b1678 in _zz_fd_fini () at common/fd.c:191

3 0x00007fca9e0a984b in _zz_fini () at libzzuf/libzzuf.c:210

4 0x00007fca9e371fda in _dl_fini () from /lib64/ld-linux-x86-64.so.2

5 0x00007fca9a1f8e69 in __run_exit_handlers () from /usr/lib/libc.so.6

6 0x00007fca9a1f8eb5 in exit () from /usr/lib/libc.so.6

7 0x00007fca9a1e2b0c in __libc_start_main () from /usr/lib/libc.so.6

8 0x0000000000402749 in _start ()

(gdb)

traps: r2[10410] general protection ip:7f298bedead5 sp:7fff3ea70630 error:0 in libc-2.19.so[7f298be66000+19e000] begin 644 buf.core.uu MPN3=R-HBFHR8.QYDW!G(C<^K7(Y_2>\A@S@98-5LBDL3%T!HWPQ8.@<I: M!D,JIC`6E2NWXPC.RB550DXGH#2QP&?,H7-#Q@L^)GK7V"2[Z>B8PQQWX,E M.)-V7JA9I"0#]^-H2\BC<,_48=LJJA`)%>'J'W8@4Y1X:&BR%#]23O>AH5 MZI??TJ:X=4UR01XF^/)9_R+:IM\MF12YV#6$"SN>\U.8SRCSX@H_1?F^@+G M%E^N4VY'#8MQC(.0;C"SUX'BW@!='W7LT9G_[%IA5G)!FD4Z8=4P^WKKTX M5)@1_EOH].1X.%VQ.V/;YBEQ.TVXE=EG4ZM.BBR0D/C+SQ1;M$]_5"79A M/AK!1&%:@MC@T_C>_3JK&6UTMR#[P)-0\4.V2BPW?WM@&;+YE:.BKOJ6MW M5IF@2HKX=;.D^\Y9";CS[?>A@TJA"6@-IC8&5H:O-3(QL,F#=E"]$%;KR( M"-,6Y40JONG)7+'I::E2]M]8=<3"NCA$9!4>B?GM.?[*!JO4S-K)7$BG:N* M$8L$\XG!J?)/;'90>6/<'OLV'ZC&.[D8)JB."2V>H:"F//VWB8?@8#FH0]" MZVWW6OBX@,;8<0C5O27P>3^CE7]%6YX'%#&SH1M=L;W_9!4N'FAT=^IEI1 MO-"Y[("X/DE]$]1&R#O%0P.(.US"\?PC>N9TMSI_2Q&IE_VX-&DCD<L1!GZ M62&G)+H4,JJ/R8'?<[N;WJWP)E[_<'=,"WD[]E/YT7[#$_J/HJ9]]8ABL MBKL0/2?U0WYVFAXKK/:%(V.WWCA7[['[Y1$+AD'QF/1FTG'SY7O#I><"GV) MC#ZUSFOF060[4SQ3>)E1"X9->,B0O<.@F4W%E^E.L+^$NTWK"T]2"=0SJ5+ MQ5@ATW5@D7+5S6Q>G?0LVIW)L+,^NF7'K$IG1Y!@^OA$P05908'/\4],%9 MD@X'4-]`7Z1T)P'05)"7LI-8/7P>JFY6A_0!D1^5UQ88#YICSLBS7)!Z3J, MAVNW#Y<)'7<R^]AC871Q[9P-<"UND)OE$'A0FTY:9RRVF(=,8IGDMW".HS3 M=LE#W_FI=9.[9L9PSK7LSA7D@Z&WV%!)$)'`"L#7(VW,%!_(!5]\T?817 MIS#:+,.EYTZK@N4_)U\G6B)ZBA.]23@/;#+(/"F\[]S(^EG)GIN+22.VJ!3 M%>89Y+UM"K_U'U/0=N!-]/X9'ZLP=1XLA7HL)2;M-C>T6S?95Y.%KWK]\H%Q MU5UFFIP%(E:VZA0Y4__07J]-/AK:7A']__>FM@FX@73CQ#89-UQM!\.=8 MYU'%Q61W.2WG<>8_[J:9'_B](RV8X#@_S4^6$Z$UQH9ZZ,_UQH4?)RV[V%1 M]QHF)_]!UW"A@990-?CXVY0+].KQ6X"V4O"!@DPT\D>58!&OV6R3)7O#Q MB_>KDRF)K/9N""([Q=_TCJ:4;;H+LEKM<Z3\B%N.NE'@(!,/)(%@=@YX M'L^9;0EYZ+VE0,;WSLR2X2J@B/VAKFP!/G62XCNB(Q.5VK2?<!B78_L<6] M1R./[E#!37AD>8S)'M1NY'U('<Q\"BK72F$PKI<FL7^(Z1K.'A4VEBIZ M00I(9E0C(9BC7XRX-[#!U9G,8\AH00'PQ\QC3`1EW%>@/HG)F7#.8#HS9FXE M2<=Q??LX3=#<9RT5ZKNNW2(&:;G+TCH2]%.A]D.M?P@B/:#'")`CZE+C< MR&,F3<Q4G(_Q4V:U')6OZ$)3F;-__CP="&!ZON07";O-0^8Y]TJJ_B9A- M(R4''RAS@71;E%E9GNU"O[ON3N+[8@UA<>6F;#]VL$.J>05'Y=EL'[V'G/ M?M,X?/6!I9G&:;IW<ZG[KK:E$M9!4@M^/E>AKN&'`V,@T;FLH(X;0$T<5: MVB)R0P97T5-L^F\X"X%_O@A]NW99HRP,I%=O9J(P!"6R"8CPD=ZPUVE"GA5 M39%6?I7ESI5>WTY$UH6@L^1+NAI_X]G%[FRU&,C=D-A!53'JZ9-L;?.AM@A M06D#_NX-P4JK\RW'C>E(F%^O2Y\@AB@$5N@*Q&0).U.,??C0]BN%IH1#A M28/??CX2;75D;4/!]GDI+.=""X(#9#H]LJ[G<"60:Q(A9'&_S[3GAK9(! M4B0$7WY&<)''FXT37^+?6VBB'E':G_H!+[MO/"Z4K/J8.D&V_1USE[R_G" M:V-R._1[:4_1IN[2;:?!E\9<!T)^R'5&F)?E].DM[UM_N$>+TBB1.6CJB+ M3K&D)!$\64$7MDQQXNV!$]-(FH>?#V=.T8F4NW^&3816ZN["DWV[QTU7N0/ M[/*3)DG=Z&Y]F1=8YA67N!@@?9IP")B%&O<EF'KIB4.P\XB'>.9VT5E_CE( M41&@J^Q,H()./B?\@L$?.=@R)<L0O#-CW5<OV?&/&!0'=/%5)'[ZR7[K^ MNG61K'ET!@^KJ9%7[4G/YAAA72QK04.+F()P3/$UH=I><=LPW+1<5UV]\A M2(N,(?3XD2;#D)/"#<V=C>BIWZIH!O"JTH9#FJP"B:&]J[D%GL@M9J!0? M1<D=RGT'FJGK0NEP*.HPO*"SZH+9M9]]BH[NCLNZ6%=<-C]"`C@NH3O(QZ1 M>WY5A!3P7R=(MGM;(""3YO#2!2',J&XEA5ZCOY;E!25SDGL@4#2+;%$Q5 MC7V^"CE%3CS4)F0E&4'QQ62C:U-VW\F:.>WN!98OOI0L/8/J)U%E\J'`V MWAJ=52D*2KY[&R(-[;PC(Q(VV9W-Y6^BMF)N/"OP:=GD\VSHA%!>2A^!LK MIX[G1OV..-EX_]F1+I$676;:/7T$(+V)("+51&1!JLPQE\0$?VMA3B(G4 M&.O!%1]T.^?"X<R%S]_NB=5]&H=-QR5T-@0M2T53DM.K@26WGIJ0$LRI#W%L M;IBZGY59N)XQ/](GNMY+UT@T8AW^6P2H&\;45U=[SL&)RWN0^]<.98O96R/ M=&[O%:FFA-STL<_W_L5CS6_L&CXDU:?M?VLM<RP??L3WI/UO0;A!4XDGI=,V M--_[BUYE=4)I]!P#I4#(YAYQ>6!1)K(%YN#/$,^6]G7H61<PUDOB)7KX M0/G:;S\/X=+'T'"5FQU3?I,-LL9=T$3G2?^Q6E"1S+:NAS0%M&F.C0\B9B MUZ<](WN2<;17DN[N_P'-A>;?I<B&Z/&OF(,'Y!+7;(Z$OAH2W+7>0D1>7 M?L!OHHZI3A+XM?6$%U0(PDQHP^$&\H>J[!W=B0QGKY1%600,MQ/:MQ3BM"# MO/7L+HLR'5^7KX'KQO>&7<$\J(8BJ,]7FQQ#H<0^5-,X1"B,H74\7##\!' MV".H+QAO_N^VT1/EPNE,GS-Q[D8>?MK>V$W0Q?SOHM2K4Q=OR0A5CO+]),' MF@34FNJ[+B?157.$&UH+O70O3!VXN?)RRT#7$L<OKE<87XMKLM,"+7)@_43 M3^!K;R2M2P:D/X_00,9'JYOI$JOO,CJ.&]<HD\3[+(A'-64FHR3P!S)0?L;? M]WDH^@B7,I=5^OTZ[CLC'TI'8YDU?!(TP+H&\SG<;'^C8]F%BGMJ?/EXB M.Q[+_C>./NT18-67),[VM,&\A'MB9_V9I(V$54G4M(D"D,=1UMC(Q#48A M+&BH?IPA-<+A%\QE&32)2/[J&Q8%U[L[OIS&R6J4^K[X1@VCH06OQD&I!-VM MZ][@SE5QA'"-R+[7.368P$HI9T%Z:,XQJJ8-N0WPP!;]6QCAR5S9L=S@SU8V M2+$LPZ.+U+W[WI9&('GU/@/Z;S!D;6+'&JWD1M\GJO@7-55OO:ZCW[@\N& M9TNA>ZSEZFDL<E.V9F+5>(+\7;::7&]UM6*SU5[:WQ.]*]7X^_>'DON:ZA M+7;/@WTW<I-^37GD9-9M>[#OYUP,_C_NO"&:)X6U=2/JOAB3)$PLF7.=Z2 MHCM#IGUI_82+R,^N!$#)T3.+CM>PQ,OT/"I8)JA@4<N"@:?$;+&J72"B(#RJ M$';3VA++JW26I8F^0DA[2>ZCC)Y"T@6>0]/F]N5;K#-T$?BP%!;C;+2 M.,WJ2Z.##U+II4=^6%BJ<(@W4IV%Q%--#0M]]W57IC/[-3DK<!II(6.C0T MMEEZDO$D7!\OK:M!-M4#'!VN^G:(FRL5'=?C(?9E9Y-[6\22E#XBS MRK+DML);"S`>5DP\YM>W2#$C?9C)#2FGZ3A(0#+4-;;@K5@).^H[#C:3P M_Q6QW0)[]:B/3#S,F?R$P5R=G<2N6T[&3SO.1_UJ\&=.4(J=(<7@[8N!D5(( M]_H9;O+5U+T0T^LY^(<$;M[?Q9E+D)CMJ-B="::C4/H#BQL/W"ZA2Z\^Z M:>G9V.>,!PX-N<Q$%J;A"4CTH38HB_=T?]2>#Q95_"/)FDGK/?PU?BJ^ZUBS M<%"\9(]D6F_\?&HIWUT7;]W[D]H,4^!VE(&KO,(NSI']B56<ZN+6L1B:4N?D MXMW2'CNUMA[^,7U][J,4"3H0C9AT1KF5TE[;BS5(N$7^23]2033W"LF]B[ M8EVU0A^T\B25H(B@;JY=VQEAL7LO'\J10AH7NNI./B_AY\<47X=O^2<V6E MWJH0+/#2((@2GB,I^M%PJTW&CJXLA:&\(M0BM2FF'@W<RAELS@UX^G\8\(% M?@#,MF<"[X<L4%<!DL0/SF6KU0E5?]%TUSLG<?"1C[.2_I8G1N$D.\C5T; M=T%52\=<D(IA,D#BF]OU"#(O/H+$L'&)N"6?T#VQL<>#;?BH.)>G,5CD7N M,4&2R'I[B$[H5&K^&O0-9-LH'/D_3BKLV:O!1.Z7U1J,N%A9M?H>LKN!(>7 MU:YHO4>^MH.>_4&;/D,8,#/$F04#@O+<M4E@Q\J+'SXPRMH4Y?9%]A0E%DP M`[#$TQ(:$?4N2"#GR_5,'"$Y')8)$<1%OT0C]-=Z1V#%)F5%C]H9>RX!W" MVYVPX4@$&\4CI'9)Q;-ZP(&UB-'/NGQNWU"[!C2^N+S,]].(@]VU\E)&:C MQ2KLL5XSZ:Q+CJII^U80%QB@"WG6:M68L,@7W;:S1ZQY7U>:DCJH<K3,Q, M4XNSS-7,W3_KI+W3EK,\FC)WI:)_Q7Q<N!1D/W!7>5`"P#M/F00\=E>J) MRW5WN+M\HI55^9Z$1S!$-Q<SP5W0Z6A[5=+PBH!-.8RVS29_$(&^-_FFY] ML\@&&]P$^CG`@>J_VIC_R.(SIV['I%49NDOSRMD2ME#+DMPS27^IDL.6 MS].H1"!]"7,GG/:\WZY%(:J?20"[J.S6_0/.+'G<:G@2Y,6D"3:#HD&W^NS M\WT01B,C10+<E'PL%/O2J2+9)=2?&1TFGN2N']#45(NN<XL[,]+O$5-S9H MO41=#OZF.QM;/8(^[$5/XJ3B9;0:[&<2^+>-.WYZXRAH#6OMA@_A:.;L^M) M,>-ES;_PA.5<M/?.J+#BLND&\8MM$['%WT>$A45O>$;$-1R/9BSGOG9-^^9R MJAP]2H=[!!8O0G/N'JJ;&7H>4$4&1W0I??FH(UAT5L"QC:RTFO8;@])V<-9 MMZD2$@IT4B>V(:E1_0FIN$6=H3TXNY7]U<MWNXD[#"%);WIY#<]^4#FFQL MY<\^N#6.%TT;@X9\J0^"49\K3*=R4W9*RCTHKZC\CZ\+PRZ<[4F$&]1SKTK MCE8@I>25VQ48@,=[UE)-T@9AMA:Q)X5XG,^&:&G9N@OUB8O12=_PPM4@^Z@ M<7[SSFR+F0V[EZ,C<8JH;Y0;%6OW-N",JLY#F[^)`;F:L/R#NS'%Z-:'Y2I M(/T1A^B8;',R#(%J80=?72IB:BSN+<$YPB#0\8'L&;0WXO[E!^1"V%S<FQ) MA<W(H'B--7(Q\3P!P:BZ"AH]$S;UJUC3=6?00B/5=]E!YL#F(55$6=97A MK8AJYM&;4/8SZ(>K5^+7(NU_>7D05]N<LIU_)=%SM!M[B<LL;&=X:T@PN! M'#8O7\JCIEXHH%)4<IY)9MUN?;S7[J).@OB2_D]DDLI&=D'D:#Y&>^M(BK MCQ#1;S^&!VS[(A^ME#NC!'AD4R/#/^4(+0_^!W.YD("4&1E/;I0KZ]]M?A] MH_4%#?05JGH9]#FUB7`QTOQ9?YK]<#?)ETSGYJWM=N\P$JJO7V#:-I3TV M"[\%708UT\E,Z5OHHDLWO_B_GR98K:?49]V7NP'?@#97C#$2)<=19I(5,0 MUKNZZHEFY<OJ^9))YT^E!<1B4N=]7:](3ZC14#CDE-1OF9OKR(BIN/%8P`JF M-@;WQ0UGG=93&<++SDP%7((V"//X7!\,+/<O[B&?YU&DC\X:H:!C5B^I4&V MB?[5=ME^T)_FA%=)@WTZ?9[^Y]9-.,SS@5@,%O^T;"IH"&T74F%+SW(@#, M,"31MNK=>VV98D@;Q1^7)AKT&;-D6F>-GTPG#:"^H.'K49ES2CV@-VQ#MF! M=FRKA7-KV!;&O$^%^9-+3BH)"I)=F&Y,Y3'T+TOP0U+&7H:J/"2_)"<L/ MR-FJ;'&]F?=[4=%#,#\*K5BBU9%FP"N6!PT\Q)Y)+#C<QQS!UC672:TY4&< M/#DT6-L;C0\1-S$Q,J1JYK7!(@2\YMID^JL%Q7>C[`ARHR:I`S8#TCF'#H M57[U1="E(;3R7L81XPL\50LM/6:I4X?=V4!^+AUW1)+=!42/M^8PV?,)<QF MX$5I1,[?@<EU(DF_%A>''9BYEXWVNB[)5%BA)_IL]>__:OM2%CLO"J9,J_6 M^)NGR'_V"NQ-.R-5[7(V+38GL!:"3]/H$O38DQP;Y\2^0K9#^D@]+L%< .UFZJ86RZ9(QF^CM\O0H ` end — Reply to this email directly or view it on GitHub.

radare commented 10 years ago

Can't reproduce. it is still happening?

zonkzonk commented 10 years ago

still happening:

,r2 -c"e `cat buf`"  cp
r_config_get: variable '???"???' not found
?B?A[??Z???&open: Cannot open file '?DaZ????:?mt? ??@C?d??w??/?Z:*?kw)Zf?*+???9d&???
      ??D*??\??i?R?Xu??8Dd??9??'
parse: Missing backtick in expression.
Invalid address (b???='?C)
|ERROR| Invalid command '?S3k%q"???????OlvPyc??6??;??`??8$?z?????&???B?m?Z??a?#V???U?nxR???AR??G~?ZQ???>I}?F?;?C? ?s
                                                                                                                     ?????,F?_???G,D?Y!?$?2???}?oz??{+?t?e???1???*g?@b???='?C~v?+??#c??8W??
                                  ?A??I?????'
Segmentation fault
,r2 -v
radare2 0.9.7 @ linux-little-x86-64 git.0.9.7-25-gf5b14d2
commit: f5b14d2616dff85b6fdd67499756700160d61c6a build: 2014-03-04
zonkzonk commented 10 years ago

readable valgrind output:

==10555== Parent PID: 807
==10555== 
==10555== Invalid write of size 1
==10555==    at 0x69796A8: r_cmd_macro_add (macro.c:109)
==10555==    by 0x4E5E252: ??? (cmd_macro.c:48)
==10555==    by 0x6978F18: r_cmd_call (cmd.c:172)
==10555==    by 0x4E6DC8A: ??? (cmd.c:976)
==10555==    by 0x4E6D778: ??? (cmd.c:879)
==10555==    by 0x4E6D7E6: ??? (cmd.c:885)
==10555==    by 0x4E6D7E6: ??? (cmd.c:885)
==10555==    by 0x4E6F9C0: r_core_cmd (cmd.c:1502)
==10555==    by 0x4E6FF3E: r_core_cmd0 (cmd.c:1622)
==10555==    by 0x40450E: main (radare2.c:569)
==10555==  Address 0x11f82118 is 0 bytes after a block of size 56 alloc'd
==10555==    at 0x4C28730: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==10555==    by 0x697955E: r_cmd_macro_add (macro.c:88)
==10555==    by 0x4E5E252: ??? (cmd_macro.c:48)
==10555==    by 0x6978F18: r_cmd_call (cmd.c:172)
==10555==    by 0x4E6DC8A: ??? (cmd.c:976)
==10555==    by 0x4E6D778: ??? (cmd.c:879)
==10555==    by 0x4E6D7E6: ??? (cmd.c:885)
==10555==    by 0x4E6D7E6: ??? (cmd.c:885)
==10555==    by 0x4E6F9C0: r_core_cmd (cmd.c:1502)
==10555==    by 0x4E6FF3E: r_core_cmd0 (cmd.c:1622)
==10555==    by 0x40450E: main (radare2.c:569)
==10555== 
==10555== 
==10555== HEAP SUMMARY:
==10555==     in use at exit: 691,607 bytes in 4,167 blocks
==10555==   total heap usage: 12,399 allocs, 8,232 frees, 17,643,196 bytes allocated
==10555== 
==10555== LEAK SUMMARY:
==10555==    definitely lost: 392,583 bytes in 1,823 blocks
==10555==    indirectly lost: 114,673 bytes in 1,880 blocks
==10555==      possibly lost: 26,140 bytes in 12 blocks
==10555==    still reachable: 158,211 bytes in 452 blocks
==10555==         suppressed: 0 bytes in 0 blocks
==10555== Rerun with --leak-check=full to see details of leaked memory
==10555== 
==10555== For counts of detected and suppressed errors, rerun with: -v
==10555== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 2 from 2)
zonkzonk commented 10 years ago

bt full: http://lpaste.net/4711317379815047168

x9 commented 10 years ago

Please stop CCing me in these messages.


From: zonkzonkmailto:notifications@github.com Sent: ‎4/‎03/‎2014 7:11 PM To: radare/radare2mailto:radare2@noreply.github.com Cc: Danielmailto:daniel@danielmartinoli.com Subject: Re: [radare2] #0 0x00007fca9a239ad5 in malloc_consolidate (#655)

bt full: http://lpaste.net/4711317379815047168


Reply to this email directly or view it on GitHub: https://github.com/radare/radare2/issues/655#issuecomment-36600757

radare commented 10 years ago

@x9 Those CCs are unintentional, that's because of the uuencoded dump where your nick appears in there. @zonkzonk please, next time, use base64 :)