ISS-180 : during nmap test crash with malloc corrupted

[stormalf]

nmap compiled by chibicc , during nmap test crash with malloc corrupted : ./nmap -d --datadir . --script=unittest --script-args=unittest.run Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-10-18 22:57 CEST PORTS: Using ports open on 0% or more average hosts (TCP:1000, UDP:0, SCTP:0) --------------- Timing report --------------- hostgroups: min 1, max 100000 rtt-timeouts: init 1000, min 100, max 10000 max-scan-delay: TCP 1000, UDP 1000, SCTP 1000 parallelism: min 0, max 0 max-retries: 10, host-timeout: 0 min-rate: 0, max-rate: 0

NSE: Using Lua 5.4. malloc(): corrupted top size make: *** [Makefile:447: check-nse] Aborted (core dumped)

[stormalf]

it seems that is caused by something wrong during offsetof function that returns incorrect value and cause the crash. No idea for the moment what is wrong in offsetof for that. Trying to recreate a small test case.

[stormalf]

if we remove the __builtin_offsetof and use the original offsetof from chibicc, it works fine no more corruption. The way that builtin_offsetof tries to retrieve the offset of a specific field of a struct or union doesn't work well for now. The old offsetof #define offsetof(type, member) ((size_t)&(((type *)0)->member)) solves some issue but seems to create other segmentation fault in postgres.

[stormalf]

Ok found a new way to handle complex structs with chatgpt help and for now it's working at least solving the issue with nmap malloc corruption. It will be fixed in 1.0.23