[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
asan report heap-use-after-free in _rl_vi_domove_motion_cleanup
|
From: |
Grisha Levit |
|
Subject: |
asan report heap-use-after-free in _rl_vi_domove_motion_cleanup |
|
Date: |
Tue, 7 Mar 2023 04:41:10 -0500 |
INPUTRC=<(echo '"y": vi-yank-to') ./bash --norc -in <<<'y1y1'
=================================================================
ERROR: AddressSanitizer: heap-use-after-free on address 0x000103a05c28
at pc 0x0001005152fc bp 0x00016fdf27e0 sp 0x00016fdf27d8
READ of size 4 at 0x000103a05c28 thread T0
#0 0x1005152f8 in _rl_vi_domove_motion_cleanup+0x198
(bash:arm64+0x1005152f8)
#1 0x100519c5c in rl_domove_motion_callback+0x670 (bash:arm64+0x100519c5c)
#2 0x100517df4 in rl_domove_read_callback+0xd9c (bash:arm64+0x100517df4)
#3 0x100518204 in rl_vi_domove+0x398 (bash:arm64+0x100518204)
#4 0x10051b0b8 in rl_vi_yank_to+0x980 (bash:arm64+0x10051b0b8)
#5 0x1004fe82c in _rl_dispatch_subseq+0xe44 (bash:arm64+0x1004fe82c)
#6 0x1004fc430 in _rl_dispatch+0x6c (bash:arm64+0x1004fc430)
#7 0x1004fbb3c in readline_internal_char+0x820 (bash:arm64+0x1004fbb3c)
#8 0x100506408 in readline_internal_charloop+0x98 (bash:arm64+0x100506408)
#9 0x1004fa738 in readline_internal+0xc (bash:arm64+0x1004fa738)
#10 0x1004fa514 in readline+0xf8 (bash:arm64+0x1004fa514)
0x000103a05c28 is located 24 bytes inside of 36-byte region
[0x000103a05c10,0x000103a05c34)
freed by thread T0 here:
#0 0x100dd6de4 in wrap_free+0x98
(libclang_rt.asan_osx_dynamic.dylib:arm64e+0x3ede4)
#1 0x10039da6c in xfree xmalloc.c:144
#2 0x100519c98 in _rl_mvcxt_dispose+0x14 (bash:arm64+0x100519c98)
#3 0x10051b0fc in rl_vi_yank_to+0x9c4 (bash:arm64+0x10051b0fc)
#4 0x1004fe82c in _rl_dispatch_subseq+0xe44 (bash:arm64+0x1004fe82c)
#5 0x1004fc430 in _rl_dispatch+0x6c (bash:arm64+0x1004fc430)
#6 0x100519bbc in rl_domove_motion_callback+0x5d0 (bash:arm64+0x100519bbc)
#7 0x100517df4 in rl_domove_read_callback+0xd9c (bash:arm64+0x100517df4)
#8 0x100518204 in rl_vi_domove+0x398 (bash:arm64+0x100518204)
#9 0x10051b0b8 in rl_vi_yank_to+0x980 (bash:arm64+0x10051b0b8)
#10 0x1004fe82c in _rl_dispatch_subseq+0xe44 (bash:arm64+0x1004fe82c)
#11 0x1004fc430 in _rl_dispatch+0x6c (bash:arm64+0x1004fc430)
#12 0x1004fbb3c in readline_internal_char+0x820 (bash:arm64+0x1004fbb3c)
#13 0x100506408 in readline_internal_charloop+0x98 (bash:arm64+0x100506408)
#14 0x1004fa738 in readline_internal+0xc (bash:arm64+0x1004fa738)
#15 0x1004fa514 in readline+0xf8 (bash:arm64+0x1004fa514)
previously allocated by thread T0 here:
#0 0x100dd6ca8 in wrap_malloc+0x94
(libclang_rt.asan_osx_dynamic.dylib:arm64e+0x3eca8)
#1 0x10039d938 in xmalloc xmalloc.c:111
#2 0x100518cd4 in _rl_mvcxt_alloc+0x18 (bash:arm64+0x100518cd4)
#3 0x10051a99c in rl_vi_yank_to+0x264 (bash:arm64+0x10051a99c)
#4 0x1004fe82c in _rl_dispatch_subseq+0xe44 (bash:arm64+0x1004fe82c)
#5 0x1004fc430 in _rl_dispatch+0x6c (bash:arm64+0x1004fc430)
#6 0x1004fbb3c in readline_internal_char+0x820 (bash:arm64+0x1004fbb3c)
#7 0x100506408 in readline_internal_charloop+0x98 (bash:arm64+0x100506408)
#8 0x1004fa738 in readline_internal+0xc (bash:arm64+0x1004fa738)
#9 0x1004fa514 in readline+0xf8 (bash:arm64+0x1004fa514)
frame #5: 0x00000001005152fc bash`_rl_vi_domove_motion_cleanup(c=121,
m=0x0000000103a05c10) at vi_mode.c:1192:15
1189 int r;
1190
1191 /* Remove the blank that we added in rl_domove_motion_callback. */
-> 1192 rl_end = m->end;
1193 rl_line_buffer[rl_end] = '\0';
1194 _rl_fix_point (0);
1195
- asan report heap-use-after-free in _rl_vi_domove_motion_cleanup,
Grisha Levit <=