Re: Stack exhaustion issue in the GNU Readline

bug-readline
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Stack exhaustion issue in the GNU Readline

From:	Neeraj Pal
Subject:	Re: Stack exhaustion issue in the GNU Readline
Date:	Mon, 5 Apr 2021 02:09:34 +0530
UPDATE: please discard this report as it is a false positive which
happened due to the docker as I was fuzzing GNU readline inside the
docker.

verified the poc in the host env and observed no crashes,
investigating again in-depth on the host machine, shall share the
further updates if any issues.
my apologies for the confusion.

Thanks,

On Mon, Apr 5, 2021 at 1:49 AM Neeraj Pal <neerajpal09@gmail.com> wrote:
>
> Hi there,
>
> While fuzzing the GNU Readline with hongfuzz, I found a stack
> exhaustion issue which seems to be happened due to deep recursion
>
> This bug report tested on following GNU Readline versions:
> - GNU Readline git devel rev:   109eadf6fe5c6a7e95ef0298820897ce6ee9172e
> - GNU Readline git master rev: cf3c762ecfff5b2f445647a0f1543693984a5540
> - GNU Readline 8.1-rc3
> - GNU Readline 8.1
>
> Attaching a reproducer link where I have uploaded the test input, (my
> apologies if not allowed to post links, please let me know if any
> issues): 
> https://github.com/bsdb0y/investigations/raw/master/stack-exhaust-poc1
>
> Issue can be reproduced by running:
> cat stack-exhaust-poc1|./examples/rlbasic
>
> =================================================================
> ==1879148==ERROR: AddressSanitizer: stack-overflow on address
> 0x7fffff7fed00 (pc 0x000000498ae6 bp 0x7fffff7ff540 sp 0x7fffff7fed00
> T0)
>     #0 0x498ae6 in realloc
> (/src/readline-devel/readline/examples/rlbasic+0x498ae6)
>     #1 0x655002 in xrealloc /src/readline-devel/readline/xmalloc.c:70:20
>     #2 0x4d167c in _rl_dispatch_subseq
> /src/readline-devel/readline/readline.c:895:4
>     #3 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9
>     #4 0x4d16fa in _rl_dispatch_subseq
> /src/readline-devel/readline/readline.c:901:8
>     #5 0x4f8f62 in rl_domove_motion_callback
> /src/readline-devel/readline/vi_mode.c:1184:3
>     #6 0x4f8f62 in rl_vi_change_to
> /src/readline-devel/readline/vi_mode.c:1500:11
>     #7 0x4d16fa in _rl_dispatch_subseq
> /src/readline-devel/readline/readline.c:901:8
>     #8 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9
>     #9 0x4d16fa in _rl_dispatch_subseq
> /src/readline-devel/readline/readline.c:901:8
>     #10 0x4f8f62 in rl_domove_motion_callback
> /src/readline-devel/readline/vi_mode.c:1184:3
>     #11 0x4f8f62 in rl_vi_change_to
> /src/readline-devel/readline/vi_mode.c:1500:11
>     #12 0x4d16fa in _rl_dispatch_subseq
> /src/readline-devel/readline/readline.c:901:8
>     #13 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9
>     #14 0x4d16fa in _rl_dispatch_subseq
> /src/readline-devel/readline/readline.c:901:8
>     #15 0x4f8f62 in rl_domove_motion_callback
> /src/readline-devel/readline/vi_mode.c:1184:3
>     #16 0x4f8f62 in rl_vi_change_to
> /src/readline-devel/readline/vi_mode.c:1500:11
>     #17 0x4d16fa in _rl_dispatch_subseq
> /src/readline-devel/readline/readline.c:901:8
>     #18 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9
>     #19 0x4d16fa in _rl_dispatch_subseq
> /src/readline-devel/readline/readline.c:901:8
>     #20 0x4f8f62 in rl_domove_motion_callback
> /src/readline-devel/readline/vi_mode.c:1184:3
>     #21 0x4f8f62 in rl_vi_change_to
> /src/readline-devel/readline/vi_mode.c:1500:11
>     #22 0x4d16fa in _rl_dispatch_subseq
> /src/readline-devel/readline/readline.c:901:8
>     #23 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9
>     #24 0x4d16fa in _rl_dispatch_subseq
> /src/readline-devel/readline/readline.c:901:8
>     #25 0x4f8f62 in rl_domove_motion_callback
> /src/readline-devel/readline/vi_mode.c:1184:3
>     #26 0x4f8f62 in rl_vi_change_to
> /src/readline-devel/readline/vi_mode.c:1500:11
>     #27 0x4d16fa in _rl_dispatch_subseq
> /src/readline-devel/readline/readline.c:901:8
>     #28 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9
>     #29 0x4d16fa in _rl_dispatch_subseq
> /src/readline-devel/readline/readline.c:901:8
>     #30 0x4f8f62 in rl_domove_motion_callback
> /src/readline-devel/readline/vi_mode.c:1184:3
>     #31 0x4f8f62 in rl_vi_change_to
> /src/readline-devel/readline/vi_mode.c:1500:11
>     #32 0x4d16fa in _rl_dispatch_subseq
> /src/readline-devel/readline/readline.c:901:8
>     #33 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9
>     #34 0x4d16fa in _rl_dispatch_subseq
> /src/readline-devel/readline/readline.c:901:8
>     #35 0x4f8f62 in rl_domove_motion_callback
> /src/readline-devel/readline/vi_mode.c:1184:3
>     #36 0x4f8f62 in rl_vi_change_to
> /src/readline-devel/readline/vi_mode.c:1500:11
>     #37 0x4d16fa in _rl_dispatch_subseq
> /src/readline-devel/readline/readline.c:901:8
>     #38 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9
>     #39 0x4d16fa in _rl_dispatch_subseq
> /src/readline-devel/readline/readline.c:901:8
>     #40 0x4f8f62 in rl_domove_motion_callback
> /src/readline-devel/readline/vi_mode.c:1184:3
>     #41 0x4f8f62 in rl_vi_change_to
> /src/readline-devel/readline/vi_mode.c:1500:11
>     #42 0x4d16fa in _rl_dispatch_subseq
> /src/readline-devel/readline/readline.c:901:8
>     #43 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9
>     #44 0x4d16fa in _rl_dispatch_subseq
> /src/readline-devel/readline/readline.c:901:8
>     #45 0x4f8f62 in rl_domove_motion_callback
> /src/readline-devel/readline/vi_mode.c:1184:3
>     #46 0x4f8f62 in rl_vi_change_to
> /src/readline-devel/readline/vi_mode.c:1500:11
>     #47 0x4d16fa in _rl_dispatch_subseq
> /src/readline-devel/readline/readline.c:901:8
>     #48 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9
>     #49 0x4d16fa in _rl_dispatch_subseq
> /src/readline-devel/readline/readline.c:901:8
>     #50 0x4f8f62 in rl_domove_motion_callback
> /src/readline-devel/readline/vi_mode.c:1184:3
>     #51 0x4f8f62 in rl_vi_change_to
> /src/readline-devel/readline/vi_mode.c:1500:11
>     #52 0x4d16fa in _rl_dispatch_subseq
> /src/readline-devel/readline/readline.c:901:8
>     #53 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9
>     #54 0x4d16fa in _rl_dispatch_subseq
> /src/readline-devel/readline/readline.c:901:8
>     #55 0x4f8f62 in rl_domove_motion_callback
> /src/readline-devel/readline/vi_mode.c:1184:3
>     #56 0x4f8f62 in rl_vi_change_to
> /src/readline-devel/readline/vi_mode.c:1500:11
>     #57 0x4d16fa in _rl_dispatch_subseq
> /src/readline-devel/readline/readline.c:901:8
>     #58 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9
>     #59 0x4d16fa in _rl_dispatch_subseq
> /src/readline-devel/readline/readline.c:901:8
>     #60 0x4f8f62 in rl_domove_motion_callback
> /src/readline-devel/readline/vi_mode.c:1184:3
>     #61 0x4f8f62 in rl_vi_change_to
> /src/readline-devel/readline/vi_mode.c:1500:11
>     #62 0x4d16fa in _rl_dispatch_subseq
> /src/readline-devel/readline/readline.c:901:8
>     #63 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9
>     #64 0x4d16fa in _rl_dispatch_subseq
> /src/readline-devel/readline/readline.c:901:8
>     #65 0x4f8f62 in rl_domove_motion_callback
> /src/readline-devel/readline/vi_mode.c:1184:3
>     #66 0x4f8f62 in rl_vi_change_to
> /src/readline-devel/readline/vi_mode.c:1500:11
>     #67 0x4d16fa in _rl_dispatch_subseq
> /src/readline-devel/readline/readline.c:901:8
>     #68 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9
>     #69 0x4d16fa in _rl_dispatch_subseq
> /src/readline-devel/readline/readline.c:901:8
>     #70 0x4f8f62 in rl_domove_motion_callback
> /src/readline-devel/readline/vi_mode.c:1184:3
>     #71 0x4f8f62 in rl_vi_change_to
> /src/readline-devel/readline/vi_mode.c:1500:11
>     #72 0x4d16fa in _rl_dispatch_subseq
> /src/readline-devel/readline/readline.c:901:8
>     #73 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9
>     #74 0x4d16fa in _rl_dispatch_subseq
> /src/readline-devel/readline/readline.c:901:8
>     #75 0x4f8f62 in rl_domove_motion_callback
> /src/readline-devel/readline/vi_mode.c:1184:3
>     #76 0x4f8f62 in rl_vi_change_to
> /src/readline-devel/readline/vi_mode.c:1500:11
>     #77 0x4d16fa in _rl_dispatch_subseq
> /src/readline-devel/readline/readline.c:901:8
>     #78 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9
>     #79 0x4d16fa in _rl_dispatch_subseq
> /src/readline-devel/readline/readline.c:901:8
>     #80 0x4f8f62 in rl_domove_motion_callback
> /src/readline-devel/readline/vi_mode.c:1184:3
>     #81 0x4f8f62 in rl_vi_change_to
> /src/readline-devel/readline/vi_mode.c:1500:11
>     #82 0x4d16fa in _rl_dispatch_subseq
> /src/readline-devel/readline/readline.c:901:8
>     #83 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9
>     #84 0x4d16fa in _rl_dispatch_subseq
> /src/readline-devel/readline/readline.c:901:8
>     #85 0x4f8f62 in rl_domove_motion_callback
> /src/readline-devel/readline/vi_mode.c:1184:3
>     #86 0x4f8f62 in rl_vi_change_to
> /src/readline-devel/readline/vi_mode.c:1500:11
>     #87 0x4d16fa in _rl_dispatch_subseq
> /src/readline-devel/readline/readline.c:901:8
>     #88 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9
>     #89 0x4d16fa in _rl_dispatch_subseq
> /src/readline-devel/readline/readline.c:901:8
>     #90 0x4f8f62 in rl_domove_motion_callback
> /src/readline-devel/readline/vi_mode.c:1184:3
>     #91 0x4f8f62 in rl_vi_change_to
> /src/readline-devel/readline/vi_mode.c:1500:11
>     #92 0x4d16fa in _rl_dispatch_subseq
> /src/readline-devel/readline/readline.c:901:8
>     #93 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9
>     #94 0x4d16fa in _rl_dispatch_subseq
> /src/readline-devel/readline/readline.c:901:8
>     #95 0x4f8f62 in rl_domove_motion_callback
> /src/readline-devel/readline/vi_mode.c:1184:3
>     #96 0x4f8f62 in rl_vi_change_to
> /src/readline-devel/readline/vi_mode.c:1500:11
>     #97 0x4d16fa in _rl_dispatch_subseq
> /src/readline-devel/readline/readline.c:901:8
>     #98 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9
>     #99 0x4d16fa in _rl_dispatch_subseq
> /src/readline-devel/readline/readline.c:901:8
>     #100 0x4f8f62 in rl_domove_motion_callback
> /src/readline-devel/readline/vi_mode.c:1184:3
>     #101 0x4f8f62 in rl_vi_change_to
> /src/readline-devel/readline/vi_mode.c:1500:11
>     #102 0x4d16fa in _rl_dispatch_subseq
> /src/readline-devel/readline/readline.c:901:8
>     #103 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9
>     #104 0x4d16fa in _rl_dispatch_subseq
> /src/readline-devel/readline/readline.c:901:8
>     #105 0x4f8f62 in rl_domove_motion_callback
> /src/readline-devel/readline/vi_mode.c:1184:3
>     #106 0x4f8f62 in rl_vi_change_to
> /src/readline-devel/readline/vi_mode.c:1500:11
>     #107 0x4d16fa in _rl_dispatch_subseq
> /src/readline-devel/readline/readline.c:901:8
>     #108 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9
>     #109 0x4d16fa in _rl_dispatch_subseq
> /src/readline-devel/readline/readline.c:901:8
>     #110 0x4f8f62 in rl_domove_motion_callback
> /src/readline-devel/readline/vi_mode.c:1184:3
>     #111 0x4f8f62 in rl_vi_change_to
> /src/readline-devel/readline/vi_mode.c:1500:11
>     #112 0x4d16fa in _rl_dispatch_subseq
> /src/readline-devel/readline/readline.c:901:8
>     #113 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9
>     #114 0x4d16fa in _rl_dispatch_subseq
> /src/readline-devel/readline/readline.c:901:8
>     #115 0x4f8f62 in rl_domove_motion_callback
> /src/readline-devel/readline/vi_mode.c:1184:3
>     #116 0x4f8f62 in rl_vi_change_to
> /src/readline-devel/readline/vi_mode.c:1500:11
>     #117 0x4d16fa in _rl_dispatch_subseq
> /src/readline-devel/readline/readline.c:901:8
>     #118 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9
>     #119 0x4d16fa in _rl_dispatch_subseq
> /src/readline-devel/readline/readline.c:901:8
>     #120 0x4f8f62 in rl_domove_motion_callback
> /src/readline-devel/readline/vi_mode.c:1184:3
>     #121 0x4f8f62 in rl_vi_change_to
> /src/readline-devel/readline/vi_mode.c:1500:11
>     #122 0x4d16fa in _rl_dispatch_subseq
> /src/readline-devel/readline/readline.c:901:8
>     #123 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9
>     #124 0x4d16fa in _rl_dispatch_subseq
> /src/readline-devel/readline/readline.c:901:8
>     #125 0x4f8f62 in rl_domove_motion_callback
> /src/readline-devel/readline/vi_mode.c:1184:3
>     #126 0x4f8f62 in rl_vi_change_to
> /src/readline-devel/readline/vi_mode.c:1500:11
>     #127 0x4d16fa in _rl_dispatch_subseq
> /src/readline-devel/readline/readline.c:901:8
>     #128 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9
>     #129 0x4d16fa in _rl_dispatch_subseq
> /src/readline-devel/readline/readline.c:901:8
>     #130 0x4f8f62 in rl_domove_motion_callback
> /src/readline-devel/readline/vi_mode.c:1184:3
>     #131 0x4f8f62 in rl_vi_change_to
> /src/readline-devel/readline/vi_mode.c:1500:11
>     #132 0x4d16fa in _rl_dispatch_subseq
> /src/readline-devel/readline/readline.c:901:8
>     #133 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9
>     #134 0x4d16fa in _rl_dispatch_subseq
> /src/readline-devel/readline/readline.c:901:8
>     #135 0x4f8f62 in rl_domove_motion_callback
> /src/readline-devel/readline/vi_mode.c:1184:3
>     #136 0x4f8f62 in rl_vi_change_to
> /src/readline-devel/readline/vi_mode.c:1500:11
>     #137 0x4d16fa in _rl_dispatch_subseq
> /src/readline-devel/readline/readline.c:901:8
>     #138 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9
>     #139 0x4d16fa in _rl_dispatch_subseq
> /src/readline-devel/readline/readline.c:901:8
>     #140 0x4f8f62 in rl_domove_motion_callback
> /src/readline-devel/readline/vi_mode.c:1184:3
>     #141 0x4f8f62 in rl_vi_change_to
> /src/readline-devel/readline/vi_mode.c:1500:11
>     #142 0x4d16fa in _rl_dispatch_subseq
> /src/readline-devel/readline/readline.c:901:8
>     #143 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9
>     #144 0x4d16fa in _rl_dispatch_subseq
> /src/readline-devel/readline/readline.c:901:8
>     #145 0x4f8f62 in rl_domove_motion_callback
> /src/readline-devel/readline/vi_mode.c:1184:3
>     #146 0x4f8f62 in rl_vi_change_to
> /src/readline-devel/readline/vi_mode.c:1500:11
>     #147 0x4d16fa in _rl_dispatch_subseq
> /src/readline-devel/readline/readline.c:901:8
>     #148 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9
>     #149 0x4d16fa in _rl_dispatch_subseq
> /src/readline-devel/readline/readline.c:901:8
>     #150 0x4f8f62 in rl_domove_motion_callback
> /src/readline-devel/readline/vi_mode.c:1184:3
>     #151 0x4f8f62 in rl_vi_change_to
> /src/readline-devel/readline/vi_mode.c:1500:11
>     #152 0x4d16fa in _rl_dispatch_subseq
> /src/readline-devel/readline/readline.c:901:8
>     #153 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9
>     #154 0x4d16fa in _rl_dispatch_subseq
> /src/readline-devel/readline/readline.c:901:8
>     #155 0x4f8f62 in rl_domove_motion_callback
> /src/readline-devel/readline/vi_mode.c:1184:3
>     #156 0x4f8f62 in rl_vi_change_to
> /src/readline-devel/readline/vi_mode.c:1500:11
>     #157 0x4d16fa in _rl_dispatch_subseq
> /src/readline-devel/readline/readline.c:901:8
>     #158 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9
>     #159 0x4d16fa in _rl_dispatch_subseq
> /src/readline-devel/readline/readline.c:901:8
>     #160 0x4f8f62 in rl_domove_motion_callback
> /src/readline-devel/readline/vi_mode.c:1184:3
>     #161 0x4f8f62 in rl_vi_change_to
> /src/readline-devel/readline/vi_mode.c:1500:11
>     #162 0x4d16fa in _rl_dispatch_subseq
> /src/readline-devel/readline/readline.c:901:8
>     #163 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9
>     #164 0x4d16fa in _rl_dispatch_subseq
> /src/readline-devel/readline/readline.c:901:8
>     #165 0x4f8f62 in rl_domove_motion_callback
> /src/readline-devel/readline/vi_mode.c:1184:3
>     #166 0x4f8f62 in rl_vi_change_to
> /src/readline-devel/readline/vi_mode.c:1500:11
>     #167 0x4d16fa in _rl_dispatch_subseq
> /src/readline-devel/readline/readline.c:901:8
>     #168 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9
>     #169 0x4d16fa in _rl_dispatch_subseq
> /src/readline-devel/readline/readline.c:901:8
>     #170 0x4f8f62 in rl_domove_motion_callback
> /src/readline-devel/readline/vi_mode.c:1184:3
>     #171 0x4f8f62 in rl_vi_change_to
> /src/readline-devel/readline/vi_mode.c:1500:11
>     #172 0x4d16fa in _rl_dispatch_subseq
> /src/readline-devel/readline/readline.c:901:8
>     #173 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9
>     #174 0x4d16fa in _rl_dispatch_subseq
> /src/readline-devel/readline/readline.c:901:8
>     #175 0x4f8f62 in rl_domove_motion_callback
> /src/readline-devel/readline/vi_mode.c:1184:3
>     #176 0x4f8f62 in rl_vi_change_to
> /src/readline-devel/readline/vi_mode.c:1500:11
>     #177 0x4d16fa in _rl_dispatch_subseq
> /src/readline-devel/readline/readline.c:901:8
>     #178 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9
>     #179 0x4d16fa in _rl_dispatch_subseq
> /src/readline-devel/readline/readline.c:901:8
>     #180 0x4f8f62 in rl_domove_motion_callback
> /src/readline-devel/readline/vi_mode.c:1184:3
>     #181 0x4f8f62 in rl_vi_change_to
> /src/readline-devel/readline/vi_mode.c:1500:11
>     #182 0x4d16fa in _rl_dispatch_subseq
> /src/readline-devel/readline/readline.c:901:8
>     #183 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9
>     #184 0x4d16fa in _rl_dispatch_subseq
> /src/readline-devel/readline/readline.c:901:8
>     #185 0x4f8f62 in rl_domove_motion_callback
> /src/readline-devel/readline/vi_mode.c:1184:3
>     #186 0x4f8f62 in rl_vi_change_to
> /src/readline-devel/readline/vi_mode.c:1500:11
>     #187 0x4d16fa in _rl_dispatch_subseq
> /src/readline-devel/readline/readline.c:901:8
>     #188 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9
>     #189 0x4d16fa in _rl_dispatch_subseq
> /src/readline-devel/readline/readline.c:901:8
>     #190 0x4f8f62 in rl_domove_motion_callback
> /src/readline-devel/readline/vi_mode.c:1184:3
>     #191 0x4f8f62 in rl_vi_change_to
> /src/readline-devel/readline/vi_mode.c:1500:11
>     #192 0x4d16fa in _rl_dispatch_subseq
> /src/readline-devel/readline/readline.c:901:8
>     #193 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9
>     #194 0x4d16fa in _rl_dispatch_subseq
> /src/readline-devel/readline/readline.c:901:8
>     #195 0x4f8f62 in rl_domove_motion_callback
> /src/readline-devel/readline/vi_mode.c:1184:3
>     #196 0x4f8f62 in rl_vi_change_to
> /src/readline-devel/readline/vi_mode.c:1500:11
>     #197 0x4d16fa in _rl_dispatch_subseq
> /src/readline-devel/readline/readline.c:901:8
>     #198 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9
>     #199 0x4d16fa in _rl_dispatch_subseq
> /src/readline-devel/readline/readline.c:901:8
>     #200 0x4f8f62 in rl_domove_motion_callback
> /src/readline-devel/readline/vi_mode.c:1184:3
>     #201 0x4f8f62 in rl_vi_change_to
> /src/readline-devel/readline/vi_mode.c:1500:11
>     #202 0x4d16fa in _rl_dispatch_subseq
> /src/readline-devel/readline/readline.c:901:8
>     #203 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9
>     #204 0x4d16fa in _rl_dispatch_subseq
> /src/readline-devel/readline/readline.c:901:8
>     #205 0x4f8f62 in rl_domove_motion_callback
> /src/readline-devel/readline/vi_mode.c:1184:3
>     #206 0x4f8f62 in rl_vi_change_to
> /src/readline-devel/readline/vi_mode.c:1500:11
>     #207 0x4d16fa in _rl_dispatch_subseq
> /src/readline-devel/readline/readline.c:901:8
>     #208 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9
>     #209 0x4d16fa in _rl_dispatch_subseq
> /src/readline-devel/readline/readline.c:901:8
>     #210 0x4f8f62 in rl_domove_motion_callback
> /src/readline-devel/readline/vi_mode.c:1184:3
>     #211 0x4f8f62 in rl_vi_change_to
> /src/readline-devel/readline/vi_mode.c:1500:11
>     #212 0x4d16fa in _rl_dispatch_subseq
> /src/readline-devel/readline/readline.c:901:8
>     #213 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9
>     #214 0x4d16fa in _rl_dispatch_subseq
> /src/readline-devel/readline/readline.c:901:8
>     #215 0x4f8f62 in rl_domove_motion_callback
> /src/readline-devel/readline/vi_mode.c:1184:3
>     #216 0x4f8f62 in rl_vi_change_to
> /src/readline-devel/readline/vi_mode.c:1500:11
>     #217 0x4d16fa in _rl_dispatch_subseq
> /src/readline-devel/readline/readline.c:901:8
>     #218 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9
>     #219 0x4d16fa in _rl_dispatch_subseq
> /src/readline-devel/readline/readline.c:901:8
>     #220 0x4f8f62 in rl_domove_motion_callback
> /src/readline-devel/readline/vi_mode.c:1184:3
>     #221 0x4f8f62 in rl_vi_change_to
> /src/readline-devel/readline/vi_mode.c:1500:11
>     #222 0x4d16fa in _rl_dispatch_subseq
> /src/readline-devel/readline/readline.c:901:8
>     #223 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9
>     #224 0x4d16fa in _rl_dispatch_subseq
> /src/readline-devel/readline/readline.c:901:8
>     #225 0x4f8f62 in rl_domove_motion_callback
> /src/readline-devel/readline/vi_mode.c:1184:3
>     #226 0x4f8f62 in rl_vi_change_to
> /src/readline-devel/readline/vi_mode.c:1500:11
>     #227 0x4d16fa in _rl_dispatch_subseq
> /src/readline-devel/readline/readline.c:901:8
>     #228 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9
>     #229 0x4d16fa in _rl_dispatch_subseq
> /src/readline-devel/readline/readline.c:901:8
>     #230 0x4f8f62 in rl_domove_motion_callback
> /src/readline-devel/readline/vi_mode.c:1184:3
>     #231 0x4f8f62 in rl_vi_change_to
> /src/readline-devel/readline/vi_mode.c:1500:11
>     #232 0x4d16fa in _rl_dispatch_subseq
> /src/readline-devel/readline/readline.c:901:8
>     #233 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9
>     #234 0x4d16fa in _rl_dispatch_subseq
> /src/readline-devel/readline/readline.c:901:8
>     #235 0x4f8f62 in rl_domove_motion_callback
> /src/readline-devel/readline/vi_mode.c:1184:3
>     #236 0x4f8f62 in rl_vi_change_to
> /src/readline-devel/readline/vi_mode.c:1500:11
>     #237 0x4d16fa in _rl_dispatch_subseq
> /src/readline-devel/readline/readline.c:901:8
>     #238 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9
>     #239 0x4d16fa in _rl_dispatch_subseq
> /src/readline-devel/readline/readline.c:901:8
>     #240 0x4f8f62 in rl_domove_motion_callback
> /src/readline-devel/readline/vi_mode.c:1184:3
>     #241 0x4f8f62 in rl_vi_change_to
> /src/readline-devel/readline/vi_mode.c:1500:11
>     #242 0x4d16fa in _rl_dispatch_subseq
> /src/readline-devel/readline/readline.c:901:8
>     #243 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9
>     #244 0x4d16fa in _rl_dispatch_subseq
> /src/readline-devel/readline/readline.c:901:8
>     #245 0x4f8f62 in rl_domove_motion_callback
> /src/readline-devel/readline/vi_mode.c:1184:3
>     #246 0x4f8f62 in rl_vi_change_to
> /src/readline-devel/readline/vi_mode.c:1500:11
>     #247 0x4d16fa in _rl_dispatch_subseq
> /src/readline-devel/readline/readline.c:901:8
>     #248 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9
>     #249 0x4d16fa in _rl_dispatch_subseq
> /src/readline-devel/readline/readline.c:901:8
>     #250 0x4f8f62 in rl_domove_motion_callback
> /src/readline-devel/readline/vi_mode.c:1184:3
>     #251 0x4f8f62 in rl_vi_change_to
> /src/readline-devel/readline/vi_mode.c:1500:11
>     #252 0x4d16fa in _rl_dispatch_subseq
> /src/readline-devel/readline/readline.c:901:8
>     #253 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9
>     #254 0x4d16fa in _rl_dispatch_subseq
> /src/readline-devel/readline/readline.c:901:8
>     #255 0x4f8f62 in rl_domove_motion_callback
> /src/readline-devel/readline/vi_mode.c:1184:3
>     #256 0x4f8f62 in rl_vi_change_to
> /src/readline-devel/readline/vi_mode.c:1500:11
>     #257 0x4d16fa in _rl_dispatch_subseq
> /src/readline-devel/readline/readline.c:901:8
>     #258 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9
>     #259 0x4d16fa in _rl_dispatch_subseq
> /src/readline-devel/readline/readline.c:901:8
>     #260 0x4f8f62 in rl_domove_motion_callback
> /src/readline-devel/readline/vi_mode.c:1184:3
>     #261 0x4f8f62 in rl_vi_change_to
> /src/readline-devel/readline/vi_mode.c:1500:11
>     #262 0x4d16fa in _rl_dispatch_subseq
> /src/readline-devel/readline/readline.c:901:8
>     #263 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9
>     #264 0x4d16fa in _rl_dispatch_subseq
> /src/readline-devel/readline/readline.c:901:8
>     #265 0x4f8f62 in rl_domove_motion_callback
> /src/readline-devel/readline/vi_mode.c:1184:3
>     #266 0x4f8f62 in rl_vi_change_to
> /src/readline-devel/readline/vi_mode.c:1500:11
>     #267 0x4d16fa in _rl_dispatch_subseq
> /src/readline-devel/readline/readline.c:901:8
>     #268 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9
>     #269 0x4d16fa in _rl_dispatch_subseq
> /src/readline-devel/readline/readline.c:901:8
>     #270 0x4f8f62 in rl_domove_motion_callback
> /src/readline-devel/readline/vi_mode.c:1184:3
>     #271 0x4f8f62 in rl_vi_change_to
> /src/readline-devel/readline/vi_mode.c:1500:11
>     #272 0x4d16fa in _rl_dispatch_subseq
> /src/readline-devel/readline/readline.c:901:8
>     #273 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9
>     #274 0x4d16fa in _rl_dispatch_subseq
> /src/readline-devel/readline/readline.c:901:8
>     #275 0x4f8f62 in rl_domove_motion_callback
> /src/readline-devel/readline/vi_mode.c:1184:3
>     #276 0x4f8f62 in rl_vi_change_to
> /src/readline-devel/readline/vi_mode.c:1500:11
>     #277 0x4d16fa in _rl_dispatch_subseq
> /src/readline-devel/readline/readline.c:901:8
>     #278 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9
>     #279 0x4d16fa in _rl_dispatch_subseq
> /src/readline-devel/readline/readline.c:901:8
>     #280 0x4f8f62 in rl_domove_motion_callback
> /src/readline-devel/readline/vi_mode.c:1184:3
>     #281 0x4f8f62 in rl_vi_change_to
> /src/readline-devel/readline/vi_mode.c:1500:11
>     #282 0x4d16fa in _rl_dispatch_subseq
> /src/readline-devel/readline/readline.c:901:8
>     #283 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9
>     #284 0x4d16fa in _rl_dispatch_subseq
> /src/readline-devel/readline/readline.c:901:8
>     #285 0x4f8f62 in rl_domove_motion_callback
> /src/readline-devel/readline/vi_mode.c:1184:3
>     #286 0x4f8f62 in rl_vi_change_to
> /src/readline-devel/readline/vi_mode.c:1500:11
>     #287 0x4d16fa in _rl_dispatch_subseq
> /src/readline-devel/readline/readline.c:901:8
>     #288 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9
>     #289 0x4d16fa in _rl_dispatch_subseq
> /src/readline-devel/readline/readline.c:901:8
>     #290 0x4f8f62 in rl_domove_motion_callback
> /src/readline-devel/readline/vi_mode.c:1184:3
>     #291 0x4f8f62 in rl_vi_change_to
> /src/readline-devel/readline/vi_mode.c:1500:11
>     #292 0x4d16fa in _rl_dispatch_subseq
> /src/readline-devel/readline/readline.c:901:8
>     #293 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9
>     #294 0x4d16fa in _rl_dispatch_subseq
> /src/readline-devel/readline/readline.c:901:8
>     #295 0x4f8f62 in rl_domove_motion_callback
> /src/readline-devel/readline/vi_mode.c:1184:3
>     #296 0x4f8f62 in rl_vi_change_to
> /src/readline-devel/readline/vi_mode.c:1500:11
>     #297 0x4d16fa in _rl_dispatch_subseq
> /src/readline-devel/readline/readline.c:901:8
>     #298 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9
>     #299 0x4d16fa in _rl_dispatch_subseq
> /src/readline-devel/readline/readline.c:901:8
>     #300 0x4f8f62 in rl_domove_motion_callback
> /src/readline-devel/readline/vi_mode.c:1184:3
>     #301 0x4f8f62 in rl_vi_change_to
> /src/readline-devel/readline/vi_mode.c:1500:11
>     #302 0x4d16fa in _rl_dispatch_subseq
> /src/readline-devel/readline/readline.c:901:8
>     #303 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9
>     #304 0x4d16fa in _rl_dispatch_subseq
> /src/readline-devel/readline/readline.c:901:8
>     #305 0x4f8f62 in rl_domove_motion_callback
> /src/readline-devel/readline/vi_mode.c:1184:3
>     #306 0x4f8f62 in rl_vi_change_to
> /src/readline-devel/readline/vi_mode.c:1500:11
>     #307 0x4d16fa in _rl_dispatch_subseq
> /src/readline-devel/readline/readline.c:901:8
>     #308 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9
>     #309 0x4d16fa in _rl_dispatch_subseq
> /src/readline-devel/readline/readline.c:901:8
>
> SUMMARY: AddressSanitizer: stack-overflow
> (/src/readline-devel/readline/examples/rlbasic+0x498ae6) in realloc
> ==1879148==ABORTING
>
> Valgrind Log:
> valgrind --tool=memcheck ./examples/rlbasic > /dev/null < stack-exhaust-poc1
> ==1881919== Memcheck, a memory error detector
> ==1881919== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
> ==1881919== Using Valgrind-3.15.0 and LibVEX; rerun with -h for copyright info
> ==1881919== Command: ./rlbasic
> ==1881919==
> ==1881919== Stack overflow in thread #1: can't grow stack to 0x1ffe801000
> ==1881919==
> ==1881919== Process terminating with default action of signal 11
> (SIGSEGV): dumping core
> ==1881919==  Access not within mapped region at address 0x1FFE801FF8
> ==1881919== Stack overflow in thread #1: can't grow stack to 0x1ffe801000
> ==1881919==    at 0x13C4DD: xrealloc (xmalloc.c:70)
> ==1881919==  If you believe this happened as a result of a stack
> ==1881919==  overflow in your program's main thread (unlikely but
> ==1881919==  possible), you can try to increase the size of the
> ==1881919==  main thread stack using the --main-stacksize= flag.
> ==1881919==  The main thread stack size used in this run was 8388608.
> ==1881919== Stack overflow in thread #1: can't grow stack to 0x1ffe801000
> ==1881919==
> ==1881919== Process terminating with default action of signal 11 (SIGSEGV)
> ==1881919==  Access not within mapped region at address 0x1FFE801FF0
> ==1881919== Stack overflow in thread #1: can't grow stack to 0x1ffe801000
> ==1881919==    at 0x4831134: _vgnU_freeres (in
> /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_core-amd64-linux.so)
> ==1881919==  If you believe this happened as a result of a stack
> ==1881919==  overflow in your program's main thread (unlikely but
> ==1881919==  possible), you can try to increase the size of the
> ==1881919==  main thread stack using the --main-stacksize= flag.
> ==1881919==  The main thread stack size used in this run was 8388608.
> ==1881919==
> ==1881919== HEAP SUMMARY:
> ==1881919==     in use at exit: 328,096 bytes in 231 blocks
> ==1881919==   total heap usage: 5,620 allocs, 5,389 frees, 206,448,120
> bytes allocated
> ==1881919==
> ==1881919== LEAK SUMMARY:
> ==1881919==    definitely lost: 0 bytes in 0 blocks
> ==1881919==    indirectly lost: 0 bytes in 0 blocks
> ==1881919==      possibly lost: 0 bytes in 0 blocks
> ==1881919==    still reachable: 328,096 bytes in 231 blocks
> ==1881919==         suppressed: 0 bytes in 0 blocks
> ==1881919== Rerun with --leak-check=full to see details of leaked memory
> ==1881919==
> ==1881919== For lists of detected and suppressed errors, rerun with: -s
> ==1881919== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 0 from 0)
> Segmentation fault
>
> - ulimit value is unlimited on the machine.
>
>
> Extra crash logs:
>
> ---CRASH SUMMARY---
> Filename: ./stack-exhaust-poc1
> SHA1: 6fd48596f8a3b4feffbf7067b0907268498491bf
> Classification: EXPLOITABLE
> Hash: d9e1794af557ab233c5c737b811074fb.34edfa84bd548bbbe15ff87f814291b8
> Command: ./rlbasic
> Faulting Frame:
>    _rl_dispatch_subseq @ 0x00000000004caaef: in
> /src/readline-devel/readline/examples/rlbasic
> Disassembly:
>    0x00000000004caad1: mov QWORD PTR ds:0xe70a20,rax
>    0x00000000004caad9: mov rax,QWORD PTR [rbp-0x30]
>    0x00000000004caadd: mov edi,DWORD PTR ds:0x5b4f00
>    0x00000000004caae4: imul edi,DWORD PTR ds:0x5b4f40
>    0x00000000004caaec: mov esi,DWORD PTR [rbp-0x8]
> => 0x00000000004caaef: call rax
>    0x00000000004caaf1: mov DWORD PTR [rbp-0x18],eax
>    0x00000000004caaf4: mov rax,QWORD PTR ds:0xe70a20
>    0x00000000004caafc: and rax,0xffffffffffffffdf
>    0x00000000004cab00: mov QWORD PTR ds:0xe70a20,rax
> Stack Head (1000 entries):
>    _rl_dispatch_subseq       @ 0x00000000004caaef: in
> /src/readline-devel/readline/examples/rlbasic
>    _rl_dispatch              @ 0x00000000004c9ca9: in
> /src/readline-devel/readline/examples/rlbasic
>    rl_domove_motion_callback @ 0x00000000004db810: in
> /src/readline-devel/readline/examples/rlbasic
>    rl_vi_change_to           @ 0x00000000004dbce6: in
> /src/readline-devel/readline/examples/rlbasic
>    _rl_dispatch_subseq       @ 0x00000000004caaf1: in
> /src/readline-devel/readline/examples/rlbasic
>    _rl_dispatch              @ 0x00000000004c9ca9: in
> /src/readline-devel/readline/examples/rlbasic
>    rl_vi_redo                @ 0x00000000004ce86d: in
> /src/readline-devel/readline/examples/rlbasic
>    _rl_dispatch_subseq       @ 0x00000000004caaf1: in
> /src/readline-devel/readline/examples/rlbasic
>    _rl_dispatch              @ 0x00000000004c9ca9: in
> /src/readline-devel/readline/examples/rlbasic
>    rl_domove_motion_callback @ 0x00000000004db810: in
> /src/readline-devel/readline/examples/rlbasic
>    rl_vi_change_to           @ 0x00000000004dbce6: in
> /src/readline-devel/readline/examples/rlbasic
>    _rl_dispatch_subseq       @ 0x00000000004caaf1: in
> /src/readline-devel/readline/examples/rlbasic
>    _rl_dispatch              @ 0x00000000004c9ca9: in
> /src/readline-devel/readline/examples/rlbasic
>    rl_vi_redo                @ 0x00000000004ce86d: in
> /src/readline-devel/readline/examples/rlbasic
>    _rl_dispatch_subseq       @ 0x00000000004caaf1: in
> /src/readline-devel/readline/examples/rlbasic
>    _rl_dispatch              @ 0x00000000004c9ca9: in
> /src/readline-devel/readline/examples/rlbasic
> Registers:
> rax=0x00000000004ce240 rbx=0x00007fffff7ff280 rcx=0x000000000000234c
> rdx=0x000000000000234c
> rsi=0x000000000000002e rdi=0x0000000000000001 rbp=0x00007fffff7ff1a0
> rsp=0x00007fffff7fef60
>  r8=0x0000000000002340  r9=0x0000000000000000 r10=0x000000000000001e
> r11=0x00006250000b8c30
> r12=0x000000000041c510 r13=0x00007fffffffe570 r14=0x0000000000000000
> r15=0x0000000000000000
> rip=0x00000000004caaef efl=0x0000000000010202  cs=0x0000000000000033
> ss=0x000000000000002b
>  ds=0x0000000000000000  es=0x0000000000000000  fs=0x0000000000000000
> gs=0x0000000000000000
>
> Please let me know for any information or for any support.
>
> Thanks,
> Kind regards,
> Neeraj Pal
[Prev in Thread]
Current Thread
[Next in Thread]
Stack exhaustion issue in the GNU Readline, Neeraj Pal, 2021/04/04
- Re: Stack exhaustion issue in the GNU Readline, Neeraj Pal <=
Prev by Date: Stack exhaustion issue in the GNU Readline
Next by Date: vi-undo absent in funmap.c L59 default_funmap
Previous by thread: Stack exhaustion issue in the GNU Readline
Next by thread: vi-undo absent in funmap.c L59 default_funmap
Index(es):
- Date
- Thread