From: Dennis Felsing <dennis@felsin9.de>
To: zsh-workers@zsh.org
Subject: free() error on simple input scripts
Date: Sat, 6 Dec 2014 05:27:32 +0100 [thread overview]
Message-ID: <20141206042732.GA28745@ti.fritz.box> (raw)
[-- Attachment #1: Type: text/plain, Size: 2023 bytes --]
Hello,
Simply running zsh (from git) on each of the two attached files causes a
free() error for me:
*** Error in `/usr/local/bin/zsh': free(): invalid next size (fast): 0x00000000009708c0 ***
This has been found fuzzing using AFL: http://lcamtuf.coredump.cx/afl/
Dennis
gdb output:
Program received signal SIGABRT, Aborted.
0x00007ffff6eeb5e7 in raise () from /lib64/libc.so.6
(gdb) bt
#0 0x00007ffff6eeb5e7 in raise () from /lib64/libc.so.6
#1 0x00007ffff6eec9c8 in abort () from /lib64/libc.so.6
#2 0x00007ffff6f2a0d4 in __libc_message () from /lib64/libc.so.6
#3 0x00007ffff6f2f9fe in malloc_printerr () from /lib64/libc.so.6
#4 0x00007ffff6f30716 in _int_free () from /lib64/libc.so.6
#5 0x00000000006fccfd in unmeta (file_name=0x7fffffffc1d0 "/media/intel/vtune_amplifier_xe_2011/bin64/d\203")
at utils.c:4238
#6 0x0000000000473137 in iscom (s=0x7fffffffc1d0 "/media/intel/vtune_amplifier_xe_2011/bin64/d\203")
at exec.c:824
#7 hashcmd (arg0=0x7ffff7ff3560 "d\203", pp=0x969168, pp@entry=0x969160) at exec.c:878
#8 0x0000000000489575 in execcmd (state=0x7fffffffd820, input=0, output=0, how=<optimized out>, last1=2)
at exec.c:2886
#9 0x000000000049059e in execpline2 (state=0x7fffffffd820, pcode=16729, pcode@entry=131, how=18, input=0,
output=0, last1=5798544, last1@entry=0) at exec.c:1698
#10 0x0000000000491294 in execpline (state=state@entry=0x7fffffffd820, slcode=<optimized out>,
how=how@entry=18, last1=<optimized out>) at exec.c:1485
#11 0x00000000004952ab in execlist (state=state@entry=0x7fffffffd820, dont_change_job=dont_change_job@entry=0,
exiting=exiting@entry=0) at exec.c:1268
#12 0x0000000000495ce7 in execode (p=0x7ffff7ff33f0, dont_change_job=0, exiting=0, context=0x72a141 "toplevel")
at exec.c:1074
#13 0x0000000000515861 in loop (toplevel=1, justonce=0) at init.c:185
#14 zsh_main (argc=<optimized out>, argv=<optimized out>) at init.c:1649
#15 0x00007ffff6ed7dc5 in __libc_start_main () from /lib64/libc.so.6
#16 0x0000000000413829 in _start ()
[-- Attachment #2: id:000000,sig:06,src:000000,op:havoc,rep:16 --]
[-- Type: application/octet-stream, Size: 26 bytes --]
[-- Attachment #3: id:000001,sig:06,src:000002,op:havoc,rep:8 --]
[-- Type: application/octet-stream, Size: 7 bytes --]
next reply other threads:[~2014-12-06 4:28 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-12-06 4:27 Dennis Felsing [this message]
2014-12-06 23:07 ` Bart Schaefer
2014-12-07 6:36 ` Bart Schaefer
2014-12-09 15:45 ` Jun T.
2014-12-09 17:30 ` Peter Stephenson
2014-12-09 22:13 ` Bart Schaefer
2014-12-08 12:51 ` Jun T.
2014-12-08 16:37 ` Bart Schaefer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20141206042732.GA28745@ti.fritz.box \
--to=dennis@felsin9.de \
--cc=zsh-workers@zsh.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.vuxu.org/mirror/zsh/
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).