[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Bug: SEGV in function _nc_find_entry
|
From: |
address@hidden |
|
Subject: |
Re: Bug: SEGV in function _nc_find_entry |
|
Date: |
Sat, 12 Oct 2019 10:57:53 +0800 |
Valgrind report for poc7, duplicate of poc6
Step 19/19 : RUN valgrind -v /tmp/noasan/infotocap fuzzpoc/infotocap_poc7 || exit 0
---> Running in dd4ce3761e0a
==6== Invalid read of size 8
==6== at 0x44F5E7: _nc_find_entry (comp_hash.c:70)
==6== by 0x42D90D: nametrans (dump_entry.c:174)
==6== by 0x40556F: put_translate (tic.c:339)
==6== by 0x40556F: main (tic.c:1033)
==6== Address 0x527f810 is 468,704 bytes inside an unallocated block of size 4,157,104 in arena "client"
==6==
--6-- REDIR: 0x4ec3cd0 (libc.so.6:strcmp) redirected to 0x4a286f0 (_vgnU_ifunc_wrapper)
--6-- REDIR: 0x4ed9570 (libc.so.6:__strcmp_sse2_unaligned) redirected to 0x4c31f90 (strcmp)
==6== Invalid read of size 1
==6== at 0x4ED9570: __strcmp_sse2_unaligned (strcmp-sse2-unaligned.S:24)
==6== by 0x44CF30: compare_info_names (comp_captab.c:3393)
==6== by 0x44F5ED: _nc_find_entry (comp_hash.c:70)
==6== by 0x42D90D: nametrans (dump_entry.c:174)
==6== by 0x40556F: put_translate (tic.c:339)
==6== by 0x40556F: main (tic.c:1033)
==6== Address 0x0 is not stack'd, malloc'd or (recently) free'd
==6==
==6==
==6== Process terminating with default action of signal 11 (SIGSEGV)
==6== Access not within mapped region at address 0x0
==6== at 0x4ED9570: __strcmp_sse2_unaligned (strcmp-sse2-unaligned.S:24)
==6== by 0x44CF30: compare_info_names (comp_captab.c:3393)
==6== by 0x44F5ED: _nc_find_entry (comp_hash.c:70)
==6== by 0x42D90D: nametrans (dump_entry.c:174)
==6== by 0x40556F: put_translate (tic.c:339)
==6== by 0x40556F: main (tic.c:1033)
==6== If you believe this happened as a result of a stack
==6== overflow in your program's main thread (unlikely but
==6== possible), you can try to increase the size of the
==6== main thread stack using the --main-stacksize= flag.
==6== The main thread stack size used in this run was 8388608.
#S�D11Q5==6==
==6== HEAP SUMMARY:
==6== in use at exit: 23,002 bytes in 15 blocks
==6== total heap usage: 21 allocs, 6 frees, 35,652 bytes allocated
==6==
==6== Searching for pointers to 15 not-freed blocks
==6== Checked 75,704 bytes
==6==
==6== LEAK SUMMARY:
==6== definitely lost: 0 bytes in 0 blocks
==6== indirectly lost: 0 bytes in 0 blocks
==6== possibly lost: 0 bytes in 0 blocks
==6== still reachable: 23,002 bytes in 15 blocks
==6== suppressed: 0 bytes in 0 blocks
==6== Rerun with --leak-check=full to see details of leaked memory
==6==
==6== ERROR SUMMARY: 2 errors from 2 contexts (suppressed: 0 from 0)
==6==
==6== 1 errors in context 1 of 2:
==6== Invalid read of size 1
==6== at 0x4ED9570: __strcmp_sse2_unaligned (strcmp-sse2-unaligned.S:24)
==6== by 0x44CF30: compare_info_names (comp_captab.c:3393)
==6== by 0x44F5ED: _nc_find_entry (comp_hash.c:70)
==6== by 0x42D90D: nametrans (dump_entry.c:174)
==6== by 0x40556F: put_translate (tic.c:339)
==6== by 0x40556F: main (tic.c:1033)
==6== Address 0x0 is not stack'd, malloc'd or (recently) free'd
==6==
==6==
==6== 1 errors in context 2 of 2:
==6== Invalid read of size 8
==6== at 0x44F5E7: _nc_find_entry (comp_hash.c:70)
==6== by 0x42D90D: nametrans (dump_entry.c:174)
==6== by 0x40556F: put_translate (tic.c:339)
==6== by 0x40556F: main (tic.c:1033)
==6== Address 0x527f810 is 468,704 bytes inside an unallocated block of size 4,157,104 in arena "client"
==6==
==6== ERROR SUMMARY: 2 errors from 2 contexts (suppressed: 0 from 0)
/bin/bash: line 1: 6 Segmentation fault valgrind -v /tmp/noasan/infotocap fuzzpoc/infotocap_poc7