catwell/stack-lua-54-arch Secret

## stack-lua-54-arch
#0  0x00007ffff7cf0a61 in __vsnprintf_internal () from /usr/lib/libc.so.6
#1  0x00007ffff7cc9ae6 in snprintf () from /usr/lib/libc.so.6
#2  0x0000555555566110 in tostringbuff (buff=0x3ff0000000000000 <error: Cannot access memory at address 0x3ff0000000000000>, obj=<optimized out>,
    obj=<optimized out>) at lobject.c:350
#3  0x00005555555661a4 in tostringbuff (obj=0x7fffffffd830, obj=0x7fffffffd830, buff=<optimized out>) at lobject.c:346
#4  addnum2buff (buff=buff@entry=0x7fffffffd840, num=num@entry=0x7fffffffd830) at lobject.c:452
#5  0x0000555555566ac6 in luaO_pushvfstring (L=L@entry=0x5555555972a8, fmt=0x555555587aaf "%f", argp=argp@entry=0x7fffffffda40) at lobject.c:495
#6  0x000055555555df41 in lua_pushfstring (L=L@entry=0x5555555972a8, fmt=fmt@entry=0x555555587aaf "%f") at lapi.c:542
#7  0x00005555555747c1 in luaL_tolstring (L=L@entry=0x5555555972a8, idx=idx@entry=1, len=len@entry=0x0) at lauxlib.c:870
#8  0x0000555555578a1d in luaB_tostring (L=0x5555555972a8) at lbaselib.c:479
#9  0x0000555555561c85 in luaD_call (L=L@entry=0x5555555972a8, func=0x55555559de40, func@entry=0x555555597970, nresults=0) at ldo.c:482
#10 0x000055555556f5b8 in luaV_execute (L=L@entry=0x5555555972a8, ci=<optimized out>) at lvm.c:1615
#11 0x0000555555561bf4 in luaD_call (L=L@entry=0x5555555972a8, func=<optimized out>, nresults=<optimized out>) at ldo.c:504
#12 0x0000555555561de7 in luaD_callnoyield (L=0x5555555972a8, func=<optimized out>, nResults=<optimized out>) at ldo.c:526
#13 0x000055555556108b in luaD_rawrunprotected (L=L@entry=0x5555555972a8, f=f@entry=0x55555555c9b0 <f_call>, ud=ud@entry=0x7fffffffddf0) at ldo.c:148
#14 0x000055555556215e in luaD_pcall (L=L@entry=0x5555555972a8, func=func@entry=0x55555555c9b0 <f_call>, u=u@entry=0x7fffffffddf0, old_top=80,
    ef=<optimized out>) at ldo.c:749
#15 0x000055555555ed5a in lua_pcallk (L=0x5555555972a8, nargs=<optimized out>, nresults=0, errfunc=<optimized out>, ctx=<optimized out>, k=<optimized out>)
    at lapi.c:1023
#16 0x000055555555b87f in docall (L=0x5555555972a8, narg=0, nres=0) at lua.c:139
#17 0x000055555555bef4 in dochunk (status=0, L=0x5555555972a8) at lua.c:174
#18 dostring (L=0x5555555972a8, s=<optimized out>, name=0x5555555860ff "=(command line)") at lua.c:185
#19 0x000055555555c322 in runargs (n=<optimized out>, argv=<optimized out>, L=<optimized out>) at lua.c:69
#20 pmain (L=0x5555555972a8) at lua.c:600
#21 0x0000555555561c85 in luaD_call (L=L@entry=0x5555555972a8, func=0x555555597910, nresults=1) at ldo.c:482
#22 0x0000555555561de7 in luaD_callnoyield (L=0x5555555972a8, func=<optimized out>, nResults=<optimized out>) at ldo.c:526
#23 0x000055555556108b in luaD_rawrunprotected (L=L@entry=0x5555555972a8, f=f@entry=0x55555555c9b0 <f_call>, ud=ud@entry=0x7fffffffe0b0) at ldo.c:148
#24 0x000055555556215e in luaD_pcall (L=L@entry=0x5555555972a8, func=func@entry=0x55555555c9b0 <f_call>, u=u@entry=0x7fffffffe0b0, old_top=16,
    ef=<optimized out>) at ldo.c:749
#25 0x000055555555ed5a in lua_pcallk (L=0x5555555972a8, nargs=<optimized out>, nresults=1, errfunc=<optimized out>, ctx=<optimized out>, k=<optimized out>)
    at lapi.c:1023
#26 0x000055555555b63b in main (argc=3, argv=0x7fffffffe1f8) at lua.c:629

## valgrind-lua-54-arch
==7993== Memcheck, a memory error detector
==7993== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==7993== Using Valgrind-3.16.0.GIT and LibVEX; rerun with -h for copyright info
==7993== Command: ./src/lua -e tostring(1.0)
==7993==
==7993== Invalid write of size 1
==7993==    at 0x4A55A61: __vsnprintf_internal (in /usr/lib/libc-2.31.so)
==7993==    by 0x4A2EAE5: snprintf (in /usr/lib/libc-2.31.so)
==7993==    by 0x11A10F: tostringbuff.part.0.isra.0 (lobject.c:350)
==7993==    by 0x11A1A3: tostringbuff (lobject.c:346)
==7993==    by 0x11A1A3: addnum2buff (lobject.c:452)
==7993==    by 0x11AAC5: luaO_pushvfstring (lobject.c:495)
==7993==    by 0x111F40: lua_pushfstring (lapi.c:542)
==7993==    by 0x1287C0: luaL_tolstring (lauxlib.c:870)
==7993==    by 0x12CA1C: luaB_tostring (lbaselib.c:479)
==7993==    by 0x115C84: luaD_call (ldo.c:482)
==7993==    by 0x1235B7: luaV_execute (lvm.c:1615)
==7993==    by 0x115DE6: luaD_callnoyield (ldo.c:526)
==7993==    by 0x11508A: luaD_rawrunprotected (ldo.c:148)
==7993==  Address 0x3ff0000000000000 is not stack'd, malloc'd or (recently) free'd
==7993==
==7993==
==7993== Process terminating with default action of signal 11 (SIGSEGV): dumping core
==7993==  General Protection Fault
==7993==    at 0x4A55A61: __vsnprintf_internal (in /usr/lib/libc-2.31.so)
==7993==    by 0x4A2EAE5: snprintf (in /usr/lib/libc-2.31.so)
==7993==    by 0x11A10F: tostringbuff.part.0.isra.0 (lobject.c:350)
==7993==    by 0x11A1A3: tostringbuff (lobject.c:346)
==7993==    by 0x11A1A3: addnum2buff (lobject.c:452)
==7993==    by 0x11AAC5: luaO_pushvfstring (lobject.c:495)
==7993==    by 0x111F40: lua_pushfstring (lapi.c:542)
==7993==    by 0x1287C0: luaL_tolstring (lauxlib.c:870)
==7993==    by 0x12CA1C: luaB_tostring (lbaselib.c:479)
==7993==    by 0x115C84: luaD_call (ldo.c:482)
==7993==    by 0x1235B7: luaV_execute (lvm.c:1615)
==7993==    by 0x115DE6: luaD_callnoyield (ldo.c:526)
==7993==    by 0x11508A: luaD_rawrunprotected (ldo.c:148)
==7993==
==7993== HEAP SUMMARY:
==7993==     in use at exit: 21,573 bytes in 283 blocks
==7993==   total heap usage: 316 allocs, 33 frees, 26,573 bytes allocated
==7993==
==7993== LEAK SUMMARY:
==7993==    definitely lost: 0 bytes in 0 blocks
==7993==    indirectly lost: 0 bytes in 0 blocks
==7993==      possibly lost: 4,760 bytes in 3 blocks
==7993==    still reachable: 16,813 bytes in 280 blocks
==7993==         suppressed: 0 bytes in 0 blocks
==7993== Rerun with --leak-check=full to see details of leaked memory
==7993==
==7993== For lists of detected and suppressed errors, rerun with: -s
==7993== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0)
Segmentation fault (core dumped)
	#0 0x00007ffff7cf0a61 in __vsnprintf_internal () from /usr/lib/libc.so.6
	#1 0x00007ffff7cc9ae6 in snprintf () from /usr/lib/libc.so.6
	#2 0x0000555555566110 in tostringbuff (buff=0x3ff0000000000000 <error: Cannot access memory at address 0x3ff0000000000000>, obj=<optimized out>,
	obj=<optimized out>) at lobject.c:350
	#3 0x00005555555661a4 in tostringbuff (obj=0x7fffffffd830, obj=0x7fffffffd830, buff=<optimized out>) at lobject.c:346
	#4 addnum2buff (buff=buff@entry=0x7fffffffd840, num=num@entry=0x7fffffffd830) at lobject.c:452
	#5 0x0000555555566ac6 in luaO_pushvfstring (L=L@entry=0x5555555972a8, fmt=0x555555587aaf "%f", argp=argp@entry=0x7fffffffda40) at lobject.c:495
	#6 0x000055555555df41 in lua_pushfstring (L=L@entry=0x5555555972a8, fmt=fmt@entry=0x555555587aaf "%f") at lapi.c:542
	#7 0x00005555555747c1 in luaL_tolstring (L=L@entry=0x5555555972a8, idx=idx@entry=1, len=len@entry=0x0) at lauxlib.c:870
	#8 0x0000555555578a1d in luaB_tostring (L=0x5555555972a8) at lbaselib.c:479
	#9 0x0000555555561c85 in luaD_call (L=L@entry=0x5555555972a8, func=0x55555559de40, func@entry=0x555555597970, nresults=0) at ldo.c:482
	#10 0x000055555556f5b8 in luaV_execute (L=L@entry=0x5555555972a8, ci=<optimized out>) at lvm.c:1615
	#11 0x0000555555561bf4 in luaD_call (L=L@entry=0x5555555972a8, func=<optimized out>, nresults=<optimized out>) at ldo.c:504
	#12 0x0000555555561de7 in luaD_callnoyield (L=0x5555555972a8, func=<optimized out>, nResults=<optimized out>) at ldo.c:526
	#13 0x000055555556108b in luaD_rawrunprotected (L=L@entry=0x5555555972a8, f=f@entry=0x55555555c9b0 <f_call>, ud=ud@entry=0x7fffffffddf0) at ldo.c:148
	#14 0x000055555556215e in luaD_pcall (L=L@entry=0x5555555972a8, func=func@entry=0x55555555c9b0 <f_call>, u=u@entry=0x7fffffffddf0, old_top=80,
	ef=<optimized out>) at ldo.c:749
	#15 0x000055555555ed5a in lua_pcallk (L=0x5555555972a8, nargs=<optimized out>, nresults=0, errfunc=<optimized out>, ctx=<optimized out>, k=<optimized out>)
	at lapi.c:1023
	#16 0x000055555555b87f in docall (L=0x5555555972a8, narg=0, nres=0) at lua.c:139
	#17 0x000055555555bef4 in dochunk (status=0, L=0x5555555972a8) at lua.c:174
	#18 dostring (L=0x5555555972a8, s=<optimized out>, name=0x5555555860ff "=(command line)") at lua.c:185
	#19 0x000055555555c322 in runargs (n=<optimized out>, argv=<optimized out>, L=<optimized out>) at lua.c:69
	#20 pmain (L=0x5555555972a8) at lua.c:600
	#21 0x0000555555561c85 in luaD_call (L=L@entry=0x5555555972a8, func=0x555555597910, nresults=1) at ldo.c:482
	#22 0x0000555555561de7 in luaD_callnoyield (L=0x5555555972a8, func=<optimized out>, nResults=<optimized out>) at ldo.c:526
	#23 0x000055555556108b in luaD_rawrunprotected (L=L@entry=0x5555555972a8, f=f@entry=0x55555555c9b0 <f_call>, ud=ud@entry=0x7fffffffe0b0) at ldo.c:148
	#24 0x000055555556215e in luaD_pcall (L=L@entry=0x5555555972a8, func=func@entry=0x55555555c9b0 <f_call>, u=u@entry=0x7fffffffe0b0, old_top=16,
	ef=<optimized out>) at ldo.c:749
	#25 0x000055555555ed5a in lua_pcallk (L=0x5555555972a8, nargs=<optimized out>, nresults=1, errfunc=<optimized out>, ctx=<optimized out>, k=<optimized out>)
	at lapi.c:1023
	#26 0x000055555555b63b in main (argc=3, argv=0x7fffffffe1f8) at lua.c:629
	==7993== Memcheck, a memory error detector
	==7993== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
	==7993== Using Valgrind-3.16.0.GIT and LibVEX; rerun with -h for copyright info
	==7993== Command: ./src/lua -e tostring(1.0)
	==7993==
	==7993== Invalid write of size 1
	==7993== at 0x4A55A61: __vsnprintf_internal (in /usr/lib/libc-2.31.so)
	==7993== by 0x4A2EAE5: snprintf (in /usr/lib/libc-2.31.so)
	==7993== by 0x11A10F: tostringbuff.part.0.isra.0 (lobject.c:350)
	==7993== by 0x11A1A3: tostringbuff (lobject.c:346)
	==7993== by 0x11A1A3: addnum2buff (lobject.c:452)
	==7993== by 0x11AAC5: luaO_pushvfstring (lobject.c:495)
	==7993== by 0x111F40: lua_pushfstring (lapi.c:542)
	==7993== by 0x1287C0: luaL_tolstring (lauxlib.c:870)
	==7993== by 0x12CA1C: luaB_tostring (lbaselib.c:479)
	==7993== by 0x115C84: luaD_call (ldo.c:482)
	==7993== by 0x1235B7: luaV_execute (lvm.c:1615)
	==7993== by 0x115DE6: luaD_callnoyield (ldo.c:526)
	==7993== by 0x11508A: luaD_rawrunprotected (ldo.c:148)
	==7993== Address 0x3ff0000000000000 is not stack'd, malloc'd or (recently) free'd
	==7993==
	==7993==
	==7993== Process terminating with default action of signal 11 (SIGSEGV): dumping core
	==7993== General Protection Fault
	==7993== at 0x4A55A61: __vsnprintf_internal (in /usr/lib/libc-2.31.so)
	==7993== by 0x4A2EAE5: snprintf (in /usr/lib/libc-2.31.so)
	==7993== by 0x11A10F: tostringbuff.part.0.isra.0 (lobject.c:350)
	==7993== by 0x11A1A3: tostringbuff (lobject.c:346)
	==7993== by 0x11A1A3: addnum2buff (lobject.c:452)
	==7993== by 0x11AAC5: luaO_pushvfstring (lobject.c:495)
	==7993== by 0x111F40: lua_pushfstring (lapi.c:542)
	==7993== by 0x1287C0: luaL_tolstring (lauxlib.c:870)
	==7993== by 0x12CA1C: luaB_tostring (lbaselib.c:479)
	==7993== by 0x115C84: luaD_call (ldo.c:482)
	==7993== by 0x1235B7: luaV_execute (lvm.c:1615)
	==7993== by 0x115DE6: luaD_callnoyield (ldo.c:526)
	==7993== by 0x11508A: luaD_rawrunprotected (ldo.c:148)
	==7993==
	==7993== HEAP SUMMARY:
	==7993== in use at exit: 21,573 bytes in 283 blocks
	==7993== total heap usage: 316 allocs, 33 frees, 26,573 bytes allocated
	==7993==
	==7993== LEAK SUMMARY:
	==7993== definitely lost: 0 bytes in 0 blocks
	==7993== indirectly lost: 0 bytes in 0 blocks
	==7993== possibly lost: 4,760 bytes in 3 blocks
	==7993== still reachable: 16,813 bytes in 280 blocks
	==7993== suppressed: 0 bytes in 0 blocks
	==7993== Rerun with --leak-check=full to see details of leaked memory
	==7993==
	==7993== For lists of detected and suppressed errors, rerun with: -s
	==7993== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0)
	Segmentation fault (core dumped)