Skip to content

Instantly share code, notes, and snippets.

@samcv
Last active August 26, 2017 23:53
Show Gist options
  • Save samcv/0bfd825ac061af7a36fac7f69179fe87 to your computer and use it in GitHub Desktop.
Save samcv/0bfd825ac061af7a36fac7f69179fe87 to your computer and use it in GitHub Desktop.
=================================================================
==31253==ERROR: AddressSanitizer: heap-use-after-free on address 0x6040006bd4d0 at pc 0x7f5f11ea107a bp 0x7ffde91df430 sp 0x7ffde91df428
READ of size 8 at 0x6040006bd4d0 thread T0
#0 0x7f5f11ea1079 in MVM_string_gi_init /home/samantha/git/MoarVM/src/strings/iter.h:34:47
#1 0x7f5f11eb80a7 in MVM_string_ci_init /home/samantha/git/MoarVM/src/strings/iter.h:168:5
#2 0x7f5f11eaafc8 in re_nfg /home/samantha/git/MoarVM/src/strings/ops.c:264:5
#3 0x7f5f11e9ecc6 in NFG_checker /home/samantha/git/MoarVM/src/strings/ops.c:65:5
#4 0x7f5f11e9f315 in NFG_check_concat /home/samantha/git/MoarVM/src/strings/ops.c:110:17
#5 0x7f5f11ea98f6 in MVM_string_concatenate /home/samantha/git/MoarVM/src/strings/ops.c:799:9
#6 0x7f5f11ea690d in MVM_string_replace /home/samantha/git/MoarVM/src/strings/ops.c:586:18
#7 0x7f5f11b12ce2 in MVM_interp_run /home/samantha/git/MoarVM/src/core/interp.c:3910:40
#8 0x7f5f11f339fc in MVM_vm_run_file /home/samantha/git/MoarVM/src/moar.c:356:5
#9 0x512204 in main /home/samantha/git/MoarVM/src/main.c:255:10
#10 0x7f5f10512953 in __libc_start_main (/lib64/libc.so.6+0x20953)
#11 0x419f98 in _start (/home/samantha/perl6/bin/moar+0x419f98)
0x6040006bd4d0 is located 0 bytes inside of 48-byte region [0x6040006bd4d0,0x6040006bd500)
freed by thread T0 here:
#0 0x4d9310 in __interceptor_free /var/tmp/portage/sys-libs/compiler-rt-sanitizers-4.0.1/work/compiler-rt-4.0.1.src/lib/asan/asan_malloc_linux.cc:47
#1 0x7f5f11c78334 in MVM_free /home/samantha/git/MoarVM/src/core/alloc.h:40:5
#2 0x7f5f11c77d2c in gc_free /home/samantha/git/MoarVM/src/6model/reprs/MVMString.c:68:5
#3 0x7f5f11c07776 in MVM_gc_collect_free_nursery_uncopied /home/samantha/git/MoarVM/src/gc/collect.c:581:17
#4 0x7f5f11bed414 in finish_gc /home/samantha/git/MoarVM/src/gc/orchestrate.c:230:13
#5 0x7f5f11bec536 in run_gc /home/samantha/git/MoarVM/src/gc/orchestrate.c:358:5
#6 0x7f5f11beb54d in MVM_gc_enter_from_allocator /home/samantha/git/MoarVM/src/gc/orchestrate.c:466:9
#7 0x7f5f11bed850 in MVM_gc_allocate_nursery /home/samantha/git/MoarVM/src/gc/allocation.c:32:13
#8 0x7f5f11beda05 in MVM_gc_allocate /home/samantha/git/MoarVM/src/gc/allocation.h:13:11
#9 0x7f5f11bed93c in MVM_gc_allocate_zeroed /home/samantha/git/MoarVM/src/gc/allocation.c:49:12
#10 0x7f5f11bee78c in MVM_gc_allocate_object /home/samantha/git/MoarVM/src/gc/allocation.c:86:5
#11 0x7f5f11c5c26c in MVM_repr_alloc_init /home/samantha/git/MoarVM/src/6model/reprconv.c:17:22
#12 0x7f5f11eab3d4 in re_nfg /home/samantha/git/MoarVM/src/strings/ops.c:293:24
#13 0x7f5f11e9ecc6 in NFG_checker /home/samantha/git/MoarVM/src/strings/ops.c:65:5
#14 0x7f5f11e9f2f4 in NFG_check_concat /home/samantha/git/MoarVM/src/strings/ops.c:109:19
#15 0x7f5f11ea98f6 in MVM_string_concatenate /home/samantha/git/MoarVM/src/strings/ops.c:799:9
#16 0x7f5f11ea690d in MVM_string_replace /home/samantha/git/MoarVM/src/strings/ops.c:586:18
#17 0x7f5f11b12ce2 in MVM_interp_run /home/samantha/git/MoarVM/src/core/interp.c:3910:40
#18 0x7f5f11f339fc in MVM_vm_run_file /home/samantha/git/MoarVM/src/moar.c:356:5
#19 0x512204 in main /home/samantha/git/MoarVM/src/main.c:255:10
#20 0x7f5f10512953 in __libc_start_main (/lib64/libc.so.6+0x20953)
#21 0x419f98 in _start (/home/samantha/perl6/bin/moar+0x419f98)
previously allocated by thread T0 here:
#0 0x4d9668 in malloc /var/tmp/portage/sys-libs/compiler-rt-sanitizers-4.0.1/work/compiler-rt-4.0.1.src/lib/asan/asan_malloc_linux.cc:66
#1 0x7f5f11eb2dc4 in MVM_malloc /home/samantha/git/MoarVM/src/core/alloc.h:2:17
#2 0x7f5f11ea5e81 in allocate_strands /home/samantha/git/MoarVM/src/strings/ops.c:153:12
#3 0x7f5f11ea8708 in MVM_string_concatenate /home/samantha/git/MoarVM/src/strings/ops.c:675:5
#4 0x7f5f11ea690d in MVM_string_replace /home/samantha/git/MoarVM/src/strings/ops.c:586:18
#5 0x7f5f11b12ce2 in MVM_interp_run /home/samantha/git/MoarVM/src/core/interp.c:3910:40
#6 0x7f5f11f339fc in MVM_vm_run_file /home/samantha/git/MoarVM/src/moar.c:356:5
#7 0x512204 in main /home/samantha/git/MoarVM/src/main.c:255:10
#8 0x7f5f10512953 in __libc_start_main (/lib64/libc.so.6+0x20953)
#9 0x419f98 in _start (/home/samantha/perl6/bin/moar+0x419f98)
SUMMARY: AddressSanitizer: heap-use-after-free /home/samantha/git/MoarVM/src/strings/iter.h:34:47 in MVM_string_gi_init
Shadow bytes around the buggy address:
0x0c08800cfa40: fa fa fd fd fd fd fd fd fa fa fd fd fd fd fd fd
0x0c08800cfa50: fa fa fd fd fd fd fd fd fa fa fd fd fd fd fd fd
0x0c08800cfa60: fa fa fd fd fd fd fd fd fa fa fd fd fd fd fd fd
0x0c08800cfa70: fa fa fd fd fd fd fd fd fa fa fd fd fd fd fd fd
0x0c08800cfa80: fa fa fd fd fd fd fd fd fa fa fd fd fd fd fd fd
=>0x0c08800cfa90: fa fa fd fd fd fd fd fd fa fa[fd]fd fd fd fd fd
0x0c08800cfaa0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c08800cfab0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c08800cfac0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c08800cfad0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c08800cfae0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==31253==ABORTING
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment