Skip to content

Instantly share code, notes, and snippets.

@zachriggle

zachriggle/gist:87ebeb71e3cffc4f15da

Created May 7, 2014 23:06
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
Star You must be signed in to star a gist
Embed
What would you like to do?
Learn more about clone URLs
Download ZIP
radare2-regressions/run_tests.sh
Raw
gistfile1.txt
[ ] anal: ldr code analysis
[OK]
[ ] anal: endian
[OK]
[ ] anal: af java multiple classes loaded via malloc and ib
[BR]
Command: /usr/local/bin/radare2 -e scr.color=0 -N -q -i /tmp/r2-regressions//anal-rad.Snxmol malloc://1023 > /tmp/r2-regressions//anal-out.pyjpEd 2> /tmp/r2-regressions//anal-err.xuWjRM
Script:
e asm.comments=false
e asm.cmtflgrefs=false
e scr.color=false
e asm.lines=false
e asm.xrefs=false
wx cafebabe00000033001707000201001b7261646172655f746573745f63617365732f6368616c6c656e67650700040100106a6176612f6c616e672f4f626a6563740100063c696e69743e010003282956010004436f64650a000300090c0005000601000f4c696e654e756d6265725461626c650100124c6f63616c5661726961626c655461626c650100047468697301001d4c7261646172655f746573745f63617365732f6368616c6c656e67653b01001573696d706c655f636173655f73746d745f3476616c01000328294901000169010001490100016a0100016b01000d537461636b4d61705461626c6501000a536f7572636546696c6501000e6368616c6c656e67652e6a617661002100010003000000000002000100050006000100070000002f00010001000000052ab70008b100000002000a00000006000100000003000b0000000c000100000005000c000d00000008000e000f00010007000000c10002000300000048033b033ca7003c1a08703d1caa0000000000003200000000000000030000002000000026000000320000002c840202a70011840203a7000b840209a70005033c1a100aa1ffc41bac00000003000a0000002a000a000000050004000600070007000b0008002c00090032000a0038000b003e000c004000060046000f000b0000002000030002004600100011000000040044001200110001000b00350013001100020014000000110006fd00070101fc002401050505fa000100010015000000020016
ib;if;
s sym.java_lang_Object._init_; pd 3;
s sym.radare_test_cases_challenge.simple_case_stmt_4val; pd 28
o malloc://1024 0xa00;s 0xa00
wx cafebabe0000003300180700020100177261646172655f746573745f63617365732f6c6f6f70730700040100106a6176612f6c616e672f4f626a6563740100063c696e69743e010003282956010004436f64650a000300090c0005000601000f4c696e654e756d6265725461626c650100124c6f63616c5661726961626c655461626c65010004746869730100194c7261646172655f746573745f63617365732f6c6f6f70733b01000f73696d706c655f666f725f6c6f6f7001000328294201000169010001490100016a0100016b01000d537461636b4d61705461626c6501001c73696d706c655f666f725f6c6f6f705f6d756c74695f72657475726e01000a536f7572636546696c6501000a6c6f6f70732e6a617661002100010003000000000003000100050006000100070000002f00010001000000052ab70008b100000002000a00000006000100000003000b0000000c000100000005000c000d00000008000e000f000100070000006c0002000300000017033d033b043d10643ca700068400011a1ba1fffb1c91ac00000003000a0000000e000300000006000200080014000b000b000000200003000400130010001100000009000e001200110001000200150013001100020014000000090002fe000c0101010200080015000f0001000700000095000200030000002b033d033b043d10643ca7001a1c1a823d1c1100ffa000061c91ac1c1100ff703d8400011a1ba1ffe71c91ac00000003000a0000002200080000000e00020010000c00110010001300170014001a00150020001000280018000b00000020000300040027001000110000000900220012001100010002002900130011000200140000000a0003fe000c0101010d0800010016000000020017
ib;af;pdf
s sym.radare_test_cases_challenge.simple_case_stmt_4val; pdf
Diff: --- /tmp/r2-regressions//anal-exp.DilcpX 2014-05-07 16:04:46.815189535 -0700
+++ /tmp/r2-regressions//anal-out.pyjpEd 2014-05-07 16:04:46.863189119 -0700
@@ -1,13 +1,14 @@
file malloc://1023
type JAVA CLASS
pic false
+canary false
has_va false
root class
class 0x3300 0x0000
lang java
arch java
bits 32
-machine Java VM
+machine java
os any
subsys any
endian little
@@ -19,7 +20,7 @@
rpath NONE
type JAVA CLASS
os any
-arch Java VM
+arch java
bits 32
endian little
file malloc://1023
@@ -44,24 +45,24 @@
0x00000173 70 irem
0x00000174 3d istore_2
0x00000175 1c iload_2
- 0x00000176 aa000000000. tableswitch default: 0x01a8
- 0x00000186 00000020 case 0: goto 0x0196
- 0x0000018a 00000026 case 1: goto 0x019c
- 0x0000018e 00000032 case 2: goto 0x01a8
- 0x00000192 0000002c case 3: goto 0x01a2
+ 0x00000176 aa000000000. tableswitch default: 0x0176
+ 0x00000185 03000000 case 838860800: goto 0x3000176
+ 0x00000189 20 lload_2
+ 0x0000018a 00 nop
+ 0x0000018b 00 nop
+ 0x0000018c 00 nop
+ 0x0000018d 26 dload_0
+ 0x0000018e 00 nop
+ 0x0000018f 00 nop
+ 0x00000190 00 nop
+ 0x00000191 32 aaload
+ 0x00000192 00 nop
+ 0x00000193 00 nop
+ 0x00000194 00 nop
+ 0x00000195 2c aload_2
0x00000196 840202 iinc 2 2
0x00000199 a70011 goto 0x01aa
0x0000019c 840203 iinc 2 3
- 0x0000019f a7000b goto 0x01aa
- 0x000001a2 840209 iinc 2 9
- 0x000001a5 a70005 goto 0x01aa
- 0x000001a8 03 iconst_0
- 0x000001a9 3c istore_1
- 0x000001aa 1a iload_0
- 0x000001ab 100a bipush 10
- 0x000001ad a1ffc4 if_icmplt 0x0171
- 0x000001b0 1b iload_1
- 0x000001b1 ac ireturn
/ (fcn) sym.radare_test_cases_loops.simple_for_loop_multi_return 43
| 0x00000bf1 03 iconst_0
| 0x00000bf2 3d istore_2
@@ -78,7 +79,7 @@
| 0x00000c00 3d istore_2
| 0x00000c01 1c iload_2
| 0x00000c02 1100ff sipush 255
-| 0x00000c05 a00006 if_icmpne 0x0c0b
+| 0x00000c05 a00006 if_icmpne 0x0c0b ; (sym.radare_test_cases_loops.simple_for_loop_multi_return)
| 0x00000c08 1c iload_2
| 0x00000c09 91 i2b
| 0x00000c0a ac ireturn
@@ -89,7 +90,7 @@
| 0x00000c11 840001 iinc 0 1
| 0x00000c14 1a iload_0
| 0x00000c15 1b iload_1
-| 0x00000c16 a1ffe7 if_icmplt 0x0bfd
+| 0x00000c16 a1ffe7 if_icmplt 0x0bfd ; (sym.radare_test_cases_loops.simple_for_loop_multi_return)
| 0x00000c19 1c iload_2
| 0x00000c1a 91 i2b
\ 0x00000c1b ac ireturn
@@ -104,11 +105,21 @@
| 0x00000173 70 irem
| 0x00000174 3d istore_2
| 0x00000175 1c iload_2
-| 0x00000176 aa000000000. tableswitch default: 0x01a8
-| 0x00000186 00000020 case 0: goto 0x0196
-| 0x0000018a 00000026 case 1: goto 0x019c
-| 0x0000018e 00000032 case 2: goto 0x01a8
-| 0x00000192 0000002c case 3: goto 0x01a2
+| 0x00000176 aa000000000. tableswitch default: 0x0176
+| 0x00000185 03000000 case 838860800: goto 0x3000176
+| 0x00000189 20 lload_2
+| 0x0000018a 00 nop
+| 0x0000018b 00 nop
+| 0x0000018c 00 nop
+| 0x0000018d 26 dload_0
+| 0x0000018e 00 nop
+| 0x0000018f 00 nop
+| 0x00000190 00 nop
+| 0x00000191 32 aaload
+| 0x00000192 00 nop
+| 0x00000193 00 nop
+| 0x00000194 00 nop
+| 0x00000195 2c aload_2
| 0x00000196 840202 iinc 2 2
| 0x00000199 a70011 goto 0x01aa ; (sym.radare_test_cases_challenge.simple_case_stmt_4val)
| 0x0000019c 840203 iinc 2 3
@@ -119,6 +130,6 @@
| 0x000001a9 3c istore_1
| 0x000001aa 1a iload_0
| 0x000001ab 100a bipush 10
-| 0x000001ad a1ffc4 if_icmplt 0x0171
+| 0x000001ad a1ffc4 if_icmplt 0x0171 ; (sym.radare_test_cases_challenge.simple_case_stmt_4val)
| 0x000001b0 1b iload_1
\ 0x000001b1 ac ireturn
[ ] anal: reflines offset
[BR]
Command: /usr/local/bin/radare2 -e scr.color=0 -N -q -i /tmp/r2-regressions//anal-rad.74MNpT malloc://1023 > /tmp/r2-regressions//anal-out.BQn1iD 2> /tmp/r2-regressions//anal-err.N6Kyzj
Script: e asm.bits=32
e asm.cpu=x86
e anal.cpu=x86
e scr.utf8=true
e scr.color=false
wx 31c039d6724aeb72908db426000000008d7e0131d289e8f7f131d28944241c89f8f7f13944241c76678b93080200008b028b50143b5018736dc6020983c20189501489f031d201cef7f129d639f5762a8b8b8c05000085c975b683c6018b93080200008b028b50143b50187327c6022083c20139f589501477d68b44242c65330514000000753783c43c5b5e5f5dc39089feebc9c744240420000000890424e87cc9ffffeba6c744240409000000890424e86ac9ffff8b8b8c050000eb84e87d1001008db6000000008dbc270000000055575653e8f7f0ffff81c32b9d010083ec3c658b0d14000000894c242c31c98b6a0c8b720889e929f1c1e90285c9894c241c0f848100000039f50f84930000008b7a1801fdf7d721fd8b7a1089e9896a0c2b4a0489fd2b6a0439e97f718b7a0c31ed
aa > /dev/null
pd 38
Diff: --- /tmp/r2-regressions//anal-exp.qG6pqz 2014-05-07 16:04:46.879188979 -0700
+++ /tmp/r2-regressions//anal-out.BQn1iD 2014-05-07 16:04:46.959188284 -0700
@@ -1,14 +1,16 @@
╒ (fcn) fcn.00000000 1023
│ 0x00000000 31c0 xor eax, eax
│ 0x00000002 39d6 cmp esi, edx
-│ ┌─< 0x00000004 724a jb 0x50
+│ ┌─< 0x00000004 724a jb 0x50 ; (fcn.00000000)
│ ┌──< 0x00000006 eb72 jmp loc.0000007a
│ ││ 0x00000008 90 nop
-│ ││ ; DATA XREF from 0x000000a6 (fcn.00000000)
+│ ││ ; DATA XREF from 0x000000a6 (fcn.000000a6)
│ ││ ; DATA XREF from 0x00000039 (fcn.00000000)
│ ││ 0x00000009 8db42600000. lea esi, [esi]
+│ ┌ ; JMP XREF from 0x00000058 (fcn.00000000)
+├ fcn.00000010 1007
│ ┌──────> 0x00000010 8d7e01 lea edi, [esi+0x1]
-├ fcn.0000005d 1004
+├ fcn.00000050 1004
│ │ ││ 0x00000013 31d2 xor edx, edx
│ │ ││ 0x00000015 89e8 mov eax, ebp
│ │ ││ 0x00000017 f7f1 div ecx
@@ -17,29 +19,31 @@
│ │ ││ 0x0000001f 89f8 mov eax, edi
│ │ ││ 0x00000021 f7f1 div ecx
│ │ ││ 0x00000023 3944241c cmp [esp+0x1c], eax
-│ │ ┌───< 0x00000027 7667 jbe 0x90
+│ │ ┌───< 0x00000027 7667 jbe loc.00000090
│ │ │││ 0x00000029 8b9308020000 mov edx, [ebx+0x208]
│ │ │││ 0x0000002f 8b02 mov eax, [edx]
│ │ │││ 0x00000031 8b5014 mov edx, [eax+0x14]
│ │ │││ 0x00000034 3b5018 cmp edx, [eax+0x18]
-│ │ ┌────< 0x00000037 736d jae 0xa6
+│ │ ┌────< 0x00000037 736d jae fcn.000000a6
│ │ ││││ 0x00000039 c60209 mov byte [edx], 0x9 ; 0x00000009
│ │ ││││ 0x0000003c 83c201 add edx, 0x1
│ │ ││││ 0x0000003f 895014 mov [eax+0x14], edx
-│ │ ││││ ; CODE (CALL) XREF from 0x000000bc (fcn.00000000)
+│ │ ││││ ; JMP XREF from 0x000000bc (fcn.00000000)
│ │ ││││ 0x00000042 89f0 mov eax, esi
│ │ ││││ 0x00000044 31d2 xor edx, edx
│ │ ││││ 0x00000046 01ce add esi, ecx
│ │ ││││ 0x00000048 f7f1 div ecx
│ │ ││││ 0x0000004a 29d6 sub esi, edx
-│ │ ││││ ; CODE (CALL) XREF from 0x000000a4 (fcn.00000000)
+│ │ ││││ ; JMP XREF from 0x000000a4 (fcn.00000000)
│ │ ││││ 0x0000004c 39f5 cmp ebp, esi
│ │┌─────< 0x0000004e 762a jbe loc.0000007a
+│ │││││└ ; JMP XREF from 0x00000004 (fcn.00000000)
+│ │││││└ ; JMP XREF from 0x00000078 (fcn.00000000)
│ │││││└─> 0x00000050 8b8b8c050000 mov ecx, [ebx+0x58c]
│ │││││ 0x00000056 85c9 test ecx, ecx
-│ └──────< 0x00000058 75b6 jne 0x10
+│ └──────< 0x00000058 75b6 jne fcn.00000010
│ ││││ 0x0000005a 83c601 add esi, 0x1
-│ ││││ ; CODE (CALL) XREF from 0x00000092 (fcn.00000000)
+│ ││││ ; JMP XREF from 0x00000092 (fcn.00000000)
│ ││││ 0x0000005d 8b9308020000 mov edx, [ebx+0x208]
│ ││││ 0x00000063 8b02 mov eax, [edx]
│ ││││ 0x00000065 8b5014 mov edx, [eax+0x14]
[ ] anal: reflines offset (ascii)
[BR]
Command: /usr/local/bin/radare2 -e scr.color=0 -N -q -i /tmp/r2-regressions//anal-rad.ohqoj3 malloc://1023 > /tmp/r2-regressions//anal-out.OO2ci7 2> /tmp/r2-regressions//anal-err.4lvbjN
Script: e asm.bits=32
e asm.cpu=x86
e anal.cpu=x86
e scr.utf8=false
e scr.color=false
wx 31c039d6724aeb72908db426000000008d7e0131d289e8f7f131d28944241c89f8f7f13944241c76678b93080200008b028b50143b5018736dc6020983c20189501489f031d201cef7f129d639f5762a8b8b8c05000085c975b683c6018b93080200008b028b50143b50187327c6022083c20139f589501477d68b44242c65330514000000753783c43c5b5e5f5dc39089feebc9c744240420000000890424e87cc9ffffeba6c744240409000000890424e86ac9ffff8b8b8c050000eb84e87d1001008db6000000008dbc270000000055575653e8f7f0ffff81c32b9d010083ec3c658b0d14000000894c242c31c98b6a0c8b720889e929f1c1e90285c9894c241c0f848100000039f50f84930000008b7a1801fdf7d721fd8b7a1089e9896a0c2b4a0489fd2b6a0439e97f718b7a0c31ed
aa >/dev/null
pd 38
Diff: --- /tmp/r2-regressions//anal-exp.DurSXZ 2014-05-07 16:04:46.971188179 -0700
+++ /tmp/r2-regressions//anal-out.OO2ci7 2014-05-07 16:04:47.043187551 -0700
@@ -1,14 +1,16 @@
/ (fcn) fcn.00000000 1023
| 0x00000000 31c0 xor eax, eax
| 0x00000002 39d6 cmp esi, edx
-| ,=< 0x00000004 724a jb 0x50
+| ,=< 0x00000004 724a jb 0x50 ; (fcn.00000000)
| ,==< 0x00000006 eb72 jmp loc.0000007a
| || 0x00000008 90 nop
-| || ; DATA XREF from 0x000000a6 (fcn.00000000)
+| || ; DATA XREF from 0x000000a6 (fcn.000000a6)
| || ; DATA XREF from 0x00000039 (fcn.00000000)
| || 0x00000009 8db42600000. lea esi, [esi]
+| . ; JMP XREF from 0x00000058 (fcn.00000000)
+|- fcn.00000010 1007
| .------> 0x00000010 8d7e01 lea edi, [esi+0x1]
-|- fcn.0000005d 1004
+|- fcn.00000050 1004
| | || 0x00000013 31d2 xor edx, edx
| | || 0x00000015 89e8 mov eax, ebp
| | || 0x00000017 f7f1 div ecx
@@ -17,29 +19,31 @@
| | || 0x0000001f 89f8 mov eax, edi
| | || 0x00000021 f7f1 div ecx
| | || 0x00000023 3944241c cmp [esp+0x1c], eax
-| | ,===< 0x00000027 7667 jbe 0x90
+| | ,===< 0x00000027 7667 jbe loc.00000090
| | ||| 0x00000029 8b9308020000 mov edx, [ebx+0x208]
| | ||| 0x0000002f 8b02 mov eax, [edx]
| | ||| 0x00000031 8b5014 mov edx, [eax+0x14]
| | ||| 0x00000034 3b5018 cmp edx, [eax+0x18]
-| | ,====< 0x00000037 736d jae 0xa6
+| | ,====< 0x00000037 736d jae fcn.000000a6
| | |||| 0x00000039 c60209 mov byte [edx], 0x9 ; 0x00000009
| | |||| 0x0000003c 83c201 add edx, 0x1
| | |||| 0x0000003f 895014 mov [eax+0x14], edx
-| | |||| ; CODE (CALL) XREF from 0x000000bc (fcn.00000000)
+| | |||| ; JMP XREF from 0x000000bc (fcn.00000000)
| | |||| 0x00000042 89f0 mov eax, esi
| | |||| 0x00000044 31d2 xor edx, edx
| | |||| 0x00000046 01ce add esi, ecx
| | |||| 0x00000048 f7f1 div ecx
| | |||| 0x0000004a 29d6 sub esi, edx
-| | |||| ; CODE (CALL) XREF from 0x000000a4 (fcn.00000000)
+| | |||| ; JMP XREF from 0x000000a4 (fcn.00000000)
| | |||| 0x0000004c 39f5 cmp ebp, esi
| |,=====< 0x0000004e 762a jbe loc.0000007a
+| |||||| ; JMP XREF from 0x00000004 (fcn.00000000)
+| |||||| ; JMP XREF from 0x00000078 (fcn.00000000)
| |||||`-> 0x00000050 8b8b8c050000 mov ecx, [ebx+0x58c]
| ||||| 0x00000056 85c9 test ecx, ecx
-| `======< 0x00000058 75b6 jne 0x10
+| `======< 0x00000058 75b6 jne fcn.00000010
| |||| 0x0000005a 83c601 add esi, 0x1
-| |||| ; CODE (CALL) XREF from 0x00000092 (fcn.00000000)
+| |||| ; JMP XREF from 0x00000092 (fcn.00000000)
| |||| 0x0000005d 8b9308020000 mov edx, [ebx+0x208]
| |||| 0x00000063 8b02 mov eax, [edx]
| |||| 0x00000065 8b5014 mov edx, [eax+0x14]
[ ] anal: 16bit segment bounds
[OK]
[ ] anal: 16bit segment bounds 2
[OK]
[ ] anal: x86_32
[OK]
[ ] anal: x86_32
[XX]
Command: /usr/local/bin/radare2 -e scr.color=0 -N -q -i /tmp/r2-regressions//anal-rad.KJEGNm - > /tmp/r2-regressions//anal-out.RJDSvr 2> /tmp/r2-regressions//anal-err.PtQFOo
Script:
e asm.arch=x86
e asm.bits=32
e anal.hasnext=0
b 0x4e
wx 743684c0741284d2b8010000007509f3c30f1f8000000000488b4e40488b07488b1648394f407f187c1e4889d64889c7e933e1ffff0f1f0084d274c60f1f4000b8ffffffffc36690b801000000c3
af
# count basic blocks
pdr~true?
=================================================================
==12254==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x602000003c16 at pc 0x45ae79 bp 0x7fff7b42cbe0 sp 0x7fff7b42cbb0
READ of size 4 at 0x602000003c16 thread T0
#0 0x45ae78 in __interceptor_memcmp (/usr/local/bin/radare2+0x45ae78)
#1 0x7f9b8a76087c in is_invalid /home/user/radare2/libr/anal/data.c:46
#2 0x7f9b8a7610aa in r_anal_data /home/user/radare2/libr/anal/data.c:183
#3 0x7f9b8a7612e0 in r_anal_data_kind /home/user/radare2/libr/anal/data.c:218
#4 0x7f9b8bbd471a in handle_print_ptr /home/user/radare2/libr/core/disasm.c:1391
#5 0x7f9b8bbd5774 in r_core_print_disasm /home/user/radare2/libr/core/disasm.c:1653
#6 0x7f9b8bb99fa0 in cmd_print /home/user/radare2/libr/core/cmd_print.c:1190
#7 0x7f9b8bbc0db9 in r_cmd_call /home/user/radare2/libr/core/cmd_api.c:173
#8 0x7f9b8bba5117 in r_core_cmd_subst_i /home/user/radare2/libr/core/cmd.c:1403
#9 0x7f9b8bba3696 in r_core_cmd_subst /home/user/radare2/libr/core/cmd.c:976
#10 0x7f9b8bba5d02 in r_core_cmd /home/user/radare2/libr/core/cmd.c:1601
#11 0x7f9b8bba627b in r_core_cmdf /home/user/radare2/libr/core/cmd.c:1717
#12 0x7f9b8bb99764 in cmd_print /home/user/radare2/libr/core/cmd_print.c:1040
#13 0x7f9b8bbc0db9 in r_cmd_call /home/user/radare2/libr/core/cmd_api.c:173
#14 0x7f9b8bba51bc in r_core_cmd_subst_i /home/user/radare2/libr/core/cmd.c:1416
#15 0x7f9b8bba3696 in r_core_cmd_subst /home/user/radare2/libr/core/cmd.c:976
#16 0x7f9b8bba5d02 in r_core_cmd /home/user/radare2/libr/core/cmd.c:1601
#17 0x7f9b8bba5e1f in r_core_cmd_lines /home/user/radare2/libr/core/cmd.c:1627
#18 0x7f9b8bba5f5d in r_core_cmd_file /home/user/radare2/libr/core/cmd.c:1655
#19 0x7f9b8bba18ad in r_core_run_script /home/user/radare2/libr/core/cmd.c:343
#20 0x48f5dc in main /home/user/radare2/binr/radare2/radare2.c:542
#21 0x7f9b8673aec4 (/lib/x86_64-linux-gnu/libc.so.6+0x21ec4)
#22 0x48731c in _start (/usr/local/bin/radare2+0x48731c)
0x602000003c16 is located 0 bytes to the right of 6-byte region [0x602000003c10,0x602000003c16)
allocated by thread T0 here:
#0 0x46e631 in malloc (/usr/local/bin/radare2+0x46e631)
#1 0x7f9b8bb99ee2 in cmd_print /home/user/radare2/libr/core/cmd_print.c:1184
#2 0x7f9b8bbc0db9 in r_cmd_call /home/user/radare2/libr/core/cmd_api.c:173
#3 0x7f9b8bba5117 in r_core_cmd_subst_i /home/user/radare2/libr/core/cmd.c:1403
#4 0x7f9b8bba3696 in r_core_cmd_subst /home/user/radare2/libr/core/cmd.c:976
#5 0x7f9b8bba5d02 in r_core_cmd /home/user/radare2/libr/core/cmd.c:1601
#6 0x7f9b8bba627b in r_core_cmdf /home/user/radare2/libr/core/cmd.c:1717
#7 0x7f9b8bb99764 in cmd_print /home/user/radare2/libr/core/cmd_print.c:1040
#8 0x7f9b8bbc0db9 in r_cmd_call /home/user/radare2/libr/core/cmd_api.c:173
#9 0x7f9b8bba51bc in r_core_cmd_subst_i /home/user/radare2/libr/core/cmd.c:1416
#10 0x7f9b8bba3696 in r_core_cmd_subst /home/user/radare2/libr/core/cmd.c:976
#11 0x7f9b8bba5d02 in r_core_cmd /home/user/radare2/libr/core/cmd.c:1601
#12 0x7f9b8bba5e1f in r_core_cmd_lines /home/user/radare2/libr/core/cmd.c:1627
#13 0x7f9b8bba5f5d in r_core_cmd_file /home/user/radare2/libr/core/cmd.c:1655
#14 0x7f9b8bba18ad in r_core_run_script /home/user/radare2/libr/core/cmd.c:343
#15 0x48f5dc in main /home/user/radare2/binr/radare2/radare2.c:542
#16 0x7f9b8673aec4 (/lib/x86_64-linux-gnu/libc.so.6+0x21ec4)
SUMMARY: AddressSanitizer: heap-buffer-overflow ??:0 __interceptor_memcmp
Shadow bytes around the buggy address:
0x0c047fff8730: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c047fff8740: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c047fff8750: fa fa fd fd fa fa 03 fa fa fa fd fa fa fa fd fa
0x0c047fff8760: fa fa fd fd fa fa 00 02 fa fa 00 02 fa fa 00 02
0x0c047fff8770: fa fa fd fa fa fa fd fa fa fa fd fa fa fa fd fa
=>0x0c047fff8780: fa fa[06]fa fa fa 04 fa fa fa 03 fa fa fa 04 fa
0x0c047fff8790: fa fa 00 03 fa fa fd fa fa fa fd fa fa fa fd fa
0x0c047fff87a0: fa fa fd fa fa fa fd fa fa fa fd fa fa fa fd fd
0x0c047fff87b0: fa fa fd fd fa fa fd fd fa fa fd fd fa fa fd fa
0x0c047fff87c0: fa fa fd fa fa fa fd fa fa fa fd fa fa fa fd fa
0x0c047fff87d0: fa fa fd fa fa fa fd fd fa fa fd fd fa fa fd fd
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap right redzone: fb
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Contiguous container OOB:fc
ASan internal: fe
==12254==ABORTING
[ ] anal: x86_32
[BR]
Command: /usr/local/bin/radare2 -e scr.color=0 -N -q -i /tmp/r2-regressions//anal-rad.lWiTxQ - > /tmp/r2-regressions//anal-out.s3jNtx 2> /tmp/r2-regressions//anal-err.cc43kv
Script:
e asm.arch=x86
e asm.bits=32
e anal.hasnext=0
b 0x4e
wx 5589e583ec2083f8000f8507000000b800000000eb05b80100000083c4205dc3
af
# count basic blocks
pdr~true?
=================================================================
==12269==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x602000004a5a at pc 0x45ae79 bp 0x7fff16790ae0 sp 0x7fff16790ab0
READ of size 4 at 0x602000004a5a thread T0
#0 0x45ae78 in __interceptor_memcmp (/usr/local/bin/radare2+0x45ae78)
#1 0x7fe1962eb87c in is_invalid /home/user/radare2/libr/anal/data.c:46
#2 0x7fe1962ec0aa in r_anal_data /home/user/radare2/libr/anal/data.c:183
#3 0x7fe1962ec2e0 in r_anal_data_kind /home/user/radare2/libr/anal/data.c:218
#4 0x7fe19775f71a in handle_print_ptr /home/user/radare2/libr/core/disasm.c:1391
#5 0x7fe197760774 in r_core_print_disasm /home/user/radare2/libr/core/disasm.c:1653
#6 0x7fe197724fa0 in cmd_print /home/user/radare2/libr/core/cmd_print.c:1190
#7 0x7fe19774bdb9 in r_cmd_call /home/user/radare2/libr/core/cmd_api.c:173
#8 0x7fe197730117 in r_core_cmd_subst_i /home/user/radare2/libr/core/cmd.c:1403
#9 0x7fe19772e696 in r_core_cmd_subst /home/user/radare2/libr/core/cmd.c:976
#10 0x7fe197730d02 in r_core_cmd /home/user/radare2/libr/core/cmd.c:1601
#11 0x7fe19773127b in r_core_cmdf /home/user/radare2/libr/core/cmd.c:1717
#12 0x7fe197724764 in cmd_print /home/user/radare2/libr/core/cmd_print.c:1040
#13 0x7fe19774bdb9 in r_cmd_call /home/user/radare2/libr/core/cmd_api.c:173
#14 0x7fe1977301bc in r_core_cmd_subst_i /home/user/radare2/libr/core/cmd.c:1416
#15 0x7fe19772e696 in r_core_cmd_subst /home/user/radare2/libr/core/cmd.c:976
#16 0x7fe197730d02 in r_core_cmd /home/user/radare2/libr/core/cmd.c:1601
#17 0x7fe197730e1f in r_core_cmd_lines /home/user/radare2/libr/core/cmd.c:1627
#18 0x7fe197730f5d in r_core_cmd_file /home/user/radare2/libr/core/cmd.c:1655
#19 0x7fe19772c8ad in r_core_run_script /home/user/radare2/libr/core/cmd.c:343
#20 0x48f5dc in main /home/user/radare2/binr/radare2/radare2.c:542
#21 0x7fe1922c5ec4 (/lib/x86_64-linux-gnu/libc.so.6+0x21ec4)
#22 0x48731c in _start (/usr/local/bin/radare2+0x48731c)
0x602000004a5a is located 0 bytes to the right of 10-byte region [0x602000004a50,0x602000004a5a)
allocated by thread T0 here:
#0 0x46e631 in malloc (/usr/local/bin/radare2+0x46e631)
#1 0x7fe197724ee2 in cmd_print /home/user/radare2/libr/core/cmd_print.c:1184
#2 0x7fe19774bdb9 in r_cmd_call /home/user/radare2/libr/core/cmd_api.c:173
#3 0x7fe197730117 in r_core_cmd_subst_i /home/user/radare2/libr/core/cmd.c:1403
#4 0x7fe19772e696 in r_core_cmd_subst /home/user/radare2/libr/core/cmd.c:976
#5 0x7fe197730d02 in r_core_cmd /home/user/radare2/libr/core/cmd.c:1601
#6 0x7fe19773127b in r_core_cmdf /home/user/radare2/libr/core/cmd.c:1717
#7 0x7fe197724764 in cmd_print /home/user/radare2/libr/core/cmd_print.c:1040
#8 0x7fe19774bdb9 in r_cmd_call /home/user/radare2/libr/core/cmd_api.c:173
#9 0x7fe1977301bc in r_core_cmd_subst_i /home/user/radare2/libr/core/cmd.c:1416
#10 0x7fe19772e696 in r_core_cmd_subst /home/user/radare2/libr/core/cmd.c:976
#11 0x7fe197730d02 in r_core_cmd /home/user/radare2/libr/core/cmd.c:1601
#12 0x7fe197730e1f in r_core_cmd_lines /home/user/radare2/libr/core/cmd.c:1627
#13 0x7fe197730f5d in r_core_cmd_file /home/user/radare2/libr/core/cmd.c:1655
#14 0x7fe19772c8ad in r_core_run_script /home/user/radare2/libr/core/cmd.c:343
#15 0x48f5dc in main /home/user/radare2/binr/radare2/radare2.c:542
#16 0x7fe1922c5ec4 (/lib/x86_64-linux-gnu/libc.so.6+0x21ec4)
SUMMARY: AddressSanitizer: heap-buffer-overflow ??:0 __interceptor_memcmp
Shadow bytes around the buggy address:
0x0c047fff88f0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c047fff8900: fa fa fa fa fa fa fa fa fa fa fa fa fa fa 00 05
0x0c047fff8910: fa fa fd fd fa fa fd fd fa fa fd fd fa fa 03 fa
0x0c047fff8920: fa fa fd fa fa fa fd fa fa fa fd fd fa fa 00 02
0x0c047fff8930: fa fa 00 02 fa fa 00 02 fa fa fd fa fa fa fd fa
=>0x0c047fff8940: fa fa fd fa fa fa fd fa fa fa 00[02]fa fa 04 fa
0x0c047fff8950: fa fa 04 fa fa fa 04 fa fa fa 00 04 fa fa fd fd
0x0c047fff8960: fa fa fd fa fa fa fd fa fa fa fd fa fa fa fd fd
0x0c047fff8970: fa fa fd fd fa fa fd fd fa fa fd fd fa fa fd fa
0x0c047fff8980: fa fa fd fa fa fa fd fa fa fa fd fd fa fa fd fd
0x0c047fff8990: fa fa fd fd fa fa fd fd fa fa fd fa fa fa fd fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap right redzone: fb
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Contiguous container OOB:fc
ASan internal: fe
==12269==ABORTING
[ ] asm: arm
[OK]
[ ] asm: arm-endian
[OK]
[ ] asm: java
[OK]
[ ] asm: mips invalid asm
[BR]
Command: /usr/local/bin/radare2 -e scr.color=0 -N -q -i /tmp/r2-regressions//asm-rad.HikdHo - > /tmp/r2-regressions//asm-out.uqiJXK 2> /tmp/r2-regressions//asm-err.4RrJyM
Script:
e asm.arch=mips
e asm.bits=32
wa addiu a0, a1, a2
pi 1
wa addiu a1, a2, 8
pi 1
Diff: --- /tmp/r2-regressions//asm-exp.3rGQn6 2014-05-07 16:04:47.527183343 -0700
+++ /tmp/r2-regressions//asm-out.uqiJXK 2014-05-07 16:04:47.563183030 -0700
@@ -1,2 +1,2 @@
-nop
+addiu a0, a1, 6
addiu a1, a2, 8
[ ] asm: mips-endian
[OK]
[ ] asm: x86-32
[OK]
[ ] asm: eax vs rax
[OK]
[ ] asm: [rbp+4]
[OK]
[ ] asm: jmp 0x1b
[OK]
[ ] bin: avr entrypoint
[OK]
[ ] bin: avr disasm negative baddr
[BR]
Command: /usr/local/bin/radare2 -e scr.color=0 -N -q -i /tmp/r2-regressions//bin-rad.wTq2Oi ../../b/files/bugurtos-avr.elf > /tmp/r2-regressions//bin-out.nV0s9k 2> /tmp/r2-regressions//bin-err.Sk31iB
Script: s 0x506
pd 2~!1
s+2
pd 1
Diff: --- /tmp/r2-regressions//bin-exp.e0TSrY 2014-05-07 16:04:47.883180248 -0700
+++ /tmp/r2-regressions//bin-out.nV0s9k 2014-05-07 16:04:47.935179795 -0700
@@ -1,2 +1,3 @@
-call 0x18CE
-call 0x18CE
+ 0x00000506 0e94670c call 0xc67
+ 0x0000050a 82e3 ldi r24, 0x32
+ 0x00000508 670c add r6, r7
[ ] bin: avr empty disasm
[BR]
Command: /usr/local/bin/radare2 -e scr.color=0 -N -q -i /tmp/r2-regressions//bin-rad.ANkAJv - > /tmp/r2-regressions//bin-out.MBBDDP 2> /tmp/r2-regressions//bin-err.OrH6KI
Script: e asm.arch=avr
e asm.bits=8
pad 0e94
Diff: --- /tmp/r2-regressions//bin-exp.Va0y5P 2014-05-07 16:04:47.947179691 -0700
+++ /tmp/r2-regressions//bin-out.MBBDDP 2014-05-07 16:04:47.983179377 -0700
@@ -1 +1 @@
-invalid
+call 0xbebe
[ ] bin: avr opcode size
[OK]
[ ] bin: fatmach0 archs
[OK]
[ ] bin: fatmach0 entry0
[OK]
[ ] bin: fatmach0 entry1
[OK]
[ ] bin: fatmach0 entry1 rabin2
[XX]
Command: /usr/local/bin/radare2 -e scr.color=0 -N -q -i /tmp/r2-regressions//bin-rad.lOoLmA -n ../../b/files/fatmach0-3true > /tmp/r2-regressions//bin-out.GZpANq 2> /tmp/r2-regressions//bin-err.5Dylco
Script: !rabin2 -a x86 -b 32 -qe ../../b/files/fatmach0-3true
Diff: --- /tmp/r2-regressions//bin-exp.diE0gc 2014-05-07 16:04:48.195177533 -0700
+++ /tmp/r2-regressions//bin-out.GZpANq 2014-05-07 16:04:48.263176943 -0700
@@ -1 +1 @@
-0x1f44
+0x00000f44
[ ] bin: fatmach0 entry1 rabin2 (2)
[XX]
Command: /usr/local/bin/radare2 -e scr.color=0 -N -q -i /tmp/r2-regressions//bin-rad.Zl9yiF -n ../../b/files/fatmach0-3true > /tmp/r2-regressions//bin-out.BSjjkX 2> /tmp/r2-regressions//bin-err.AwQ9n3
Script: !rabin2 -a x86 -b 32 -e ../../b/files/fatmach0-3true | grep off=
Diff: --- /tmp/r2-regressions//bin-exp.oYxA2U 2014-05-07 16:04:48.311176524 -0700
+++ /tmp/r2-regressions//bin-out.BSjjkX 2014-05-07 16:04:48.403175725 -0700
@@ -1,2 +1 @@
-
-addr=0x1f44 off=0x00001f44 baddr=0x00000000
+addr=0x00001f44 off=0x00000f44 baddr=0x00000000
[ ] bin: fatmach0 entry2
[OK]
[ ] bin: fatmach0 archs
[OK]
[ ] bin: fatmach0 extract
[XX]
Command: /usr/local/bin/radare2 -e scr.color=0 -N -q -i /tmp/r2-regressions//bin-rad.Y0cHBm -n ../../b/files/fatmach0-3true > /tmp/r2-regressions//bin-out.BCDUGF 2> /tmp/r2-regressions//bin-err.ZZUggL
Script: !rabin2 -x ../../b/files/fatmach0-3true;!rm -rf fatmach0-3true.fat
Diff: --- /tmp/r2-regressions//bin-exp.EeYwtU 2014-05-07 16:04:48.515174752 -0700
+++ /tmp/r2-regressions//bin-out.BCDUGF 2014-05-07 16:04:48.515174752 -0700
@@ -1,3 +0,0 @@
-fatmach0-3true.fat/fatmach0-3true.x86_64.0 created (13792)
-fatmach0-3true.fat/fatmach0-3true.x86_32.1 created (13760)
-fatmach0-3true.fat/fatmach0-3true.ppc_32.2 created (13616)
[ ] bin: java disasm crash
[XX]
Command: /usr/local/bin/radare2 -e scr.color=0 -N -q -i /tmp/r2-regressions//bin-rad.YjpmMy ../../b/files/ExCaseTableSwitch.class > /tmp/r2-regressions//bin-out.8tysob 2> /tmp/r2-regressions//bin-err.jCLhQg
Script: pd 10 >/dev/null
=================================================================
==12622==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x61f00000edf6 at pc 0x45b419 bp 0x7fff8f8978a0 sp 0x7fff8f897060
READ of size 9 at 0x61f00000edf6 thread T0
#0 0x45b418 in memcpy (/usr/local/bin/radare2+0x45b418)
#1 0x7fe61759f29a in r_bin_java_get_attr_buf /home/user/radare2/libr/include/../../shlr/java/class.c:1644
#2 0x7fe61759f65f in r_bin_java_read_next_attr /home/user/radare2/libr/include/../../shlr/java/class.c:1713
#3 0x7fe61759ff8a in r_bin_java_parse_attrs /home/user/radare2/libr/include/../../shlr/java/class.c:1886
#4 0x7fe6175a068f in r_bin_java_load_bin /home/user/radare2/libr/include/../../shlr/java/class.c:2008
#5 0x7fe6175a03b9 in r_bin_java_new_bin /home/user/radare2/libr/include/../../shlr/java/class.c:1960
#6 0x7fe6175a29b5 in r_bin_java_new_buf /home/user/radare2/libr/include/../../shlr/java/class.c:2639
#7 0x7fe6175b5970 in load /home/user/radare2/libr/..//libr/bin/p/bin_java.c:55
#8 0x7fe61753cb7a in r_bin_file_new_as /home/user/radare2/libr/bin/bin.c:658
#9 0x7fe61753be18 in r_bin_load_io_at_offset_as /home/user/radare2/libr/bin/bin.c:387
#10 0x7fe61753bbca in r_bin_load_io /home/user/radare2/libr/bin/bin.c:348
#11 0x7fe61809fb53 in r_core_file_do_load_for_io_plugin /home/user/radare2/libr/core/file.c:290
#12 0x7fe61809ff4f in r_core_bin_load /home/user/radare2/libr/core/file.c:419
#13 0x48dd50 in main /home/user/radare2/binr/radare2/radare2.c:466
#14 0x7fe612c32ec4 (/lib/x86_64-linux-gnu/libc.so.6+0x21ec4)
#15 0x48731c in _start (/usr/local/bin/radare2+0x48731c)
0x61f00000edf6 is located 0 bytes to the right of 3446-byte region [0x61f00000e080,0x61f00000edf6)
allocated by thread T0 here:
#0 0x46e631 in malloc (/usr/local/bin/radare2+0x46e631)
#1 0x7fe613f4b1b9 in r_buf_set_bytes /home/user/radare2/libr/util/buf.c:63
#2 0x7fe61753c9e5 in r_bin_file_new_as /home/user/radare2/libr/bin/bin.c:634
#3 0x7fe61753be18 in r_bin_load_io_at_offset_as /home/user/radare2/libr/bin/bin.c:387
#4 0x7fe61753bbca in r_bin_load_io /home/user/radare2/libr/bin/bin.c:348
#5 0x7fe61809fb53 in r_core_file_do_load_for_io_plugin /home/user/radare2/libr/core/file.c:290
#6 0x7fe61809ff4f in r_core_bin_load /home/user/radare2/libr/core/file.c:419
#7 0x48dd50 in main /home/user/radare2/binr/radare2/radare2.c:466
#8 0x7fe612c32ec4 (/lib/x86_64-linux-gnu/libc.so.6+0x21ec4)
SUMMARY: AddressSanitizer: heap-buffer-overflow ??:0 memcpy
Shadow bytes around the buggy address:
0x0c3e7fff9d60: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c3e7fff9d70: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c3e7fff9d80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c3e7fff9d90: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c3e7fff9da0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0c3e7fff9db0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00[06]fa
0x0c3e7fff9dc0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c3e7fff9dd0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c3e7fff9de0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c3e7fff9df0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c3e7fff9e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap right redzone: fb
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Contiguous container OOB:fc
ASan internal: fe
==12622==ABORTING
[ ] bin: mach0 entrypoint
[OK]
[ ] bin: osx mach0 entrypoint
[OK]
[ ] bin: osx mach0 ik
[OK]
[ ] bin: pe entrypoint
[OK]
[ ] bin: pe relocs
[OK]
[ ] bin: pe string
[XX]
Command: /usr/local/bin/radare2 -e scr.color=0 -N -q -i /tmp/r2-regressions//bin-rad.okRHsV ../../b/files/base.exe > /tmp/r2-regressions//bin-out.E0x2ez 2> /tmp/r2-regressions//bin-err.Ghx4ly
Script: pd 1@0x0040131a~str.Hello
Diff: --- /tmp/r2-regressions//bin-exp.8RWr7h 2014-05-07 16:04:50.583156765 -0700
+++ /tmp/r2-regressions//bin-out.E0x2ez 2014-05-07 16:04:51.431149391 -0700
@@ -1 +1 @@
- 0x0040131a c7042400304. mov dword [esp], str.Hello ; 0x00403000
+ 0x0040131a c7042400304. mov dword [esp], str.Hello ; "0@" ; 0x00403000
[ ] bug_backtick:
[OK]
[ ] cmd_anal_fcn: af x86-32
[OK]
[ ] cmd_anal_fcn: af x86-32 ujmp eob
[OK]
[ ] cmd_anal_fcn: af bug
[OK]
[ ] cmd_anal_hint: ahc
[OK]
[ ] cmd_anal_op: af x86-32
[OK]
[ ] cmd_anal_op: af x86-64
[OK]
[ ] cmd_anal_x86: af jmp after ret
[OK]
[ ] cmd_anal_x86: af jmp after ret
[OK]
[ ] cmd_disasm: wx e9010f;?v $l
[OK]
[ ] cmd_disasm: dis-16/32/64
[OK]
[ ] cmd_extend: wen 6 @ 0
[XX]
Command: /usr/local/bin/radare2 -e scr.color=0 -N -q -i /tmp/r2-regressions//cmd_extend-rad.yMqVj6 - > /tmp/r2-regressions//cmd_extend-out.83Ztln 2> /tmp/r2-regressions//cmd_extend-err.GiSrQD
Script:
wx 414142424343444445454646
pf z @0x0
wen 6
pf z @0x6
px
i
0x00000000 = AABBCCDDEEFF
=================================================================
==12951==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x615000008700 at pc 0x45b419 bp 0x7ffffc681b80 sp 0x7ffffc681340
READ of size 518 at 0x615000008700 thread T0
#0 0x45b418 in memcpy (/usr/local/bin/radare2+0x45b418)
#1 0x7fc6d14c67fe in __resize /home/user/radare2/libr/io/p/io_malloc.c:46
#2 0x7fc6d14cc879 in r_io_resize /home/user/radare2/libr/io/io.c:393
#3 0x7fc6d14cc967 in r_io_extend /home/user/radare2/libr/io/io.c:409
#4 0x7fc6d14ccaef in r_io_extend_at /home/user/radare2/libr/io/io.c:440
#5 0x7fc6d33ca58a in r_core_extend_at /home/user/radare2/libr/core/io.c:303
#6 0x7fc6d339d0d2 in cmd_write /home/user/radare2/libr/core/cmd_write.c:43
#7 0x7fc6d33d7db9 in r_cmd_call /home/user/radare2/libr/core/cmd_api.c:173
#8 0x7fc6d33bc1bc in r_core_cmd_subst_i /home/user/radare2/libr/core/cmd.c:1416
#9 0x7fc6d33ba696 in r_core_cmd_subst /home/user/radare2/libr/core/cmd.c:976
#10 0x7fc6d33bcd02 in r_core_cmd /home/user/radare2/libr/core/cmd.c:1601
#11 0x7fc6d33bce1f in r_core_cmd_lines /home/user/radare2/libr/core/cmd.c:1627
#12 0x7fc6d33bcf5d in r_core_cmd_file /home/user/radare2/libr/core/cmd.c:1655
#13 0x7fc6d33b88ad in r_core_run_script /home/user/radare2/libr/core/cmd.c:343
#14 0x48f5dc in main /home/user/radare2/binr/radare2/radare2.c:542
#15 0x7fc6cdf51ec4 (/lib/x86_64-linux-gnu/libc.so.6+0x21ec4)
#16 0x48731c in _start (/usr/local/bin/radare2+0x48731c)
0x615000008700 is located 0 bytes to the right of 512-byte region [0x615000008500,0x615000008700)
allocated by thread T0 here:
#0 0x46e631 in malloc (/usr/local/bin/radare2+0x46e631)
#1 0x7fc6d14c6c62 in __open /home/user/radare2/libr/io/p/io_malloc.c:126
#2 0x7fc6d14cbd1b in __getioplugin /home/user/radare2/libr/io/io.c:112
#3 0x7fc6d14cc062 in r_io_open /home/user/radare2/libr/io/io.c:199
#4 0x7fc6d33bf837 in r_core_file_open /home/user/radare2/libr/core/file.c:571
#5 0x48c8b2 in main /home/user/radare2/binr/radare2/radare2.c:403
#6 0x7fc6cdf51ec4 (/lib/x86_64-linux-gnu/libc.so.6+0x21ec4)
SUMMARY: AddressSanitizer: heap-buffer-overflow ??:0 memcpy
Shadow bytes around the buggy address:
0x0c2a7fff9090: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c2a7fff90a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c2a7fff90b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c2a7fff90c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c2a7fff90d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0c2a7fff90e0:[fa]fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c2a7fff90f0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c2a7fff9100: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c2a7fff9110: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c2a7fff9120: fd fd fd fd fd fd fd fd fd fd fa fa fa fa fa fa
0x0c2a7fff9130: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap right redzone: fb
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Contiguous container OOB:fc
ASan internal: fe
==12951==ABORTING
[ ] cmd_extend: wen 6 @ 4
[XX]
Command: /usr/local/bin/radare2 -e scr.color=0 -N -q -i /tmp/r2-regressions//cmd_extend-rad.5uokPT - > /tmp/r2-regressions//cmd_extend-out.LLxWvU 2> /tmp/r2-regressions//cmd_extend-err.egRVex
Script:
wx 414142424343444445454646
pf z @0x0
s 4
wen 6
pf z @0x0
pf z @0x6
pf z @0xB
s 0
px
i
0x00000000 = AABBCCDDEEFF
=================================================================
==12972==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x615000008700 at pc 0x45b419 bp 0x7fff4a185200 sp 0x7fff4a1849c0
READ of size 518 at 0x615000008700 thread T0
#0 0x45b418 in memcpy (/usr/local/bin/radare2+0x45b418)
#1 0x7f2c6186a7fe in __resize /home/user/radare2/libr/io/p/io_malloc.c:46
#2 0x7f2c61870879 in r_io_resize /home/user/radare2/libr/io/io.c:393
#3 0x7f2c61870967 in r_io_extend /home/user/radare2/libr/io/io.c:409
#4 0x7f2c61870aef in r_io_extend_at /home/user/radare2/libr/io/io.c:440
#5 0x7f2c6376e58a in r_core_extend_at /home/user/radare2/libr/core/io.c:303
#6 0x7f2c637410d2 in cmd_write /home/user/radare2/libr/core/cmd_write.c:43
#7 0x7f2c6377bdb9 in r_cmd_call /home/user/radare2/libr/core/cmd_api.c:173
#8 0x7f2c637601bc in r_core_cmd_subst_i /home/user/radare2/libr/core/cmd.c:1416
#9 0x7f2c6375e696 in r_core_cmd_subst /home/user/radare2/libr/core/cmd.c:976
#10 0x7f2c63760d02 in r_core_cmd /home/user/radare2/libr/core/cmd.c:1601
#11 0x7f2c63760e1f in r_core_cmd_lines /home/user/radare2/libr/core/cmd.c:1627
#12 0x7f2c63760f5d in r_core_cmd_file /home/user/radare2/libr/core/cmd.c:1655
#13 0x7f2c6375c8ad in r_core_run_script /home/user/radare2/libr/core/cmd.c:343
#14 0x48f5dc in main /home/user/radare2/binr/radare2/radare2.c:542
#15 0x7f2c5e2f5ec4 (/lib/x86_64-linux-gnu/libc.so.6+0x21ec4)
#16 0x48731c in _start (/usr/local/bin/radare2+0x48731c)
0x615000008700 is located 0 bytes to the right of 512-byte region [0x615000008500,0x615000008700)
allocated by thread T0 here:
#0 0x46e631 in malloc (/usr/local/bin/radare2+0x46e631)
#1 0x7f2c6186ac62 in __open /home/user/radare2/libr/io/p/io_malloc.c:126
#2 0x7f2c6186fd1b in __getioplugin /home/user/radare2/libr/io/io.c:112
#3 0x7f2c61870062 in r_io_open /home/user/radare2/libr/io/io.c:199
#4 0x7f2c63763837 in r_core_file_open /home/user/radare2/libr/core/file.c:571
#5 0x48c8b2 in main /home/user/radare2/binr/radare2/radare2.c:403
#6 0x7f2c5e2f5ec4 (/lib/x86_64-linux-gnu/libc.so.6+0x21ec4)
SUMMARY: AddressSanitizer: heap-buffer-overflow ??:0 memcpy
Shadow bytes around the buggy address:
0x0c2a7fff9090: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c2a7fff90a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c2a7fff90b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c2a7fff90c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c2a7fff90d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0c2a7fff90e0:[fa]fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c2a7fff90f0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c2a7fff9100: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c2a7fff9110: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c2a7fff9120: fd fd fd fd fd fd fd fd fd fd fa fa fa fa fa fa
0x0c2a7fff9130: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap right redzone: fb
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Contiguous container OOB:fc
ASan internal: fe
==12972==ABORTING
[ ] cmd_extend: weN 6 0x8
[XX]
Command: /usr/local/bin/radare2 -e scr.color=0 -N -q -i /tmp/r2-regressions//cmd_extend-rad.gW9l4N - > /tmp/r2-regressions//cmd_extend-out.ebPTBn 2> /tmp/r2-regressions//cmd_extend-err.RZAomO
Script:
wx 41414242434344444545464647474848
pf z @0x0
weN 0x08 6
pf z @0x0
pf z @0x6
pf z @0xE
px
s 0
px
i
0x00000000 = AABBCCDDEEFFGGHH
=================================================================
==12993==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x615000008700 at pc 0x45b419 bp 0x7fff43bcbae0 sp 0x7fff43bcb2a0
READ of size 518 at 0x615000008700 thread T0
#0 0x45b418 in memcpy (/usr/local/bin/radare2+0x45b418)
#1 0x7f715f5e47fe in __resize /home/user/radare2/libr/io/p/io_malloc.c:46
#2 0x7f715f5ea879 in r_io_resize /home/user/radare2/libr/io/io.c:393
#3 0x7f715f5ea967 in r_io_extend /home/user/radare2/libr/io/io.c:409
#4 0x7f715f5eaaef in r_io_extend_at /home/user/radare2/libr/io/io.c:440
#5 0x7f71614e858a in r_core_extend_at /home/user/radare2/libr/core/io.c:303
#6 0x7f71614bb219 in cmd_write /home/user/radare2/libr/core/cmd_write.c:59
#7 0x7f71614f5db9 in r_cmd_call /home/user/radare2/libr/core/cmd_api.c:173
#8 0x7f71614da1bc in r_core_cmd_subst_i /home/user/radare2/libr/core/cmd.c:1416
#9 0x7f71614d8696 in r_core_cmd_subst /home/user/radare2/libr/core/cmd.c:976
#10 0x7f71614dad02 in r_core_cmd /home/user/radare2/libr/core/cmd.c:1601
#11 0x7f71614dae1f in r_core_cmd_lines /home/user/radare2/libr/core/cmd.c:1627
#12 0x7f71614daf5d in r_core_cmd_file /home/user/radare2/libr/core/cmd.c:1655
#13 0x7f71614d68ad in r_core_run_script /home/user/radare2/libr/core/cmd.c:343
#14 0x48f5dc in main /home/user/radare2/binr/radare2/radare2.c:542
#15 0x7f715c06fec4 (/lib/x86_64-linux-gnu/libc.so.6+0x21ec4)
#16 0x48731c in _start (/usr/local/bin/radare2+0x48731c)
0x615000008700 is located 0 bytes to the right of 512-byte region [0x615000008500,0x615000008700)
allocated by thread T0 here:
#0 0x46e631 in malloc (/usr/local/bin/radare2+0x46e631)
#1 0x7f715f5e4c62 in __open /home/user/radare2/libr/io/p/io_malloc.c:126
#2 0x7f715f5e9d1b in __getioplugin /home/user/radare2/libr/io/io.c:112
#3 0x7f715f5ea062 in r_io_open /home/user/radare2/libr/io/io.c:199
#4 0x7f71614dd837 in r_core_file_open /home/user/radare2/libr/core/file.c:571
#5 0x48c8b2 in main /home/user/radare2/binr/radare2/radare2.c:403
#6 0x7f715c06fec4 (/lib/x86_64-linux-gnu/libc.so.6+0x21ec4)
SUMMARY: AddressSanitizer: heap-buffer-overflow ??:0 memcpy
Shadow bytes around the buggy address:
0x0c2a7fff9090: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c2a7fff90a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c2a7fff90b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c2a7fff90c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c2a7fff90d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0c2a7fff90e0:[fa]fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c2a7fff90f0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c2a7fff9100: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c2a7fff9110: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c2a7fff9120: fd fd fd fd fd fd fd fd fd fd fa fa fa fa fa fa
0x0c2a7fff9130: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap right redzone: fb
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Contiguous container OOB:fc
ASan internal: fe
==12993==ABORTING
[ ] cmd_extend: wex 575757575757575757
[XX]
Command: /usr/local/bin/radare2 -e scr.color=0 -N -q -i /tmp/r2-regressions//cmd_extend-rad.yRl4RZ - > /tmp/r2-regressions//cmd_extend-out.NJkLqU 2> /tmp/r2-regressions//cmd_extend-err.4Iek2o
Script:
wx 41414242434344444545464647474848
pf z @0x0
wex 575757575757575757
pf z @0x0
px
i
0x00000000 = AABBCCDDEEFFGGHH
=================================================================
==13014==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x615000008700 at pc 0x45b419 bp 0x7fffce4674c0 sp 0x7fffce466c80
READ of size 521 at 0x615000008700 thread T0
#0 0x45b418 in memcpy (/usr/local/bin/radare2+0x45b418)
#1 0x7ffd6274b7fe in __resize /home/user/radare2/libr/io/p/io_malloc.c:46
#2 0x7ffd62751879 in r_io_resize /home/user/radare2/libr/io/io.c:393
#3 0x7ffd62751967 in r_io_extend /home/user/radare2/libr/io/io.c:409
#4 0x7ffd62751aef in r_io_extend_at /home/user/radare2/libr/io/io.c:440
#5 0x7ffd6464f58a in r_core_extend_at /home/user/radare2/libr/core/io.c:303
#6 0x7ffd6462235c in cmd_write /home/user/radare2/libr/core/cmd_write.c:74
#7 0x7ffd6465cdb9 in r_cmd_call /home/user/radare2/libr/core/cmd_api.c:173
#8 0x7ffd646411bc in r_core_cmd_subst_i /home/user/radare2/libr/core/cmd.c:1416
#9 0x7ffd6463f696 in r_core_cmd_subst /home/user/radare2/libr/core/cmd.c:976
#10 0x7ffd64641d02 in r_core_cmd /home/user/radare2/libr/core/cmd.c:1601
#11 0x7ffd64641e1f in r_core_cmd_lines /home/user/radare2/libr/core/cmd.c:1627
#12 0x7ffd64641f5d in r_core_cmd_file /home/user/radare2/libr/core/cmd.c:1655
#13 0x7ffd6463d8ad in r_core_run_script /home/user/radare2/libr/core/cmd.c:343
#14 0x48f5dc in main /home/user/radare2/binr/radare2/radare2.c:542
#15 0x7ffd5f1d6ec4 (/lib/x86_64-linux-gnu/libc.so.6+0x21ec4)
#16 0x48731c in _start (/usr/local/bin/radare2+0x48731c)
0x615000008700 is located 0 bytes to the right of 512-byte region [0x615000008500,0x615000008700)
allocated by thread T0 here:
#0 0x46e631 in malloc (/usr/local/bin/radare2+0x46e631)
#1 0x7ffd6274bc62 in __open /home/user/radare2/libr/io/p/io_malloc.c:126
#2 0x7ffd62750d1b in __getioplugin /home/user/radare2/libr/io/io.c:112
#3 0x7ffd62751062 in r_io_open /home/user/radare2/libr/io/io.c:199
#4 0x7ffd64644837 in r_core_file_open /home/user/radare2/libr/core/file.c:571
#5 0x48c8b2 in main /home/user/radare2/binr/radare2/radare2.c:403
#6 0x7ffd5f1d6ec4 (/lib/x86_64-linux-gnu/libc.so.6+0x21ec4)
SUMMARY: AddressSanitizer: heap-buffer-overflow ??:0 memcpy
Shadow bytes around the buggy address:
0x0c2a7fff9090: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c2a7fff90a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c2a7fff90b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c2a7fff90c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c2a7fff90d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0c2a7fff90e0:[fa]fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c2a7fff90f0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c2a7fff9100: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c2a7fff9110: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c2a7fff9120: fd fd fd fd fd fd fd fd fd fd fa fa fa fa fa fa
0x0c2a7fff9130: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap right redzone: fb
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Contiguous container OOB:fc
ASan internal: fe
==13014==ABORTING
[ ] cmd_extend: weX 0xc 575757575757575757
[XX]
Command: /usr/local/bin/radare2 -e scr.color=0 -N -q -i /tmp/r2-regressions//cmd_extend-rad.BofPS7 - > /tmp/r2-regressions//cmd_extend-out.nGvPu5 2> /tmp/r2-regressions//cmd_extend-err.1KwXjh
Script:
wx 41414242434344444545464647474848
pf z @0x0
weX 0xC 575757575757575757
pf z @0x0
px
s 0
px
i
0x00000000 = AABBCCDDEEFFGGHH
=================================================================
==13035==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x615000008700 at pc 0x45b419 bp 0x7fffdf59e2e0 sp 0x7fffdf59daa0
READ of size 521 at 0x615000008700 thread T0
#0 0x45b418 in memcpy (/usr/local/bin/radare2+0x45b418)
#1 0x7f3ce129c7fe in __resize /home/user/radare2/libr/io/p/io_malloc.c:46
#2 0x7f3ce12a2879 in r_io_resize /home/user/radare2/libr/io/io.c:393
#3 0x7f3ce12a2967 in r_io_extend /home/user/radare2/libr/io/io.c:409
#4 0x7f3ce12a2aef in r_io_extend_at /home/user/radare2/libr/io/io.c:440
#5 0x7f3ce31a058a in r_core_extend_at /home/user/radare2/libr/core/io.c:303
#6 0x7f3ce31734f9 in cmd_write /home/user/radare2/libr/core/cmd_write.c:95
#7 0x7f3ce31addb9 in r_cmd_call /home/user/radare2/libr/core/cmd_api.c:173
#8 0x7f3ce31921bc in r_core_cmd_subst_i /home/user/radare2/libr/core/cmd.c:1416
#9 0x7f3ce3190696 in r_core_cmd_subst /home/user/radare2/libr/core/cmd.c:976
#10 0x7f3ce3192d02 in r_core_cmd /home/user/radare2/libr/core/cmd.c:1601
#11 0x7f3ce3192e1f in r_core_cmd_lines /home/user/radare2/libr/core/cmd.c:1627
#12 0x7f3ce3192f5d in r_core_cmd_file /home/user/radare2/libr/core/cmd.c:1655
#13 0x7f3ce318e8ad in r_core_run_script /home/user/radare2/libr/core/cmd.c:343
#14 0x48f5dc in main /home/user/radare2/binr/radare2/radare2.c:542
#15 0x7f3cddd27ec4 (/lib/x86_64-linux-gnu/libc.so.6+0x21ec4)
#16 0x48731c in _start (/usr/local/bin/radare2+0x48731c)
0x615000008700 is located 0 bytes to the right of 512-byte region [0x615000008500,0x615000008700)
allocated by thread T0 here:
#0 0x46e631 in malloc (/usr/local/bin/radare2+0x46e631)
#1 0x7f3ce129cc62 in __open /home/user/radare2/libr/io/p/io_malloc.c:126
#2 0x7f3ce12a1d1b in __getioplugin /home/user/radare2/libr/io/io.c:112
#3 0x7f3ce12a2062 in r_io_open /home/user/radare2/libr/io/io.c:199
#4 0x7f3ce3195837 in r_core_file_open /home/user/radare2/libr/core/file.c:571
#5 0x48c8b2 in main /home/user/radare2/binr/radare2/radare2.c:403
#6 0x7f3cddd27ec4 (/lib/x86_64-linux-gnu/libc.so.6+0x21ec4)
SUMMARY: AddressSanitizer: heap-buffer-overflow ??:0 memcpy
Shadow bytes around the buggy address:
0x0c2a7fff9090: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c2a7fff90a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c2a7fff90b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c2a7fff90c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c2a7fff90d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0c2a7fff90e0:[fa]fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c2a7fff90f0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c2a7fff9100: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c2a7fff9110: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c2a7fff9120: fd fd fd fd fd fd fd fd fd fd fa fa fa fa fa fa
0x0c2a7fff9130: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap right redzone: fb
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Contiguous container OOB:fc
ASan internal: fe
==13035==ABORTING
[ ] cmd_help:
[XX]
Command: /usr/local/bin/radare2 -e scr.color=0 -N -q -i /tmp/r2-regressions//cmd_help-rad.Q1l9RZ malloc://1024 > /tmp/r2-regressions//cmd_help-out.r9VmH8 2> /tmp/r2-regressions//cmd_help-err.kLMma7
Script:
?v
?=
??
?d
?e
?r
?y
?b
?f
?p
?s
?S
?x
?X
?l
?t
?!
?+
?-
0
0x0
0
0xrandomnr
0b
Use: ?d [opcode] to get the description of the opcode
Whitespace expected after '?f'
Virtual addresses not enabled!
=================================================================
==13058==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6020000069b3 at pc 0x45ae79 bp 0x7fff39243910 sp 0x7fff392438e0
READ of size 2 at 0x6020000069b3 thread T0
#0 0x45ae78 in __interceptor_memcmp (/usr/local/bin/radare2+0x45ae78)
#1 0x7f4447ccde95 in cmd_help /home/user/radare2/libr/core/cmd_help.c:264
#2 0x7f4447cf1db9 in r_cmd_call /home/user/radare2/libr/core/cmd_api.c:173
#3 0x7f4447cd61bc in r_core_cmd_subst_i /home/user/radare2/libr/core/cmd.c:1416
#4 0x7f4447cd4696 in r_core_cmd_subst /home/user/radare2/libr/core/cmd.c:976
#5 0x7f4447cd6d02 in r_core_cmd /home/user/radare2/libr/core/cmd.c:1601
#6 0x7f4447cd6e1f in r_core_cmd_lines /home/user/radare2/libr/core/cmd.c:1627
#7 0x7f4447cd6f5d in r_core_cmd_file /home/user/radare2/libr/core/cmd.c:1655
#8 0x7f4447cd28ad in r_core_run_script /home/user/radare2/libr/core/cmd.c:343
#9 0x48f5dc in main /home/user/radare2/binr/radare2/radare2.c:542
#10 0x7f444286bec4 (/lib/x86_64-linux-gnu/libc.so.6+0x21ec4)
#11 0x48731c in _start (/usr/local/bin/radare2+0x48731c)
0x6020000069b3 is located 0 bytes to the right of 3-byte region [0x6020000069b0,0x6020000069b3)
allocated by thread T0 here:
#0 0x45c5d1 in __interceptor_strdup (/usr/local/bin/radare2+0x45c5d1)
#1 0x7f4447cd4580 in r_core_cmd_subst /home/user/radare2/libr/core/cmd.c:957
#2 0x7f4447cd6d02 in r_core_cmd /home/user/radare2/libr/core/cmd.c:1601
#3 0x7f4447cd6e1f in r_core_cmd_lines /home/user/radare2/libr/core/cmd.c:1627
#4 0x7f4447cd6f5d in r_core_cmd_file /home/user/radare2/libr/core/cmd.c:1655
#5 0x7f4447cd28ad in r_core_run_script /home/user/radare2/libr/core/cmd.c:343
#6 0x48f5dc in main /home/user/radare2/binr/radare2/radare2.c:542
#7 0x7f444286bec4 (/lib/x86_64-linux-gnu/libc.so.6+0x21ec4)
SUMMARY: AddressSanitizer: heap-buffer-overflow ??:0 __interceptor_memcmp
Shadow bytes around the buggy address:
0x0c047fff8ce0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c047fff8cf0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c047fff8d00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c047fff8d10: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c047fff8d20: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
=>0x0c047fff8d30: fa fa fa fa fa fa[03]fa fa fa fd fa fa fa fd fa
0x0c047fff8d40: fa fa fd fa fa fa fd fa fa fa fd fa fa fa fd fa
0x0c047fff8d50: fa fa fd fa fa fa fd fa fa fa fd fa fa fa fd fa
0x0c047fff8d60: fa fa fd fa fa fa fd fa fa fa fd fa fa fa 06 fa
0x0c047fff8d70: fa fa fd fa fa fa 06 fa fa fa fd fa fa fa 05 fa
0x0c047fff8d80: fa fa fd fa fa fa fd fa fa fa fd fa fa fa fd fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap right redzone: fb
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Contiguous container OOB:fc
ASan internal: fe
==13058==ABORTING
[ ] cmd_help: ?e
[OK]
[ ] cmd_help: ?r
[OK]
[ ] cmd_help: ?v
[OK]
[ ] cmd_ib: ib java class file
[OK]
[ ] cmd_info: i (malloc)
[OK]
[ ] cmd_info: i (file x86)
[BR]
Command: /usr/local/bin/radare2 -e scr.color=0 -N -q -i /tmp/r2-regressions//cmd_info-rad.On9UUj ../s/x86-simple > /tmp/r2-regressions//cmd_info-out.Li1PBa 2> /tmp/r2-regressions//cmd_info-err.HfMc7X
Script:
?e Basic information.
i
?e
?e All information.
ia
ia*
?e
?e Imports.
ii
ii*
?e
?e Binary info.
iI
iI*
?e
?e Entrypoints.
ie
ie*
?e
?e Symbols.
is
is*
?e
?e Sections.
iS
iS*
?e
?e Strings.
iz
iz*
Diff: --- /tmp/r2-regressions//cmd_info-exp.CL6OnD 2014-05-07 16:04:52.695138399 -0700
+++ /tmp/r2-regressions//cmd_info-out.Li1PBa 2014-05-07 16:04:52.739138013 -0700
@@ -1,4 +1,24 @@
Basic information.
+file ../s/x86-simple
+type EXEC (Executable file)
+pic false
+canary false
+has_va true
+root elf
+class ELF32
+lang c
+arch x86
+bits 32
+machine Intel 80386
+os linux
+subsys linux
+endian little
+strip true
+static false
+linenum false
+lsyms false
+relocs false
+rpath NONE
type EXEC (Executable file)
os linux
arch Intel 80386
@@ -8,34 +28,40 @@
fd 42
size 0xfc
mode r--
-block 0x40
+block 0x100
uri ../s/x86-simple
All information.
-[File info]
-File=../s/x86-simple
-Type=EXEC (Executable file)
-HasVA=true
-RootClass=elf
-Class=ELF32
-Arch=x86 32
-Machine=Intel 80386
-OS=linux
-Subsystem=linux
-Big endian=false
-Stripped=true
-Static=true
-Line_nums=false
-Local_syms=false
-Relocs=false
-RPath=NONE
-[Entrypoints]
-addr=0x08048060 off=0x00000060 baddr=0x08048000
+[Imports]
-1 entrypoints
+0 imports
+file ../s/x86-simple
+type EXEC (Executable file)
+pic false
+canary false
+has_va true
+root elf
+class ELF32
+lang c
+arch x86
+bits 32
+machine Intel 80386
+os linux
+subsys linux
+endian little
+strip true
+static false
+linenum false
+lsyms false
+relocs false
+rpath NONE
[Imports]
0 imports
+[Entrypoints]
+addr=0x08048060 off=0x00000060 baddr=0x00000000
+
+1 entrypoints
[Symbols]
0 symbols
@@ -44,47 +70,28 @@
idx=01 addr=0x08048072 off=0x00000072 sz=17 vsz=17 perm=---- name=.shstrtab
2 sections
-[Header fields]
-idx=00 addr=0x08048000 off=0x00000000 name=ehdr
-idx=01 addr=0x08048084 off=0x00000084 name=shoff
-idx=02 addr=0x08048034 off=0x00000034 name=phoff
-idx=03 addr=0x08048000 off=0x00000000 name=phdr_0
-
-4 fields
-[strings]
-
-0 strings
+fs imports
e file.type=elf
e cfg.bigendian=false
e asm.os=linux
e asm.arch=x86
-e anal.plugin=x86
+e anal.arch=x86
e asm.bits=32
e asm.dwarf=true
+fs imports
fs symbols
f entry0 @ 0x08048060
s entry0
-fs imports
fs symbols
fs sections
S 0x00000060 0x08048060 0x00000012 0x00000012 .text 5
f section..text 18 0x08048060
-f section_end..text 0 0x08048072
+f section_end..text 0 0x00000072
CC [00] va=0x08048060 pa=0x00000060 sz=18 vsz=18 rwx=-r-x .text @ 0x08048060
S 0x00000072 0x08048072 0x00000011 0x00000011 .shstrtab 0
f section..shstrtab 17 0x08048072
-f section_end..shstrtab 0 0x08048083
+f section_end..shstrtab 0 0x00000083
CC [01] va=0x08048072 pa=0x00000072 sz=17 vsz=17 rwx=---- .shstrtab @ 0x08048072
-fs header
-f header.ehdr @ 0x08048000
-[00] addr=0x08048000 off=0x00000000 name=ehdr
-f header.shoff @ 0x08048084
-[01] addr=0x08048084 off=0x00000084 name=shoff
-f header.phoff @ 0x08048034
-[02] addr=0x08048034 off=0x00000034 name=phoff
-f header.phdr_0 @ 0x08048000
-[03] addr=0x08048000 off=0x00000000 name=phdr_0
-S 0 0x8048000 0x0 0x0 ehdr rwx
fs strings
Imports.
@@ -94,34 +101,37 @@
fs imports
Binary info.
-[File info]
-File=../s/x86-simple
-Type=EXEC (Executable file)
-HasVA=true
-RootClass=elf
-Class=ELF32
-Arch=x86 32
-Machine=Intel 80386
-OS=linux
-Subsystem=linux
-Big endian=false
-Stripped=true
-Static=true
-Line_nums=false
-Local_syms=false
-Relocs=false
-RPath=NONE
+file ../s/x86-simple
+type EXEC (Executable file)
+pic false
+canary false
+has_va true
+root elf
+class ELF32
+lang c
+arch x86
+bits 32
+machine Intel 80386
+os linux
+subsys linux
+endian little
+strip true
+static false
+linenum false
+lsyms false
+relocs false
+rpath NONE
e file.type=elf
e cfg.bigendian=false
e asm.os=linux
e asm.arch=x86
-e anal.plugin=x86
+e anal.arch=x86
e asm.bits=32
e asm.dwarf=true
Entrypoints.
[Entrypoints]
-addr=0x08048060 off=0x00000060 baddr=0x08048000
+addr=0x08048060 off=0x00000060 baddr=0x00000000
1 entrypoints
fs symbols
@@ -140,35 +150,15 @@
idx=01 addr=0x08048072 off=0x00000072 sz=17 vsz=17 perm=---- name=.shstrtab
2 sections
-[Header fields]
-idx=00 addr=0x08048000 off=0x00000000 name=ehdr
-idx=01 addr=0x08048084 off=0x00000084 name=shoff
-idx=02 addr=0x08048034 off=0x00000034 name=phoff
-idx=03 addr=0x08048000 off=0x00000000 name=phdr_0
-
-4 fields
fs sections
S 0x00000060 0x08048060 0x00000012 0x00000012 .text 5
f section..text 18 0x08048060
-f section_end..text 0 0x08048072
+f section_end..text 0 0x00000072
CC [00] va=0x08048060 pa=0x00000060 sz=18 vsz=18 rwx=-r-x .text @ 0x08048060
S 0x00000072 0x08048072 0x00000011 0x00000011 .shstrtab 0
f section..shstrtab 17 0x08048072
-f section_end..shstrtab 0 0x08048083
+f section_end..shstrtab 0 0x00000083
CC [01] va=0x08048072 pa=0x00000072 sz=17 vsz=17 rwx=---- .shstrtab @ 0x08048072
-fs header
-f header.ehdr @ 0x08048000
-[00] addr=0x08048000 off=0x00000000 name=ehdr
-f header.shoff @ 0x08048084
-[01] addr=0x08048084 off=0x00000084 name=shoff
-f header.phoff @ 0x08048034
-[02] addr=0x08048034 off=0x00000034 name=phoff
-f header.phdr_0 @ 0x08048000
-[03] addr=0x08048000 off=0x00000000 name=phdr_0
-S 0 0x8048000 0x0 0x0 ehdr rwx
Strings.
-[strings]
-
-0 strings
fs strings
[ ] cmd_info: i (file x64)
[BR]
Command: /usr/local/bin/radare2 -e scr.color=0 -N -q -i /tmp/r2-regressions//cmd_info-rad.jBg3QT ../s/x64-simple > /tmp/r2-regressions//cmd_info-out.OFFBej 2> /tmp/r2-regressions//cmd_info-err.nIYmWW
Script:
?e Basic information.
i
?e
?e All information.
ia
ia*
?e
?e Imports.
ii
ii*
?e
?e Binary info.
iI
iI*
?e
?e Entrypoints.
ie
ie*
?e
?e Symbols.
is
is*
?e
?e Sections.
iS
iS*
?e
?e Strings.
iz
iz*
Diff: --- /tmp/r2-regressions//cmd_info-exp.uJl5Db 2014-05-07 16:04:52.755137878 -0700
+++ /tmp/r2-regressions//cmd_info-out.OFFBej 2014-05-07 16:04:52.799137491 -0700
@@ -1,4 +1,24 @@
Basic information.
+file ../s/x64-simple
+type EXEC (Executable file)
+pic false
+canary false
+has_va true
+root elf
+class ELF64
+lang c
+arch x86
+bits 64
+machine AMD x86-64 architecture
+os linux
+subsys linux
+endian little
+strip true
+static false
+linenum false
+lsyms false
+relocs false
+rpath NONE
type EXEC (Executable file)
os linux
arch AMD x86-64 architecture
@@ -8,34 +28,40 @@
fd 42
size 0x170
mode r--
-block 0x40
+block 0x100
uri ../s/x64-simple
All information.
-[File info]
-File=../s/x64-simple
-Type=EXEC (Executable file)
-HasVA=true
-RootClass=elf
-Class=ELF64
-Arch=x86 64
-Machine=AMD x86-64 architecture
-OS=linux
-Subsystem=linux
-Big endian=false
-Stripped=true
-Static=true
-Line_nums=false
-Local_syms=false
-Relocs=false
-RPath=NONE
-[Entrypoints]
-addr=0x00400080 off=0x00000080 baddr=0x00400000
+[Imports]
-1 entrypoints
+0 imports
+file ../s/x64-simple
+type EXEC (Executable file)
+pic false
+canary false
+has_va true
+root elf
+class ELF64
+lang c
+arch x86
+bits 64
+machine AMD x86-64 architecture
+os linux
+subsys linux
+endian little
+strip true
+static false
+linenum false
+lsyms false
+relocs false
+rpath NONE
[Imports]
0 imports
+[Entrypoints]
+addr=0x00400080 off=0x00000080 baddr=0x00000000
+
+1 entrypoints
[Symbols]
0 symbols
@@ -44,47 +70,28 @@
idx=01 addr=0x0040009c off=0x0000009c sz=17 vsz=17 perm=---- name=.shstrtab
2 sections
-[Header fields]
-idx=00 addr=0x00400000 off=0x00000000 name=ehdr
-idx=01 addr=0x004000b0 off=0x000000b0 name=shoff
-idx=02 addr=0x00400040 off=0x00000040 name=phoff
-idx=03 addr=0x00400000 off=0x00000000 name=phdr_0
-
-4 fields
-[strings]
-
-0 strings
+fs imports
e file.type=elf
e cfg.bigendian=false
e asm.os=linux
e asm.arch=x86
-e anal.plugin=x86
+e anal.arch=x86
e asm.bits=64
e asm.dwarf=true
+fs imports
fs symbols
f entry0 @ 0x00400080
s entry0
-fs imports
fs symbols
fs sections
S 0x00000080 0x00400080 0x0000001c 0x0000001c .text 5
f section..text 28 0x00400080
-f section_end..text 0 0x0040009c
+f section_end..text 0 0x0000009c
CC [00] va=0x00400080 pa=0x00000080 sz=28 vsz=28 rwx=-r-x .text @ 0x00400080
S 0x0000009c 0x0040009c 0x00000011 0x00000011 .shstrtab 0
f section..shstrtab 17 0x0040009c
-f section_end..shstrtab 0 0x004000ad
+f section_end..shstrtab 0 0x000000ad
CC [01] va=0x0040009c pa=0x0000009c sz=17 vsz=17 rwx=---- .shstrtab @ 0x0040009c
-fs header
-f header.ehdr @ 0x00400000
-[00] addr=0x00400000 off=0x00000000 name=ehdr
-f header.shoff @ 0x004000b0
-[01] addr=0x004000b0 off=0x000000b0 name=shoff
-f header.phoff @ 0x00400040
-[02] addr=0x00400040 off=0x00000040 name=phoff
-f header.phdr_0 @ 0x00400000
-[03] addr=0x00400000 off=0x00000000 name=phdr_0
-S 0 0x400000 0x0 0x0 ehdr rwx
fs strings
Imports.
@@ -94,34 +101,37 @@
fs imports
Binary info.
-[File info]
-File=../s/x64-simple
-Type=EXEC (Executable file)
-HasVA=true
-RootClass=elf
-Class=ELF64
-Arch=x86 64
-Machine=AMD x86-64 architecture
-OS=linux
-Subsystem=linux
-Big endian=false
-Stripped=true
-Static=true
-Line_nums=false
-Local_syms=false
-Relocs=false
-RPath=NONE
+file ../s/x64-simple
+type EXEC (Executable file)
+pic false
+canary false
+has_va true
+root elf
+class ELF64
+lang c
+arch x86
+bits 64
+machine AMD x86-64 architecture
+os linux
+subsys linux
+endian little
+strip true
+static false
+linenum false
+lsyms false
+relocs false
+rpath NONE
e file.type=elf
e cfg.bigendian=false
e asm.os=linux
e asm.arch=x86
-e anal.plugin=x86
+e anal.arch=x86
e asm.bits=64
e asm.dwarf=true
Entrypoints.
[Entrypoints]
-addr=0x00400080 off=0x00000080 baddr=0x00400000
+addr=0x00400080 off=0x00000080 baddr=0x00000000
1 entrypoints
fs symbols
@@ -140,35 +150,15 @@
idx=01 addr=0x0040009c off=0x0000009c sz=17 vsz=17 perm=---- name=.shstrtab
2 sections
-[Header fields]
-idx=00 addr=0x00400000 off=0x00000000 name=ehdr
-idx=01 addr=0x004000b0 off=0x000000b0 name=shoff
-idx=02 addr=0x00400040 off=0x00000040 name=phoff
-idx=03 addr=0x00400000 off=0x00000000 name=phdr_0
-
-4 fields
fs sections
S 0x00000080 0x00400080 0x0000001c 0x0000001c .text 5
f section..text 28 0x00400080
-f section_end..text 0 0x0040009c
+f section_end..text 0 0x0000009c
CC [00] va=0x00400080 pa=0x00000080 sz=28 vsz=28 rwx=-r-x .text @ 0x00400080
S 0x0000009c 0x0040009c 0x00000011 0x00000011 .shstrtab 0
f section..shstrtab 17 0x0040009c
-f section_end..shstrtab 0 0x004000ad
+f section_end..shstrtab 0 0x000000ad
CC [01] va=0x0040009c pa=0x0000009c sz=17 vsz=17 rwx=---- .shstrtab @ 0x0040009c
-fs header
-f header.ehdr @ 0x00400000
-[00] addr=0x00400000 off=0x00000000 name=ehdr
-f header.shoff @ 0x004000b0
-[01] addr=0x004000b0 off=0x000000b0 name=shoff
-f header.phoff @ 0x00400040
-[02] addr=0x00400040 off=0x00000040 name=phoff
-f header.phdr_0 @ 0x00400000
-[03] addr=0x00400000 off=0x00000000 name=phdr_0
-S 0 0x400000 0x0 0x0 ehdr rwx
Strings.
-[strings]
-
-0 strings
fs strings
[ ] cmd_java: use java prototypes command to print methods and fields
[OK]
[ ] cmd_java: use java calc_flags command to calculate java flags
[OK]
[ ] cmd_java: use java set_flags and flags_str_at to reset the access flag on class file entities
[OK]
[ ] cmd_java: use java to get constant pool objects
[OK]
[ ] cmd_macros: (msg x,?e $0)
[OK]
[ ] cmd_macros: .(msg x y,?e $0 $1)
[OK]
[ ] cmd_macros: .(msg "foo bar")
[OK]
[ ] cmd_macros: .(msg foo\ bar)
[OK]
[ ] cmd_macros: (*~?
[OK]
[ ] cmd_macros: 3(foo,p8 4,s+$0)(1)
[XX]
Command: /usr/local/bin/radare2 -e scr.color=0 -N -q -i /tmp/r2-regressions//cmd_macros-rad.Ww5AjW - > /tmp/r2-regressions//cmd_macros-out.Czfp0u 2> /tmp/r2-regressions//cmd_macros-err.6izxok
Script:
wx 010203040506070809
3(foo,p8 4,s+$0)(1)
Diff: --- /tmp/r2-regressions//cmd_macros-exp.HYlfmE 2014-05-07 16:04:53.255133527 -0700
+++ /tmp/r2-regressions//cmd_macros-out.Czfp0u 2014-05-07 16:04:53.295133179 -0700
@@ -1,3 +1,3 @@
01020304
-02030405
-03040506
+01020304
+01020304
[ ] cmd_open: o-
[OK]
[ ] cmd_open: o -
[OK]
[ ] cmd_open: om
[OK]
[ ] cmd_open: om2
[OK]
[ ] cmd_pD: pD -10 @ 10
[OK]
[ ] cmd_pD: pD -10 @ 0
[OK]
[ ] cmd_pD: pD 5 @ 0
[XX]
Command: /usr/local/bin/radare2 -e scr.color=0 -N -q -i /tmp/r2-regressions//cmd_pD-rad.2pZO1v malloc://512 > /tmp/r2-regressions//cmd_pD-out.itPrGm 2> /tmp/r2-regressions//cmd_pD-err.S4lVEV
Script: e anal.hasnext=0
e asm.arch=x86
e asm.bits=64
wx b8010000004839ca7f00
pD 5
=================================================================
==13437==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x602000005c95 at pc 0x45ae79 bp 0x7fff60ce4a30 sp 0x7fff60ce4a00
READ of size 8 at 0x602000005c95 thread T0
#0 0x45ae78 in __interceptor_memcmp (/usr/local/bin/radare2+0x45ae78)
#1 0x7f0f6ad8a87c in is_invalid /home/user/radare2/libr/anal/data.c:46
#2 0x7f0f6ad8b0aa in r_anal_data /home/user/radare2/libr/anal/data.c:183
#3 0x7f0f6ad8b2e0 in r_anal_data_kind /home/user/radare2/libr/anal/data.c:218
#4 0x7f0f6c1fe71a in handle_print_ptr /home/user/radare2/libr/core/disasm.c:1391
#5 0x7f0f6c1ff774 in r_core_print_disasm /home/user/radare2/libr/core/disasm.c:1653
#6 0x7f0f6c1c3fa0 in cmd_print /home/user/radare2/libr/core/cmd_print.c:1190
#7 0x7f0f6c1eadb9 in r_cmd_call /home/user/radare2/libr/core/cmd_api.c:173
#8 0x7f0f6c1cf1bc in r_core_cmd_subst_i /home/user/radare2/libr/core/cmd.c:1416
#9 0x7f0f6c1cd696 in r_core_cmd_subst /home/user/radare2/libr/core/cmd.c:976
#10 0x7f0f6c1cfd02 in r_core_cmd /home/user/radare2/libr/core/cmd.c:1601
#11 0x7f0f6c1cfe1f in r_core_cmd_lines /home/user/radare2/libr/core/cmd.c:1627
#12 0x7f0f6c1cff5d in r_core_cmd_file /home/user/radare2/libr/core/cmd.c:1655
#13 0x7f0f6c1cb8ad in r_core_run_script /home/user/radare2/libr/core/cmd.c:343
#14 0x48f5dc in main /home/user/radare2/binr/radare2/radare2.c:542
#15 0x7f0f66d64ec4 (/lib/x86_64-linux-gnu/libc.so.6+0x21ec4)
#16 0x48731c in _start (/usr/local/bin/radare2+0x48731c)
0x602000005c95 is located 0 bytes to the right of 5-byte region [0x602000005c90,0x602000005c95)
allocated by thread T0 here:
#0 0x46e631 in malloc (/usr/local/bin/radare2+0x46e631)
#1 0x7f0f6c1c3ee2 in cmd_print /home/user/radare2/libr/core/cmd_print.c:1184
#2 0x7f0f6c1eadb9 in r_cmd_call /home/user/radare2/libr/core/cmd_api.c:173
#3 0x7f0f6c1cf1bc in r_core_cmd_subst_i /home/user/radare2/libr/core/cmd.c:1416
#4 0x7f0f6c1cd696 in r_core_cmd_subst /home/user/radare2/libr/core/cmd.c:976
#5 0x7f0f6c1cfd02 in r_core_cmd /home/user/radare2/libr/core/cmd.c:1601
#6 0x7f0f6c1cfe1f in r_core_cmd_lines /home/user/radare2/libr/core/cmd.c:1627
#7 0x7f0f6c1cff5d in r_core_cmd_file /home/user/radare2/libr/core/cmd.c:1655
#8 0x7f0f6c1cb8ad in r_core_run_script /home/user/radare2/libr/core/cmd.c:343
#9 0x48f5dc in main /home/user/radare2/binr/radare2/radare2.c:542
#10 0x7f0f66d64ec4 (/lib/x86_64-linux-gnu/libc.so.6+0x21ec4)
SUMMARY: AddressSanitizer: heap-buffer-overflow ??:0 __interceptor_memcmp
Shadow bytes around the buggy address:
0x0c047fff8b40: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c047fff8b50: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c047fff8b60: fa fa fa fa fa fa 00 05 fa fa fd fd fa fa fd fd
0x0c047fff8b70: fa fa fd fd fa fa 00 02 fa fa 00 02 fa fa 00 02
0x0c047fff8b80: fa fa fd fa fa fa fd fa fa fa fd fa fa fa 03 fa
=>0x0c047fff8b90: fa fa[05]fa fa fa 04 fa fa fa 03 fa fa fa 04 fa
0x0c047fff8ba0: fa fa 05 fa fa fa 06 fa fa fa fd fa fa fa fd fa
0x0c047fff8bb0: fa fa fd fa fa fa 04 fa fa fa 04 fa fa fa 04 fa
0x0c047fff8bc0: fa fa 04 fa fa fa 04 fa fa fa 04 fa fa fa 03 fa
0x0c047fff8bd0: fa fa 03 fa fa fa 03 fa fa fa 03 fa fa fa 00 fa
0x0c047fff8be0: fa fa 00 fa fa fa 03 fa fa fa 04 fa fa fa 07 fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap right redzone: fb
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Contiguous container OOB:fc
ASan internal: fe
==13437==ABORTING
[ ] cmd_pD: pd 5 @ 0
[OK]
[ ] cmd_pD: pd -4 @ 1
[OK]
[ ] cmd_pD: pd -5 @ 6
[OK]
[ ] cmd_pD: pd -2 @ 5
[OK]
[ ] cmd_pD: pd -3 @ 6
[OK]
[ ] cmd_pc: pc hello-linux-x86_64
[OK]
[ ] cmd_pdf: pdf with conditional linesout set
[OK]
[ ] cmd_pdf_dwarf: pdf dwarf
[XX]
Command: /usr/local/bin/radare2 -e scr.color=0 -N -q -i /tmp/r2-regressions//cmd_pdf_dwarf-rad.XwC04K ../b/files/main > /tmp/r2-regressions//cmd_pdf_dwarf-out.UXqkmA 2> /tmp/r2-regressions//cmd_pdf_dwarf-err.0z9luB
Script: e asm.dwarf=true
e bin.dwarf=true
aa
pdf@main
Diff: --- /tmp/r2-regressions//cmd_pdf_dwarf-exp.9v9ivp 2014-05-07 16:04:54.039126709 -0700
+++ /tmp/r2-regressions//cmd_pdf_dwarf-out.UXqkmA 2014-05-07 16:04:54.091126257 -0700
@@ -5,21 +5,23 @@
| 0x00400531 4883ec20 sub rsp, 0x20
| 0x00400535 897dec mov [rbp-0x14], edi
| 0x00400538 488975e0 mov [rbp-0x20], rsi
-| 0x0040053c c745fc00000. mov dword [rbp-0x4], 0x0 ; main.c:6 for (i = 0; i < 10; i++) {
+| 0x0040053c c745fc00000. mov dword [rbp-0x4], 0x0 ; main.c:6 for (i = 0; i < 10; i++) {
| ,=< 0x00400543 eb18 jmp 0x40055d ; (fcn.004004fc)
| | ; JMP XREF from 0x00400561 (fcn.004004fc)
|- loc.00400545 37
-| | 0x00400545 8b45fc mov eax, [rbp-0x4] ; main.c:7 printf("This is a dwarf test %d\n", i);
+| | 0x00400545 8b45fc mov eax, [rbp-0x4] ; main.c:7 printf("This is a dwarf test %d\n", i);
|- fcn.0040055d 34
| | 0x00400548 89c6 mov esi, eax
| | 0x0040054a bff4054000 mov edi, str.Thisisadwarftest_d ; 0x004005f4
| | 0x0040054f b800000000 mov eax, 0x0
| | 0x00400554 e8b7feffff call sym.imp.printf
| | sym.imp.printf(unk)
-| | 0x00400559 8345fc01 add dword [rbp-0x4], 0x1 ; main.c:6 for (i = 0; i < 10; i++) {
+| | 0x00400559 8345fc01 add dword [rbp-0x4], 0x1 ; main.c:6 for (i = 0; i < 10; i++) {
| | ; JMP XREF from 0x00400543 (fcn.004004fc)
| `-> 0x0040055d 837dfc09 cmp dword [rbp-0x4], 0x9
| 0x00400561 7ee2 jle loc.00400545
-| 0x00400563 b800000000 mov eax, 0x0 ; main.c:10 return 0;
+| 0x00400563 b800000000 mov eax, 0x0 ; main.c:10 return 0;
| 0x00400568 c9 leave ; main.c:11 }
\ 0x00400569 c3 ret
+/home/user/radare2/radare2-regressions/t/../b/files/
+/home/user/radare2/radare2-regressions/t/../b/files/
[ ] cmd_pdn: pdn 4 @ 0
[OK]
[ ] cmd_pdn: pdn 4 arm 32 @ 0
[OK]
[ ] cmd_pdn: pdn 4 x86 64 @ 0
[OK]
[ ] cmd_pdn: pdn walk from 4->8
[OK]
[ ] cmd_pdn: pdn walk [32] from 4->8
[OK]
[ ] cmd_pdn: pdn -4 @ 0
[OK]
[ ] cmd_pdn: pdn -6 @ 6
[OK]
[ ] cmd_pdn: pdn -5 @ 6
[OK]
[ ] cmd_pdn: pd -5 @ 6
[OK]
[ ] cmd_pi: pi 3
[OK]
[ ] cmd_pi: pi 6
[OK]
[ ] cmd_pi: pi -3 @ 3
[BR]
Command: /usr/local/bin/radare2 -e scr.color=0 -N -q -i /tmp/r2-regressions//cmd_pi-rad.WptuNB malloc://512 > /tmp/r2-regressions//cmd_pi-out.Wt9Bob 2> /tmp/r2-regressions//cmd_pi-err.pipcY7
Script:
e asm.arch=x86
e asm.bits=64
wx b8010000004839ca7f00
b8010000004839ca7f00
pi -3 @ 10
Diff: --- /tmp/r2-regressions//cmd_pi-exp.ZqCoPH 2014-05-07 16:04:54.607121769 -0700
+++ /tmp/r2-regressions//cmd_pi-out.Wt9Bob 2014-05-07 16:04:54.607121769 -0700
@@ -1,3 +0,0 @@
-mov eax, 0x1
-cmp rdx, rcx
-jg 0xa
[ ] cmd_pm: pm hello.c
[OK]
[ ] cmd_pxw: pxw cfg.bigendian=true
[OK]
[ ] cmd_pxw: pxw cfg.bigendian=false
[OK]
[ ] cmd_repeats: 3p8
[OK]
[ ] cmd_repeats: 3p8;?e hi
[OK]
[ ] cmd_repeats: 2p8 1;?e hi
[OK]
[ ] cmd_repeats: 3p8 1 && 2p8 4
[OK]
[ ] cmd_seek: seek far offset
[OK]
[ ] cmd_seek: seek opcodes
[OK]
[ ] cmd_shift: wes 0 10
[OK]
[ ] cmd_shift: wes 8 -4
[OK]
[ ] cmd_shift: wes 8 -8
[OK]
[ ] cmd_system: !
[OK]
[ ] cmd_system: !| grep
[OK]
[ ] cmd_system: !| sed
[OK]
[ ] cmd_system: ?e|
[OK]
[ ] cmd_system: p8 `?e 3`
[OK]
[ ] cmd_system: p8 `!echo 3`
[OK]
[ ] cmd_system: !echo "test"
[BR]
Command: /usr/local/bin/radare2 -e scr.color=0 -N -q -i /tmp/r2-regressions//cmd_system-rad.UVWct0 - > /tmp/r2-regressions//cmd_system-out.6F7DoX 2> /tmp/r2-regressions//cmd_system-err.bcS8Y2
Script:
!echo "test"
!echo "test
Diff: --- /tmp/r2-regressions//cmd_system-exp.Cy1tJW 2014-05-07 16:04:55.535113698 -0700
+++ /tmp/r2-regressions//cmd_system-out.6F7DoX 2014-05-07 16:04:55.579113316 -0700
@@ -1,2 +1 @@
test
-sh: 1: Syntax error: Unterminated quoted string
[ ] cmd_types: struct
[OK]
[ ] cmd_types: enum32
[OK]
[ ] cmd_types: enum64
[OK]
[ ] cmd_visual: Vc+cq
[OK]
[ ] cmd_write: wa
[OK]
[ ] cmd_write: wx
[OK]
[ ] cmd_write: wo
[XX]
Command: /usr/local/bin/radare2 -e scr.color=0 -N -q -i /tmp/r2-regressions//cmd_write-rad.0g0yhs -w malloc://8 > /tmp/r2-regressions//cmd_write-out.eER91u 2> /tmp/r2-regressions//cmd_write-err.7UwQys
Script:
wx 0001020304050607
woa 01 @ 0!8
p8 8
woa 01 @ 0!8
p8 8
=================================================================
==14089==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x602000006cf8 at pc 0x45ae79 bp 0x7fff35bb6e70 sp 0x7fff35bb6e40
READ of size 16 at 0x602000006cf8 thread T0
#0 0x45ae78 in __interceptor_memcmp (/usr/local/bin/radare2+0x45ae78)
#1 0x7f8971e8f429 in check /home/user/radare2/libr/..//libr/bin/p/bin_rar.c:12
#2 0x7f8971dfd71f in r_bin_get_binplugin_by_binfile /home/user/radare2/libr/bin/bin.c:583
#3 0x7f8971dfda5f in r_bin_file_new_as /home/user/radare2/libr/bin/bin.c:644
#4 0x7f8971dfce18 in r_bin_load_io_at_offset_as /home/user/radare2/libr/bin/bin.c:387
#5 0x7f8971dfcbca in r_bin_load_io /home/user/radare2/libr/bin/bin.c:348
#6 0x7f8972960b53 in r_core_file_do_load_for_io_plugin /home/user/radare2/libr/core/file.c:290
#7 0x7f8972960f4f in r_core_bin_load /home/user/radare2/libr/core/file.c:419
#8 0x48dd50 in main /home/user/radare2/binr/radare2/radare2.c:466
#9 0x7f896d4f3ec4 (/lib/x86_64-linux-gnu/libc.so.6+0x21ec4)
#10 0x48731c in _start (/usr/local/bin/radare2+0x48731c)
0x602000006cf8 is located 0 bytes to the right of 8-byte region [0x602000006cf0,0x602000006cf8)
allocated by thread T0 here:
#0 0x46e631 in malloc (/usr/local/bin/radare2+0x46e631)
#1 0x7f896e80c1b9 in r_buf_set_bytes /home/user/radare2/libr/util/buf.c:63
#2 0x7f8971dfd9e5 in r_bin_file_new_as /home/user/radare2/libr/bin/bin.c:634
#3 0x7f8971dfce18 in r_bin_load_io_at_offset_as /home/user/radare2/libr/bin/bin.c:387
#4 0x7f8971dfcbca in r_bin_load_io /home/user/radare2/libr/bin/bin.c:348
#5 0x7f8972960b53 in r_core_file_do_load_for_io_plugin /home/user/radare2/libr/core/file.c:290
#6 0x7f8972960f4f in r_core_bin_load /home/user/radare2/libr/core/file.c:419
#7 0x48dd50 in main /home/user/radare2/binr/radare2/radare2.c:466
#8 0x7f896d4f3ec4 (/lib/x86_64-linux-gnu/libc.so.6+0x21ec4)
SUMMARY: AddressSanitizer: heap-buffer-overflow ??:0 __interceptor_memcmp
Shadow bytes around the buggy address:
0x0c047fff8d40: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c047fff8d50: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c047fff8d60: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c047fff8d70: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c047fff8d80: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
=>0x0c047fff8d90: fa fa fa fa fa fa fa fa fa fa fa fa fa fa 00[fa]
0x0c047fff8da0: fa fa 00 03 fa fa 00 fa fa fa 06 fa fa fa fd fa
0x0c047fff8db0: fa fa 02 fa fa fa fd fa fa fa 00 03 fa fa fd fa
0x0c047fff8dc0: fa fa 00 03 fa fa 00 03 fa fa 00 03 fa fa 00 fa
0x0c047fff8dd0: fa fa fd fd fa fa 02 fa fa fa fd fa fa fa 06 fa
0x0c047fff8de0: fa fa fd fa fa fa 06 fa fa fa fd fa fa fa fd fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap right redzone: fb
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Contiguous container OOB:fc
ASan internal: fe
==14089==ABORTING
[ ] cmd_yank: y cat
[OK]
[ ] cmd_yank: y, yx cat
[OK]
[ ] cmp: cmp data
[OK]
[ ] cmp: unified diff and patch
[OK]
[ ] cons: backtickgrep
[OK]
[ ] cons: echo
[OK]
[ ] cons: grepcol
[OK]
[ ] cons: grepcol2
[OK]
[ ] cons: grepcolrow
[OK]
[ ] cons: grepcount
[OK]
[ ] display_flag: Flags comments
[BR]
Command: /usr/local/bin/radare2 -e scr.color=0 -N -q -i /tmp/r2-regressions//display_flag-rad.kDGJC9 malloc://512 > /tmp/r2-regressions//display_flag-out.V0HXJd 2> /tmp/r2-regressions//display_flag-err.u6rFVH
Script:
e asm.arch=x86
e asm.bits=16
wx 66b801000000b90f006683fb02e2fa66bb01000000c3
af+ 0000:0000 22 fnc1
f .loop1 @ 0000:0009
pd 1 @ 0000:000d
Diff: --- /tmp/r2-regressions//display_flag-exp.Xfc8SK 2014-05-07 16:04:56.435105872 -0700
+++ /tmp/r2-regressions//display_flag-out.V0HXJd 2014-05-07 16:04:56.471105559 -0700
@@ -1 +1 @@
-│ 0000:000d e2fa loop 0x10009 ; (loop1) ; (fcn1)
+| 0000:000d e2fa loop 0x9 ; (fnc1)
[ ] esil: esil x86-64
[OK]
[ ] esil: esil x86-64
[OK]
[ ] feat_arithmetic: basic
[OK]
[ ] feat_arithmetic: sum
[OK]
[ ] feat_arithmetic: binary
[OK]
[ ] feat_asmtabs: asm tabs
[OK]
[ ] feat_base64: base64 encode
[OK]
[ ] feat_base64: base64 decode
[OK]
[ ] feat_graphdiff: graphdiff segfault
[OK]
[ ] feat_grep: px~:1[1]
[OK]
[ ] feat_grep: px~?
[OK]
[ ] feat_grep: i;$s
[OK]
[ ] feat_grep: ?e~[0]
[OK]
[ ] feat_grep: ?e~[0]
[OK]
[ ] feat_input: newline ?e \n
[OK]
[ ] feat_input: comments
[OK]
[ ] feat_input: w foo#bar
[OK]
[ ] feat_input: "quoted"
[OK]
[ ] feat_input: "quoted"@addr
[OK]
[ ] feat_input: "?e foo" "?e bar"
[OK]
[ ] feat_input: at3 "?vi $$"@3 "?e bar"
[OK]
[ ] feat_input: ?e foo;?e bar
[OK]
[ ] feat_input: ;?e bar
[OK]
[ ] feat_redirect: pb>x;!wc -c x
[OK]
[ ] feat_redirect: p8|sed -e s,0,x,g>x;cat x;rm x
[OK]
[ ] feat_segoff: asm.segoff
[OK]
[ ] feat_variables: $variables (malloc)
[BR]
Command: /usr/local/bin/radare2 -e scr.color=0 -N -q -i /tmp/r2-regressions//feat_variables-rad.ckMUza malloc://1024 > /tmp/r2-regressions//feat_variables-out.v0eGNl 2> /tmp/r2-regressions//feat_variables-err.GKKm8P
Script:
e asm.arch = x86
e asm.bits = 32
?e Current seek.
?v $$
s 42
?v $$
s-
?v $$
?e
?e Current io offset.
?v $o
s 42
?v $o
s-
?v $o
?e
?e File size reporting.
?v $s
?e
?e Block size.
b 123;?v $b;? $b
?e
?e Jump address.
wa jmp 0x30
?v $j
wa jz 0x01
?v $j
wa xor eax, eax
?v $j
?e
?e Jump fail address.
wa jmp 0x30
?v $f
wa jz 0x01
?v $f
wa xor eax, eax
?v $f
?e
?e Opcode memory reference.
wa mov eax, [0x500]
?v $r
wa mov eax, ebx
?v $r
?e
?e Opcode length.
wa xor eax, eax
?v $l
wa mov esp, 0x1
?v $l
wa ret
?v $l
?e
?e End of (assembly) block?
wa inc eax
?v $e
wa jmp 0x01
?v $e
wa ret
?v $e
wa call 0x01
?v $e
?e
?e Get value of configuration variable.
?v ${asm.bits}
?e
?e Last comparision value.
? 5 + 3
?v $?
? 0
?v $?
Diff: --- /tmp/r2-regressions//feat_variables-exp.om4u23 2014-05-07 16:04:57.723094671 -0700
+++ /tmp/r2-regressions//feat_variables-out.v0eGNl 2014-05-07 16:04:57.763094324 -0700
@@ -5,7 +5,7 @@
Current io offset.
0x0
-0x2a
+0x12a
0x0
File size reporting.
@@ -13,7 +13,7 @@
Block size.
0x7b
-123 0x7b 0173 123.0 0000:007b 123 01111011 123.0 0.000000
+123 0x7b 0173 123.0 0000:007b 123 "{" 01111011 123.0 0.000000
Jump address.
0x30
@@ -26,8 +26,8 @@
0xffffffffffffffff
Opcode memory reference.
-0x500
-0xffffffffffffffff
+0x17
+0x17
Opcode length.
0x2
@@ -36,8 +36,8 @@
End of (assembly) block?
0x0
-0x1
-0x1
+0x0
+0x0
0x0
Get value of configuration variable.
@@ -46,5 +46,5 @@
Last comparision value.
8 0x8 010 8.0 0000:0008 8 00001000 8.0 0.000000
0x8
-0 0x0 00 8.0 0000:0000 0 00000000 0.0 0.000000
+0 0x0 00 0.0 0000:0000 0 00000000 0.0 0.000000
0x0
[ ] feat_variables: $variables (file x86)
[BR]
Command: /usr/local/bin/radare2 -e scr.color=0 -N -q -i /tmp/r2-regressions//feat_variables-rad.aLXc1o ../s/x86-simple > /tmp/r2-regressions//feat_variables-out.awSozN 2> /tmp/r2-regressions//feat_variables-err.HZDE4L
Script:
# We can't write to a file.
e io.cache = 1
e asm.arch = x86
e asm.bits = 32
?e Current seek.
?v $$
s 42
?v $$
s-
?v $$
?e
?e Current io offset.
?v $o
s 42
?v $o
s-
?v $o
?e
?e File size reporting.
?v $s
?e
?e Block size.
b 123;?v $b;? $b
?e
?e Jump address.
wa jmp 0x30
?v $j
wa jz 0x01
?v $j
wa xor eax, eax
?v $j
?e
?e Jump fail address.
wa jmp 0x30
?v $f
wa jz 0x01
?v $f
wa xor eax, eax
?v $f
?e
?e Opcode memory reference.
wa mov eax, [0x500]
?v $r
wa mov eax, ebx
?v $r
?e
?e Opcode length.
wa xor eax, eax
?v $l
wa mov esp, 0x1
?v $l
wa ret
?v $l
?e
?e End of (assembly) block?
wa inc eax
?v $e
wa jmp 0x01
?v $e
wa ret
?v $e
wa call 0x01
?v $e
?e
?e Get value of configuration variable.
?v ${asm.bits}
?e
?e Last comparision value.
? 5 + 3
?v $?
? 0
?v $?
Diff: --- /tmp/r2-regressions//feat_variables-exp.IcrCEc 2014-05-07 16:04:57.771094254 -0700
+++ /tmp/r2-regressions//feat_variables-out.awSozN 2014-05-07 16:04:57.815093872 -0700
@@ -5,7 +5,7 @@
Current io offset.
0x60
-0x2a
+0x1fc
0x60
File size reporting.
@@ -13,31 +13,31 @@
Block size.
0x7b
-123 0x7b 0173 123.0 0000:007b 123 01111011 123.0 0.000000
+123 0x7b 0173 123.0 0000:007b 123 "{" 01111011 123.0 0.000000
Jump address.
-0x30
-0x1
-0xffffffffffffffff
+0x8048065
+0x8048065
+0x8048065
Jump fail address.
-0xffffffffffffffff
-0x8048066
-0xffffffffffffffff
+0x8048065
+0x8048065
+0x8048065
Opcode memory reference.
-0x500
-0xffffffffffffffff
+0x17
+0x17
Opcode length.
-0x2
0x5
-0x1
+0x5
+0x5
End of (assembly) block?
0x0
-0x1
-0x1
+0x0
+0x0
0x0
Get value of configuration variable.
@@ -46,5 +46,5 @@
Last comparision value.
8 0x8 010 8.0 0000:0008 8 00001000 8.0 0.000000
0x8
-0 0x0 00 8.0 0000:0000 0 00000000 0.0 0.000000
+0 0x0 00 0.0 0000:0000 0 00000000 0.0 0.000000
0x0
[ ] feat_variables: $variables (file x64)
[BR]
Command: /usr/local/bin/radare2 -e scr.color=0 -N -q -i /tmp/r2-regressions//feat_variables-rad.HcMWt2 ../s/x64-simple > /tmp/r2-regressions//feat_variables-out.jf3Jeb 2> /tmp/r2-regressions//feat_variables-err.gClcIE
Script:
# We can't write to a file.
e io.cache = 1
e asm.arch = x86
e asm.bits = 32
?e Current seek.
?v $$
s 42
?v $$
s-
?v $$
?e
?e Current io offset.
?v $o
s 42
?v $o
s-
?v $o
?e
?e File size reporting.
?v $s
?e
?e Block size.
b 123;?v $b;? $b
?e
?e Jump address.
wa jmp 0x30
?v $j
wa jz 0x01
?v $j
wa xor eax, eax
?v $j
?e
?e Jump fail address.
wa jmp 0x30
?v $f
wa jz 0x01
?v $f
wa xor eax, eax
?v $f
?e
?e Opcode memory reference.
wa mov eax, [0x500]
?v $r
wa mov eax, ebx
?v $r
?e
?e Opcode length.
wa xor eax, eax
?v $l
wa mov esp, 0x1
?v $l
wa ret
?v $l
?e
?e End of (assembly) block?
wa inc eax
?v $e
wa jmp 0x01
?v $e
wa ret
?v $e
wa call 0x01
?v $e
?e
?e Get value of configuration variable.
?v ${asm.bits}
?e
?e Last comparision value.
? 5 + 3
?v $?
? 0
?v $?
Diff: --- /tmp/r2-regressions//feat_variables-exp.UEuwYV 2014-05-07 16:04:57.823093802 -0700
+++ /tmp/r2-regressions//feat_variables-out.jf3Jeb 2014-05-07 16:04:57.863093454 -0700
@@ -5,7 +5,7 @@
Current io offset.
0x80
-0x2a
+0x12a
0x80
File size reporting.
@@ -13,31 +13,31 @@
Block size.
0x7b
-123 0x7b 0173 123.0 0000:007b 123 01111011 123.0 0.000000
+123 0x7b 0173 123.0 0000:007b 123 "{" 01111011 123.0 0.000000
Jump address.
-0x30
-0x1
-0xffffffffffffffff
+0x400085
+0x400085
+0x400085
Jump fail address.
-0xffffffffffffffff
-0x400086
-0xffffffffffffffff
+0x400085
+0x400085
+0x400085
Opcode memory reference.
-0x500
-0xffffffffffffffff
+0x17
+0x17
Opcode length.
-0x2
0x5
-0x1
+0x5
+0x5
End of (assembly) block?
0x0
-0x1
-0x1
+0x0
+0x0
0x0
Get value of configuration variable.
[ ] feat_yank: yank-segfault
[OK]
[ ] feat_yank: yank-and-paste
[OK]
[ ] feat_yank: yank-segfault2
[OK]
[ ] feat_yank: yank-segfault3
[OK]
[ ] feat_yank: yank-segfault4
[OK]
[ ] feat_yank: yank-doublefree
[OK]
[ ] file_malloc: malloc://1024
[OK]
[ ] file_malloc: malloc://1
[XX]
Command: /usr/local/bin/radare2 -e scr.color=0 -N -q -i /tmp/r2-regressions//file_malloc-rad.vI4PL7 malloc://1 > /tmp/r2-regressions//file_malloc-out.eN95UO 2> /tmp/r2-regressions//file_malloc-err.rgcRfi
Script:
b 0x40
i
px
=================================================================
==14830==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x602000006cf1 at pc 0x45ae79 bp 0x7fff71cc8bb0 sp 0x7fff71cc8b80
READ of size 8 at 0x602000006cf1 thread T0
#0 0x45ae78 in __interceptor_memcmp (/usr/local/bin/radare2+0x45ae78)
#1 0x7fe8205a7a78 in check /home/user/radare2/libr/..//libr/bin/p/bin_dex.c:72
#2 0x7fe82055c71f in r_bin_get_binplugin_by_binfile /home/user/radare2/libr/bin/bin.c:583
#3 0x7fe82055ca5f in r_bin_file_new_as /home/user/radare2/libr/bin/bin.c:644
#4 0x7fe82055be18 in r_bin_load_io_at_offset_as /home/user/radare2/libr/bin/bin.c:387
#5 0x7fe82055bbca in r_bin_load_io /home/user/radare2/libr/bin/bin.c:348
#6 0x7fe8210bfb53 in r_core_file_do_load_for_io_plugin /home/user/radare2/libr/core/file.c:290
#7 0x7fe8210bff4f in r_core_bin_load /home/user/radare2/libr/core/file.c:419
#8 0x48dd50 in main /home/user/radare2/binr/radare2/radare2.c:466
#9 0x7fe81bc52ec4 (/lib/x86_64-linux-gnu/libc.so.6+0x21ec4)
#10 0x48731c in _start (/usr/local/bin/radare2+0x48731c)
0x602000006cf1 is located 0 bytes to the right of 1-byte region [0x602000006cf0,0x602000006cf1)
allocated by thread T0 here:
#0 0x46e631 in malloc (/usr/local/bin/radare2+0x46e631)
#1 0x7fe81cf6b1b9 in r_buf_set_bytes /home/user/radare2/libr/util/buf.c:63
#2 0x7fe82055c9e5 in r_bin_file_new_as /home/user/radare2/libr/bin/bin.c:634
#3 0x7fe82055be18 in r_bin_load_io_at_offset_as /home/user/radare2/libr/bin/bin.c:387
#4 0x7fe82055bbca in r_bin_load_io /home/user/radare2/libr/bin/bin.c:348
#5 0x7fe8210bfb53 in r_core_file_do_load_for_io_plugin /home/user/radare2/libr/core/file.c:290
#6 0x7fe8210bff4f in r_core_bin_load /home/user/radare2/libr/core/file.c:419
#7 0x48dd50 in main /home/user/radare2/binr/radare2/radare2.c:466
#8 0x7fe81bc52ec4 (/lib/x86_64-linux-gnu/libc.so.6+0x21ec4)
SUMMARY: AddressSanitizer: heap-buffer-overflow ??:0 __interceptor_memcmp
Shadow bytes around the buggy address:
0x0c047fff8d40: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c047fff8d50: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c047fff8d60: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c047fff8d70: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c047fff8d80: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
=>0x0c047fff8d90: fa fa fa fa fa fa fa fa fa fa fa fa fa fa[01]fa
0x0c047fff8da0: fa fa 00 03 fa fa 01 fa fa fa 06 fa fa fa fd fa
0x0c047fff8db0: fa fa 02 fa fa fa fd fa fa fa 00 03 fa fa fd fa
0x0c047fff8dc0: fa fa 00 03 fa fa 00 03 fa fa 00 03 fa fa 01 fa
0x0c047fff8dd0: fa fa fd fd fa fa 02 fa fa fa fd fa fa fa 06 fa
0x0c047fff8de0: fa fa fd fa fa fa 06 fa fa fa fd fa fa fa fd fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap right redzone: fb
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Contiguous container OOB:fc
ASan internal: fe
==14830==ABORTING
[ ] file_malloc: malloc://
[OK]
[ ] flags: getset
[OK]
[ ] format: pe32
[OK]
[ ] hash: md5sha1
[OK]
[ ] hash: rahash2 -a all
[OK]
[ ] hash: sugar
[OK]
[ ] io: minimal usage
[OK]
[ ] io: minimal usage
[OK]
[ ] io: empty file
[OK]
[ ] io: dupfd bug
[OK]
[ ] io: dupfd hard
[OK]
[ ] io: io ff
[XX]
Command: /usr/local/bin/radare2 -e scr.color=0 -N -q -i /tmp/r2-regressions//io-rad.XBfbhD ../../b/files/hello-linux-x86_64 > /tmp/r2-regressions//io-out.iIsR93 2> /tmp/r2-regressions//io-err.2sG3qh
Script:
p8 4 @ 0x999999999
Diff: --- /tmp/r2-regressions//io-exp.eAxcMf 2014-05-07 16:05:04.187038461 -0700
+++ /tmp/r2-regressions//io-out.iIsR93 2014-05-07 16:05:04.227038113 -0700
@@ -1 +1 @@
-ffffffff
+ff7f454c
[ ] io: alloc map
[OK]
[ ] io: o 100
[OK]
[ ] io: malloc://128;om 0x100;x@0xff
[OK]
[ ] io: om 0x100;x@0xff
[OK]
[ ] io: o - 0x9000;x@0x8f00
[BR]
Command: /usr/local/bin/radare2 -e scr.color=0 -N -q -i /tmp/r2-regressions//io-rad.ecC5Fu - > /tmp/r2-regressions//io-out.EztKNp 2> /tmp/r2-regressions//io-err.yJMf3C
Script: o malloc://128 0x9000
x 32 @ 0x8ff0
Diff: --- /tmp/r2-regressions//io-exp.c5iysQ 2014-05-07 16:05:04.423036409 -0700
+++ /tmp/r2-regressions//io-out.EztKNp 2014-05-07 16:05:04.459036096 -0700
@@ -1,3 +1,3 @@
- offset - 0 1 2 3 4 5 6 7 8 9 A B C D E F 0123456789ABCDEF
0x00008ff0 ffff ffff ffff ffff ffff ffff ffff ffff ................
-0x00009000 0000 0000 0000 0000 0000 0000 0000 0000 ................
+0x00009000 ffff ffff ffff ffff ffff ffff ffff ffff ................
[ ] io: r xx
[OK]
[ ] io: r/wx nn
[OK]
[ ] io: io/va-entry0 linux-arm
[OK]
[ ] io: empty file+seek
[OK]
[ ] io: empty file+resize
[OK]
world[ ] meta: add comment
[OK]
[ ] meta: add comment
[OK]
[ ] meta: add comment at
[OK]
[ ] meta: del comment
[OK]
[ ] meta: add two comment
[OK]
[ ] meta: del comment at address
[OK]
[ ] meta: multiline comment
[FX]
[ ] meta: Cs : convert to string
[OK]
[ ] meta: Cs : concatenated strings bug
[BR]
Command: /usr/local/bin/radare2 -e scr.color=0 -N -q -i /tmp/r2-regressions//meta-rad.si3IwR malloc://1024 > /tmp/r2-regressions//meta-out.BqOHir 2> /tmp/r2-regressions//meta-err.2PIJgt
Script:
w hello\x00world
Cs 6
Cs 6@6
pd 2
Diff: --- /tmp/r2-regressions//meta-exp.v2fJ2q 2014-05-07 16:05:05.091030600 -0700
+++ /tmp/r2-regressions//meta-out.BqOHir 2014-05-07 16:05:05.127030287 -0700
@@ -1,2 +1,2 @@
- 0x00000000 .string "hello" ; len=6
- 0x00000007 .string "world" ; len=6
+ 0x00000000 .string "hello" ; len=6
+ 0x00000006 .string "world" ; len=6
[ ] meta: Cs : concatenated strings bug
[BR]
Command: /usr/local/bin/radare2 -e scr.color=0 -N -q -i /tmp/r2-regressions//meta-rad.xGgD3o malloc://1024 > /tmp/r2-regressions//meta-out.yzg1EM 2> /tmp/r2-regressions//meta-err.yVWtc4
Script:
w hello\x00world
Cs 6
Cs 6@6
pd 2
Diff: --- /tmp/r2-regressions//meta-exp.gI0zSK 2014-05-07 16:05:05.139030183 -0700
+++ /tmp/r2-regressions//meta-out.yzg1EM 2014-05-07 16:05:05.175029870 -0700
@@ -1,2 +1,2 @@
- 0x00000000 .string "hello" ; len=6
- 0x00000007 .string "world" ; len=6
+ 0x00000000 .string "hello" ; len=6
+ 0x00000006 .string "world" ; len=6
[ ] meta: Cs : string count bug
[OK]
[ ] meta: Ch : hide bytes in pd
[OK]
[ ] meta: Ch : add/del hide bytes
[OK]
[ ] sandbox: sandbox disable
[OK]
[ ] search: basic
[OK]
[ ] search: crash
[OK]
[ ] search: hex
[OK]
[ ] search: va
[OK]
[ ] sections: 0000
[BR]
Command: /usr/local/bin/radare2 -e scr.color=0 -N -q -i /tmp/r2-regressions//sections-rad.PpWwQT malloc://0x4000 > /tmp/r2-regressions//sections-out.dB9wya 2> /tmp/r2-regressions//sections-err.OIrYeP
Script:
s 0
e io.va=true
b 64
wb 33
S 0 0x1000 64 64 test
s 0x1000
px
s-16
px
Diff: --- /tmp/r2-regressions//sections-exp.MdLLMy 2014-05-07 16:05:05.571026426 -0700
+++ /tmp/r2-regressions//sections-out.dB9wya 2014-05-07 16:05:05.607026114 -0700
@@ -1,3 +1,10 @@
-aabbccdd
-bbddffff
-ddffffff
+- offset - 0 1 2 3 4 5 6 7 8 9 A B C D E F 0123456789ABCDEF
+0x00001000 3333 3333 3333 3333 3333 3333 3333 3333 3333333333333333
+0x00001010 3333 3333 3333 3333 3333 3333 3333 3333 3333333333333333
+0x00001020 3333 3333 3333 3333 3333 3333 3333 3333 3333333333333333
+0x00001030 3333 3333 3333 3333 3333 3333 3333 3333 3333333333333333
+- offset - 0 1 2 3 4 5 6 7 8 9 A B C D E F 0123456789ABCDEF
+0x00000ff0 0033 3333 3333 3333 3333 3333 3333 3333 .333333333333333
+0x00001000 3333 3333 3333 3333 3333 3333 3333 3333 3333333333333333
+0x00001010 3333 3333 3333 3333 3333 3333 3333 3333 3333333333333333
+0x00001020 3333 3333 3333 3333 3333 3333 3333 3333 3333333333333333
[ ] sections: glue
[BR]
Command: /usr/local/bin/radare2 -e scr.color=0 -N -q -i /tmp/r2-regressions//sections-rad.nx9lAJ - > /tmp/r2-regressions//sections-out.bH24dQ 2> /tmp/r2-regressions//sections-err.2AQlxN
Script:
e io.va=true
wx aabbccdd
p8 4
S 1 0x1000 1 1 section_bb
S 3 0x1001 1 1 section_dd
p8 4 @ 0x1000
p8 4 @ 0x1001
Diff: --- /tmp/r2-regressions//sections-exp.RQGoIA 2014-05-07 16:05:05.623025974 -0700
+++ /tmp/r2-regressions//sections-out.bH24dQ 2014-05-07 16:05:05.655025696 -0700
@@ -1,3 +1,3 @@
aabbccdd
-bbddffff
+bbccffff
ddffffff
[ ] sections: helloworld-gcc-elf
[OK]
[ ] sections: helloworld-phdr-elf
[OK]
[ ] sections: simple-elf
[OK]
[ ] seek: empty-file
[OK]
[ ] seek: malloc
[OK]
[ ] seek: manyundo
[OK]
[ ] seek: undoredo
[OK]
[ ] shell: stdin eof [?1001r[?1000l[?1001r[?1000l[?1001r[?1000l[?1001r[?1000l[?1001r[?1000l[?1001r[?1000l
[FX]
[ ] shell: stdin quit [?1001r[?1000l[?1001r[?1000l[?1001r[?1000l
[OK]
[ ] shell: stdin quit [?1001r[?1000l[?1001r[?1000l[?1001r[?1000l
[OK]
[ ] visual: visual hex scroll
[OK]
[ ] visual: visual op scroll
[OK]
[ ] visual: visual hex pP scroll
[OK]
=== Report ===
SUCCESS
[188]
FIXED
[2]
BROKEN
[20]
FAILED
[18]
TOTAL
[228] BROKENNESS
[16%%]
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment