r2core is null and r2frida aborts #96
Comments
|
Cant reproduce any crash, tested on linux-32,64 as well as in macOS building everything with asan :/
I changed the assert for an if+warning message, so you may get a more meaningful error, but i dont see why io->user should be NULL
can you try doing a clean rebuild of r2 and r2frida?, git clean -xdf or clone the r2frida repo again.
… On 4 Aug 2018, at 00:18, Eduardo Novella ***@***.***> wrote:
Radare2 version
***@***.***:~/radare2$ r2 -v
radare2 2.8.0-git 18942 @ linux-x86-64 git.2.7.0-244-gc66112c13
commit: c66112c13bd59ecb1dcaaadea8106b6b44164f0c build: 2018-08-03__23:00:56
Installation r2frida after building r2 with ASAN
***@***.***:~/radare2$ r2pm -i r2frida
=================================================================
==21600==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 2544 byte(s) in 1 object(s) allocated from:
#0 0x7f68abc7af40 in realloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdef40)
#1 0x7f68ab516fcb in r_core_autocomplete_add /home/edu/radare2/libr/core/core.c:3105
#2 0x7f689d771917 in r_cmd_pdd_init /home/edu/.local/share/radare2/r2pm/git/r2dec-js/p/core_pdd.c:237
Direct leak of 64 byte(s) in 1 object(s) allocated from:
#0 0x7f68abc7af40 in realloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdef40)
#1 0x7f68ab516fcb in r_core_autocomplete_add /home/edu/radare2/libr/core/core.c:3105
#2 0x7f689d7719df in r_cmd_pdd_init /home/edu/.local/share/radare2/r2pm/git/r2dec-js/p/core_pdd.c:245
Direct leak of 8 byte(s) in 1 object(s) allocated from:
#0 0x7f68abc7af40 in realloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdef40)
#1 0x7f68ab516fcb in r_core_autocomplete_add /home/edu/radare2/libr/core/core.c:3105
#2 0x7f68ab50de2b in init_autocomplete /home/edu/radare2/libr/core/core.c:2001
#3 0x7f68ab510927 in r_core_init /home/edu/radare2/libr/core/core.c:2215
#4 0x55e7ce7e8f28 in main /home/edu/radare2/binr/radare2/radare2.c:499
#5 0x7f68a57bfb96 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b96)
SUMMARY: AddressSanitizer: 2616 byte(s) leaked in 3 allocation(s).
Already up-to-date.
Install Done For r2frida
[ "`readlink ext/frida`" = frida-linux-12.0.4 ] || \
(cd ext && rm -f frida ; ln -fs frida-linux-12.0.4 frida)
make io_frida.so
make[1]: Entering directory '/home/edu/.local/share/radare2/r2pm/git/r2frida'
pkg-config --cflags r_core
-I/usr/include/libr
g++ src/io_frida.o -o io_frida.so -shared -fPIC -lr_core -lssl -lcrypto -lr_config -lr_debug -lr_bin -lr_anal -lr_bp -lr_egg -lr_asm -lr_lang -lr_parse -lr_flag -lr_cons -lr_reg -lr_search -lr_syscall -lr_fs -lr_magic -lr_crypto -lr_hash -lr_io -lr_socket -lr_util -ldl ext/frida/libfrida-core.a -lresolv
make[1]: Leaving directory '/home/edu/.local/share/radare2/r2pm/git/r2frida'
mkdir -p /"/home/edu/.local/share/radare2/plugins"
cp -f io_frida.so /"/home/edu/.local/share/radare2/plugins"
Backtrace
***@***.***:~/radare2$ gdb -q --args r2 frida:///bin/ls
Reading symbols from r2...done.
(gdb) r
Starting program: /usr/bin/r2 frida:///bin/ls
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
[New Thread 0x7fffe891b700 (LWP 21583)]
**
ERROR:src/io_frida.c:77:r_io_frida_new: assertion failed: (rf->r2core != NULL)
Thread 1 "r2" received signal SIGABRT, Aborted.
__GI_raise ***@***.***=6) at ../sysdeps/unix/sysv/linux/raise.c:51
51 ../sysdeps/unix/sysv/linux/raise.c: No such file or directory.
(gdb) bt
#0 __GI_raise ***@***.***=6) at ../sysdeps/unix/sysv/linux/raise.c:51
#1 0x00007ffff0a5c801 in __GI_abort () at abort.c:79
#2 0x00007fffe8e4de16 in g_default_assertion_handler (domain=<optimised out>, file=<optimised out>, line=<optimised out>,
func=0x7fffeba10c88 <__func__.45263> "r_io_frida_new", message=<optimised out>, user_data=<optimised out>)
at ../../../../glib/glib/gtestutils.c:2543
#3 0x00007fffe8e4b5dc in g_assertion_message_expr (domain=0x0, file=0x7fffeba0f9d4 "src/io_frida.c", line=77,
func=0x7fffeba10c88 <__func__.45263> "r_io_frida_new", expr=<optimised out>) at ../../../../glib/glib/gtestutils.c:2576
#4 0x00007fffe8e47316 in r_io_frida_new () from /home/edu/.local/share/radare2/plugins/io_frida.so
#5 0x00007fffe8e474f9 in __open () from /home/edu/.local/share/radare2/plugins/io_frida.so
#6 0x00007ffff3b1f4f4 in r_io_desc_open (io=0x61a000000080, uri=0x7fffffffe1e6 "frida:///bin/ls", flags=5, mode=420) at desc.c:105
#7 0x00007ffff3b11da1 in r_io_open_nomap (io=0x61a000000080, uri=0x7fffffffe1e6 "frida:///bin/ls", flags=5, mode=420) at io.c:261
#8 0x00007ffff68ded1c in r_core_file_open (r=0x55555576b380 <r>, file=0x7fffffffe1e6 "frida:///bin/ls", flags=5, loadaddr=0) at file.c:745
#9 0x000055555555fea2 in main (argc=2, argv=0x7fffffffde38, envp=0x7fffffffde50) at radare2.c:1048
(gdb)
More info
https://ghostbin.com/paste/6tq48 <https://ghostbin.com/paste/6tq48>
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub <#96>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AA3-lkKS3F_Ns6dfzF1B1I_9AkVaQkc4ks5uNMxPgaJpZM4Vurx1>.
|
|
Hi @radare, Apparently you upgraded frida from 12.0.4 to 12.0.8 so I don't know where the issue was coming from but after edu@de11:~/radare2$ r2 frida:///bin/ls
-- Emulate the base address of a file with e file.baddr.
[0x00000000]> \?
r2frida commands available via =! or \ prefix
? Show this help
?V Show target Frida version
/[x][j] <string|hexpairs> Search hex/string pattern in memory ranges (see search.in=?)
/w[j] string Search wide string
/v[1248][j] value Search for a value honoring `e cfg.bigendian` of given width
i Show target information
ii[*] List imports
il List libraries
is[*] <lib> List symbols of lib (local and global ones)
isa[*] (<lib>) <sym> Show address of symbol
iE[*] <lib> Same as is, but only for the export global ones
ic <class> List Objective-C classes or methods of <class>
ip <protocol> List Objective-C protocols or methods of <protocol>
fd[*j] <address> Inverse symbol resolution
dd[-][fd] ([newfd]) List, dup2 or close filedescriptors
dm[.|j|*] Show memory regions
dma <size> Allocate <size> bytes on the heap, address is returned
dmas <string> Allocate a string inited with <string> on the heap
dmad <addr> <size> Allocate <size> bytes on the heap, copy contents from <addr>
dmal List live heap allocations created with dma[s]
dma- (<addr>...) Kill the allocations at <addr> (or all of them without param)
dmp <addr> <size> <perms> Change page at <address> with <size>, protection <perms> (rwx)
dmm List all named squashed maps
dmh List all heap allocated chunks
dmhj List all heap allocated chunks in JSON
dmh* Export heap chunks and regions as r2 flags
dmhm Show which maps are used to allocate heap chunks
dp Show current pid
dpt Show threads
dr Show thread registers (see dpt)
env [k[=v]] Get/set environment variable
dl libname Dlopen a library
dl2 libname [main] Inject library using Frida's >= 8.2 new API
dt <addr> .. Trace list of addresses
dt- Clear all tracing
dtr <addr> (<regs>...) Trace register values
dtf <addr> [fmt] Trace address with format (^ixzO) (see dtf?)
dtSf[*j] [sym|addr] Trace address or symbol using the stalker (Frida >= 10.3.13)
dtS[*j] seconds Trace all threads for given seconds using the stalker
di[0,1,-1] [addr] Intercept and replace return value of address
dx [hexpairs] Inject code and execute it (TODO)
dxc [sym|addr] [args..] Call the target symbol with given args
e[?] [a[=b]] List/get/set config evaluable vars
. script Run script
<space> code.. Evaluate Cycript code
eval code.. Evaluate Javascript code in agent side
dc Continue
T[-*] [msg] text-log console, useful to .\T
[0x00000000]> Thanks |
|
Fixed at commit 08e6304 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Radare2 version
edu@de11:~/radare2$ r2 -v
radare2 2.8.0-git 18942 @ linux-x86-64 git.2.7.0-244-gc66112c13
commit: c66112c13bd59ecb1dcaaadea8106b6b44164f0c build: 2018-08-03__23:00:56
Installation r2frida after building r2 with ASAN
Backtrace
More info
https://ghostbin.com/paste/6tq48
The text was updated successfully, but these errors were encountered: