Crash when e asm.reloff=true #10757

cyanpencil · 2018-07-17T11:07:33Z

To reproduce:
r2 /bin/ls -A -c "s main; e asm.reloff=1; pd 1"

ASAN:

AddressSanitizer:DEADLYSIGNAL
=================================================================
==9109==ERROR: AddressSanitizer: SEGV on unknown address 0x00000000001d (pc 0x7f45cf991ad2 bp 0x7ffcbe5890b0 sp 0x7ffcbe5887d8 T0)
==9109==The signal is caused by a READ memory access.
==9109==Hint: address points to the zero page.
    #0 0x7f45cf991ad1 in __sanitizer::internal_strlen(char const*) /build/gcc/src/gcc/libsanitizer/sanitizer_common/sanitizer_libc.cc:171
    #1 0x7f45cf8d278d in printf_common /build/gcc/src/gcc/libsanitizer/sanitizer_common/sanitizer_common_interceptors_format.inc:544
    #2 0x7f45cf8d41ad in __interceptor_vsnprintf /build/gcc/src/gcc/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:1509
    #3 0x7f45ce934d05 in r_cons_printf_list /home/luca/radare2/libr/cons/cons.c:893
    #4 0x7f45ce935084 in r_cons_printf /home/luca/radare2/libr/cons/cons.c:915
    #5 0x7f45cf30d27f in r_print_offset_sg /home/luca/radare2/libr/core/cmd_print.c:5731
    #6 0x7f45cf447040 in ds_print_offset /home/luca/radare2/libr/core/disasm.c:2425
    #7 0x7f45cf45c2e0 in r_core_print_disasm /home/luca/radare2/libr/core/disasm.c:4754
    #8 0x7f45cf303ad4 in cmd_print /home/luca/radare2/libr/core/cmd_print.c:4481
    #9 0x7f45cf3e7d28 in r_cmd_call /home/luca/radare2/libr/core/cmd_api.c:237
    #10 0x7f45cf344b9c in r_core_cmd_subst_i /home/luca/radare2/libr/core/cmd.c:2863
    #11 0x7f45cf33d893 in r_core_cmd_subst /home/luca/radare2/libr/core/cmd.c:1892
    #12 0x7f45cf34a028 in r_core_cmd /home/luca/radare2/libr/core/cmd.c:3567
    #13 0x7f45cf207b44 in r_core_prompt_exec /home/luca/radare2/libr/core/core.c:2438
    #14 0x564798a3bf1b in main /home/luca/radare2/binr/radare2/radare2.c:1373
    #15 0x7f45c94c206a in __libc_start_main (/usr/lib/libc.so.6+0x2306a)
    #16 0x564798a34fc9 in _start (/home/luca/radare2/binr/radare2/radare2+0x6fc9)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /build/gcc/src/gcc/libsanitizer/sanitizer_common/sanitizer_libc.cc:171 in __sanitizer::internal_strlen(char const*)
==9109==ABORTING

The text was updated successfully, but these errors were encountered:

radare · 2018-07-17T12:36:33Z

to start with, passing filename BEFORE the flags is an anti-pattern imposed by GNU. dont do that, its not portable. it doesnst works on Mac or BSD systems. apart from that i dont get any crash, can you try with r2 from git?, also this seems to be a null deref, by reading the crashmsg

…

On 17 Jul 2018, at 13:07, Luca Di Bartolomeo ***@***.***> wrote: To reproduce: r2 /bin/ls -A -c "s main; e.reloff=1; pd 1" ASAN: AddressSanitizer:DEADLYSIGNAL ================================================================= ==9109==ERROR: AddressSanitizer: SEGV on unknown address 0x00000000001d (pc 0x7f45cf991ad2 bp 0x7ffcbe5890b0 sp 0x7ffcbe5887d8 T0) ==9109==The signal is caused by a READ memory access. ==9109==Hint: address points to the zero page. #0 0x7f45cf991ad1 in __sanitizer::internal_strlen(char const*) /build/gcc/src/gcc/libsanitizer/sanitizer_common/sanitizer_libc.cc:171 #1 0x7f45cf8d278d in printf_common /build/gcc/src/gcc/libsanitizer/sanitizer_common/sanitizer_common_interceptors_format.inc:544 #2 0x7f45cf8d41ad in __interceptor_vsnprintf /build/gcc/src/gcc/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:1509 #3 0x7f45ce934d05 in r_cons_printf_list /home/luca/radare2/libr/cons/cons.c:893 #4 0x7f45ce935084 in r_cons_printf /home/luca/radare2/libr/cons/cons.c:915 #5 0x7f45cf30d27f in r_print_offset_sg /home/luca/radare2/libr/core/cmd_print.c:5731 #6 0x7f45cf447040 in ds_print_offset /home/luca/radare2/libr/core/disasm.c:2425 #7 0x7f45cf45c2e0 in r_core_print_disasm /home/luca/radare2/libr/core/disasm.c:4754 #8 0x7f45cf303ad4 in cmd_print /home/luca/radare2/libr/core/cmd_print.c:4481 #9 0x7f45cf3e7d28 in r_cmd_call /home/luca/radare2/libr/core/cmd_api.c:237 #10 0x7f45cf344b9c in r_core_cmd_subst_i /home/luca/radare2/libr/core/cmd.c:2863 #11 0x7f45cf33d893 in r_core_cmd_subst /home/luca/radare2/libr/core/cmd.c:1892 #12 0x7f45cf34a028 in r_core_cmd /home/luca/radare2/libr/core/cmd.c:3567 #13 0x7f45cf207b44 in r_core_prompt_exec /home/luca/radare2/libr/core/core.c:2438 #14 0x564798a3bf1b in main /home/luca/radare2/binr/radare2/radare2.c:1373 #15 0x7f45c94c206a in __libc_start_main (/usr/lib/libc.so.6+0x2306a) #16 0x564798a34fc9 in _start (/home/luca/radare2/binr/radare2/radare2+0x6fc9) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV /build/gcc/src/gcc/libsanitizer/sanitizer_common/sanitizer_libc.cc:171 in __sanitizer::internal_strlen(char const*) ==9109==ABORTING — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub <#10757>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AA3-lr57ULVZsyVCINZ_0hGe6mhM4kVKks5uHcV3gaJpZM4VSpI6>.

cyanpencil · 2018-07-17T13:03:58Z

I made a full sys/install, I'm sure I'm on latest master...
can you try to pd 10 or scroll up and down in visual disasm? It still crashes to me

If it helps, here is my /bin/ls:
ls.zip

to start with, passing filename BEFORE the flags is an anti-pattern imposed by GNU. dont do that, its not portable. it doesnst works on Mac or BSD systems.

Didn't know that... glad that at least I learnt something for this! Thanks for the tip

radare · 2018-07-17T13:35:03Z

Did u had a previous installation of r2 maybe? Try make purge to be sure u dont have stale files But anyway if u run sys/asan.sh you can get a proper crahlog

…

On 17 Jul 2018, at 15:04, Luca Di Bartolomeo ***@***.***> wrote: I made a full sys/install, I'm sure I'm on latest master... can you try to pd 10 or scroll up and down in visual disasm? It still crashes to me If it helps, here is my /bin/ls: ls.zip to start with, passing filename BEFORE the flags is an anti-pattern imposed by GNU. dont do that, its not portable. it doesnst works on Mac or BSD systems. Didn't know that... glad that at least I learnt something for this! Thanks for the tip — You are receiving this because you commented. Reply to this email directly, view it on GitHub, or mute the thread.

cyanpencil · 2018-07-17T15:34:08Z

I tried with make purge and then sys/install, but to no avail, still crashes.

I tried a fresh install on a lubuntu virtual machine, still crashes :(

But anyway if u run sys/asan.sh you can get a proper crahlog

The log I posted before is what ASAN gave me

NOTE: it crashes only if the binary is analized with aa and then disasm is printed.

radare · 2018-07-17T17:28:06Z

the foramt string in that line was wrong. i just fixed it, pls confirm if you can repro the crash now

cyanpencil · 2018-07-17T17:32:21Z

Yes, it is fixed now. Thanks!

cyanpencil changed the title ~~Crash when e.reloff=true~~ Crash when e asm.reloff=true Jul 17, 2018

radare closed this as completed in 8069925 Jul 17, 2018

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Crash when e asm.reloff=true #10757

Crash when e asm.reloff=true #10757

cyanpencil commented Jul 17, 2018 •

edited

Loading

radare commented Jul 17, 2018 via email

cyanpencil commented Jul 17, 2018

radare commented Jul 17, 2018 via email

cyanpencil commented Jul 17, 2018

radare commented Jul 17, 2018

cyanpencil commented Jul 17, 2018

Crash when e asm.reloff=true #10757

Crash when e asm.reloff=true #10757

Comments

cyanpencil commented Jul 17, 2018 • edited Loading

radare commented Jul 17, 2018 via email

cyanpencil commented Jul 17, 2018

radare commented Jul 17, 2018 via email

cyanpencil commented Jul 17, 2018

radare commented Jul 17, 2018

cyanpencil commented Jul 17, 2018

cyanpencil commented Jul 17, 2018 •

edited

Loading