5.8.4 built with meson segfaults on some binaries

[xambroz]

Environment

2023-03-16T18:35:36 CET
radare2 5.8.4 0 @ linux-x86-64 git.5.8.4
commit: unknown build: 2023-03-16__00:00:00
Linux x86_64

Description

Issuing "radare2 /bin/false" immediately segfaults in sdb_hash.
It is not case with all binaries. For example opening /bin/bash is OK in Fedora37.

Program received signal SIGSEGV, Segmentation fault.
0x000055555556c839 in sdb_hash ()
(gdb) bt
#0  0x000055555556c839 in sdb_hash ()
#1  0x00007ffff70ee40c in hashRBinElfSymbol.lto_priv.1 ()
   from /lib64/libr_bin.so.5.8.4
#2  0x0000555555565563 in reserve_kv.lto_priv ()
#3  0x000055555556589a in insert_update.lto_priv ()
#4  0x00007ffff70f481e in Elf64__r_bin_elf_get_symbols_imports.lto_priv.0
    () from /lib64/libr_bin.so.5.8.4
#5  0x00007ffff70b0270 in entries.lto_priv ()
   from /lib64/libr_bin.so.5.8.4
#6  0x00007ffff709fc57 in r_bin_object_set_items ()
   from /lib64/libr_bin.so.5.8.4
#7  0x00007ffff70a05e7 in r_bin_object_new ()
   from /lib64/libr_bin.so.5.8.4
#8  0x00007ffff7090524 in r_bin_open_buf () from /lib64/libr_bin.so.5.8.4
#9  0x00007ffff7090c03 in r_bin_open_io () from /lib64/libr_bin.so.5.8.4
#10 0x00007ffff737a4f6 in r_core_bin_load ()
   from /lib64/libr_core.so.5.8.4
#11 0x00007ffff7e22438 in r_main_radare2 ()
   from /lib64/libr_main.so.5.8.4
#12 0x00007ffff7c4c510 in __libc_start_call_main (
    main=main@entry=0x555555561840 <main>, argc=argc@entry=2, 
    argv=argv@entry=0x7fffffffd838)
    at ../sysdeps/nptl/libc_start_call_main.h:58
#13 0x00007ffff7c4c5c9 in __libc_start_main_impl (
    main=0x555555561840 <main>, argc=2, argv=0x7fffffffd838, 
    init=<optimized out>, fini=<optimized out>, 
    rtld_fini=<optimized out>, stack_end=0x7fffffffd828)
    at ../csu/libc-start.c:381
#14 0x0000555555561a85 in _start ()

Test

radare2 5.8.4 compiled with meson - https://copr.fedorainfracloud.org/coprs/rebus/infosec/build/5651283/
/bin/false from coreutils-9.1-7.fc37.x86_64 - https://koji.fedoraproject.org/koji/buildinfo?buildID=2105770

[trufae]

I compiled r2 with meson (on macOS and Ubuntu) with the flags listed below taken from the fedora build logs). Downloaded the coreutils pkg and loaded the false binary without any crash.

MESONFLAGS='-Duse_sys_magic=true -Duse_sys_zip=true -Duse_sys_zlib=true -Duse_sys_lz4=true -Duse_sys_xxhash=true -Duse_ssl=true -Duse_libuv=true -Ddebugger=false -Duse_sys_capstone=true -Denable_tests=false -Denable_r2r=false -Dwant_threads=false'
CFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1  -m64 -march=z13 -mtune=z14 -fasynchronous-unwind-tables -fstack-clash-protection'
LDFLAGS='-Wl,-z,relro -Wl,--as-needed  -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1  -Wl,--build-id=sha1 -specs=/usr/lib/rpm/redhat/redhat-package-notes 

So, before I jump into doing more tests here because i assume i need to setup a fedora VM to reproduce..
Can you do an asan build to post a full crashlog? without touching the build, using the gdb prompt you posted above can you determine the reason of the crash? because i think it's a null deref, but that's just a blind guess, the lto builds create new symbols and i miss all the source line info, so it's hard to say without seeing the disassembly and register state

Also I would like to understand the use of some of these flags:

• building against libcapstone is "fine" for distributions, but not for users. capstone4 was released 5 years ago and it lacks all the modern instructions used on ARM and X86-64 cpus nowaday. Capstone5 is not released yet and i've lost my faith for this to happen, but just a headsup about the situation
• why it's building r2 without debugger capabilities? (-Ddebugger=false) it removes most of the fun.

also, other comments and personal opinions:

• libmagic behaves different (uses a different syntax as the one shipped in r2 which is based on openbsd code) so the magic files used need to be compatible. also performance of libmagic is quite worst for carving memory, and in the past there was exploitable vulns ( i think that vuln was solved few years ago )
• the only benefit for building r2 with ssl is to connect to https:// to download files. So it's not really a big feature for the users because there are better tools for this.
• about zip support, r2 forked code lacks asserts and I fixed some integer overflow vulns. Actually 60% of the vulns spotted by coverity scan are spotted in this codebase and i plan to write my own zip implementation at some point because i dont think a zip library should take more than 1000 LOC
• next release of r2 (5.8.6) will probably drop the syslz4 option, despite i find this implementation quite neat, we use smalllz4 which is 400LOC instead of 2600LOC and its not distributed as a standalone package

[trufae]

that's my blind guess. but all this code sucks in many ways and i would like to rewrite it from scratch too.

diff --git a/libr/bin/format/elf/elf.c b/libr/bin/format/elf/elf.c
index c369ddc2f2..7721f8080e 100644
--- a/libr/bin/format/elf/elf.c
+++ b/libr/bin/format/elf/elf.c
@@ -3615,13 +3615,15 @@ RBinSymbol *Elf_(_r_bin_elf_convert_symbol)(struct Elf_(r_bin_elf_obj_t) *bin,

 static ut32 hashRBinElfSymbol(const void *obj) {
        const RBinElfSymbol *symbol = (const RBinElfSymbol *)obj;
-       if (!symbol || !*symbol->name) {
+       if (!symbol || R_STR_ISEMPTY (symbol->name)) {
                return 0;
        }
        int hash = sdb_hash (symbol->name);
-       hash ^= sdb_hash (symbol->type);
+       if (R_STR_ISNOTEMPTY (symbol->type)) {
+               hash ^= sdb_hash (symbol->type);
+       }
        hash ^= (symbol->offset >> 32);
-       hash ^= (symbol->offset & 0xffffffff);
+       hash ^= (symbol->offset & UT32_MAX);
        return hash;
 }

@@ -3629,10 +3631,16 @@ static int cmp_RBinElfSymbol(const RBinElfSymbol *a, const RBinElfSymbol *b) {
        if (a->offset != b->offset) {
                return 1;
        }
+       if (!a->name || !b->name) {
+               return 1;
+       }
        int result = strcmp (a->name, b->name);
        if (result != 0) {
                return result;
        }
+       if (!a->type || !b->type) {
+               return 1;
+       }
        return strcmp (a->type, b->type);
 }

[xambroz]

Can you do an asan build to post a full crashlog?
Sorry for the beginners question, but what is "asan build" ?

[xambroz]

Here is the backtrace with the debuginfo installed it should give the line numbers:

Program received signal SIGSEGV, Segmentation fault.
sdb_hash_len (len=0x0, s=0x100000010 <error: Cannot access memory at address 0x100000010>) at ../shlr/sdb/src/util.c:76
Downloading source file /usr/src/debug/radare2-5.8.4-1.fc37.x86_64/redhat-linux-build/../shlr/sdb/src/util.c
Download failed: Connection refused.  Continuing without source file /usr/src/debug/radare2-5.8.4-1.fc37.x86_64/redhat-linux-build/../shlr/sdb/src/util.c.                                                         
76	../shlr/sdb/src/util.c: Connection refused.
(gdb) bt
#0  sdb_hash_len (len=0x0, s=0x100000010 <error: Cannot access memory at address 0x100000010>) at ../shlr/sdb/src/util.c:76
#1  sdb_hash (s=0x100000010 <error: Cannot access memory at address 0x100000010>) at ../shlr/sdb/src/util.c:89
#2  0x00007ffff70ee40c in hashRBinElfSymbol.lto_priv.1 () at ../libr/bin/format/elf/elf.c:3616
#3  0x0000555555565563 in hashfn (k=0x5555557ddce0, ht=0x5555557f9da0) at ../shlr/sdb/src/ht.inc:20
#4  bucketfn (k=0x5555557ddce0, ht=0x5555557f9da0) at ../shlr/sdb/src/ht.inc:24
#5  reserve_kv (ht=ht@entry=0x5555557f9da0, key=key@entry=0x5555557ddce0, key_len=0, update=update@entry=false) at ../shlr/sdb/src/ht.inc:186
#6  0x000055555556589a in insert_update (ht=0x5555557f9da0, key=0x5555557ddce0, value=0x5555557ddce0, update=<optimized out>) at ../shlr/sdb/src/ht.inc:226
#7  0x00007ffff70f481e in Elf64__r_bin_elf_get_symbols_imports (bin=0x555555748b50, type=3) at ../libr/bin/format/elf/elf.c:3833
#8  0x00007ffff70b0270 in Elf64_r_bin_elf_get_symbols (bin=0x555555748b50) at ../libr/bin/format/elf/elf.c:3972
#9  entries (bf=<optimized out>) at ../libr/bin/p/bin_elf.inc:679
#10 0x00007ffff709fc57 in r_bin_object_set_items (bf=bf@entry=0x5555557486e0, bo=bo@entry=0x5555557488d0) at ../libr/bin/bobj.c:322
#11 0x00007ffff70a05e7 in r_bin_object_new (bf=0x5555557486e0, plugin=0x5555555f4cd0, baseaddr=18446744073709551615, loadaddr=0, offset=0, sz=33248) at ../libr/bin/bobj.c:186
#12 0x00007ffff7090524 in r_bin_file_new_from_buffer (pluginname=<optimized out>, fd=<optimized out>, loadaddr=<optimized out>, baseaddr=<optimized out>, rawstr=<optimized out>, buf=<optimized out>, 
    file=<optimized out>, bin=<optimized out>) at ../libr/bin/bfile.c:609
#13 r_bin_open_buf (bin=bin@entry=0x5555555f0250, buf=buf@entry=0x555555748690, opt=opt@entry=0x7fffffffd430) at ../libr/bin/bin.c:284
#14 0x00007ffff7090c03 in r_bin_open_io (bin=0x5555555f0250, opt=opt@entry=0x7fffffffd430) at ../libr/bin/bin.c:347
#15 0x00007ffff737a4f6 in r_core_file_do_load_for_io_plugin (loadaddr=0, baseaddr=18446744073709551615, r=0x7ffff619e010) at ../libr/core/cfile.c:437
#16 r_core_bin_load (r=r@entry=0x7ffff619e010, filenameuri=0x5555557485e0 "/bin/false", baddr=baddr@entry=18446744073709551615) at ../libr/core/cfile.c:647
#17 0x00007ffff7e23438 in binload (baddr=18446744073709551615, filepath=<optimized out>, r=0x7ffff619e010) at ../libr/main/radare2.c:469
#18 r_main_radare2 (argc=<optimized out>, argv=<optimized out>) at ../libr/main/radare2.c:1390
#19 0x00007ffff7c4d510 in __libc_start_call_main (main=main@entry=0x555555561840 <main>, argc=argc@entry=3, argv=argv@entry=0x7fffffffd748) at ../sysdeps/nptl/libc_start_call_main.h:58
#20 0x00007ffff7c4d5c9 in __libc_start_main_impl (main=0x555555561840 <main>, argc=3, argv=0x7fffffffd748, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fffffffd738)
    at ../csu/libc-start.c:381
#21 0x0000555555561a85 in _start ()

[xambroz]

Quite possibly it is not just about the messon build. I have tried to compile/install radare 5.8.4 now using the sys/install.sh .

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff7f4ad2c in sdb_hash_len () from /usr/local/lib/libr_util.so
(gdb) bt
#0  0x00007ffff7f4ad2c in sdb_hash_len () from /usr/local/lib/libr_util.so
#1  0x00007ffff7f4ad65 in sdb_hash () from /usr/local/lib/libr_util.so
#2  0x00007ffff6e9e3c6 in hashRBinElfSymbol (obj=0x555555737630) at /home/mambroz/tmp/radare2-5.8.4/libr/..//libr/bin/p/../format/elf/elf.c:3622
#3  0x00007ffff7f37190 in hashfn () from /usr/local/lib/libr_util.so
#4  0x00007ffff7f371bb in bucketfn () from /usr/local/lib/libr_util.so
#5  0x00007ffff7f378b5 in reserve_kv () from /usr/local/lib/libr_util.so
#6  0x00007ffff7f37acb in insert_update () from /usr/local/lib/libr_util.so
#7  0x00007ffff7f37b78 in ht_pp_insert () from /usr/local/lib/libr_util.so
#8  0x00007ffff6e9f299 in Elf64__r_bin_elf_get_symbols_imports (bin=0x5555556dad80, type=3) at /home/mambroz/tmp/radare2-5.8.4/libr/..//libr/bin/p/../format/elf/elf.c:3833
#9  0x00007ffff6e9feb8 in Elf64_r_bin_elf_get_symbols (bin=0x5555556dad80) at /home/mambroz/tmp/radare2-5.8.4/libr/..//libr/bin/p/../format/elf/elf.c:3972
#10 0x00007ffff6e8c65b in entries (bf=0x555555740fa0) at /home/mambroz/tmp/radare2-5.8.4/libr/..//libr/bin/p/bin_elf.inc:679
#11 0x00007ffff6e416f4 in r_bin_object_set_items (bf=0x555555740fa0, bo=0x5555557d5590) at bobj.c:322
#12 0x00007ffff6e40f9b in r_bin_object_new (bf=0x555555740fa0, plugin=0x5555555c9d70, baseaddr=0, loadaddr=0, offset=0, sz=33248) at bobj.c:186
#13 0x00007ffff6e3e38a in r_bin_file_new_from_buffer (bin=0x5555555c5480, file=0x555555799c70 "/bin/false", buf=0x5555556d5990, rawstr=0, baseaddr=0, loadaddr=0, fd=5, pluginname=0x0) at bfile.c:609
#14 0x00007ffff6e2ca33 in r_bin_open_buf (bin=0x5555555c5480, buf=0x5555556d5990, opt=0x7fffffffcf00) at bin.c:284
#15 0x00007ffff6e2cd93 in r_bin_open_io (bin=0x5555555c5480, opt=0x7fffffffcf00) at bin.c:347
#16 0x00007ffff776f5e2 in r_core_file_do_load_for_io_plugin (r=0x7ffff5e88010, baseaddr=0, loadaddr=0) at cfile.c:437
#17 0x00007ffff776fe07 in r_core_bin_load (r=0x7ffff5e88010, filenameuri=0x555555799c70 "/bin/false", baddr=0) at cfile.c:647
#18 0x00007ffff7de4d6c in binload (r=0x7ffff5e88010, filepath=0x555555799c70 "/bin/false", baddr=0) at radare2.c:469
#19 0x00007ffff7de8601 in r_main_radare2 (argc=3, argv=0x7fffffffd5e8) at radare2.c:1390
#20 0x0000555555555588 in main (argc=3, argv=0x7fffffffd5e8) at radare2.c:104

[trufae]

Asan stands for address sanitizer. You can use the sys/sanitize.sh script to build r2 with all the instrumentation in place (must clean the srcdir before) theres also a flag for meson to do the same.

its weird that i cannot reproduce. Can you share the binary that is crashing for you? Zip it and attach it to the issue

[xambroz]

I compiled r2 with meson (on macOS and Ubuntu) with the flags listed below taken from the fedora build logs).
MESONFLAGS='-Duse_sys_magic=true -Duse_sys_zip=true -Duse_sys_zlib=true -Duse_sys_lz4=true -Duse_sys_xxhash=true -Duse_ssl=true -Duse_libuv=true -Ddebugger=false -Duse_sys_capstone=true -Denable_tests=false -Denable_r2r=false -Dwant_threads=false'
why it's building r2 without debugger capabilities? (-Ddebugger=false) it removes most of the fun.

Please where you got the MESONFLAGS from, the build on copr (and official Fedora package are not using this variable and are usually enabled with the possibility to debug.
For example https://download.copr.fedorainfracloud.org/results/rebus/infosec/fedora-37-x86_64/05651283-radare2/builder-live.log.gz

This is the messon command used:

+ /usr/bin/meson setup --buildtype=plain --prefix=/usr --libdir=/usr/lib64 --libexecdir=/usr/libexec --bindir=/usr/bin --sbindir=/usr/sbin --includedir=/usr/include --datadir=/usr/share --mandir=/usr/share/man --infodir=/usr/share/info --localedir=/usr/share/locale --sysconfdir=/etc --localstatedir=/var --sharedstatedir=/var/lib --wrap-mode=nodownload --auto-features=enabled . redhat-linux-build -Duse_sys_magic=true -Duse_sys_zip=true -Duse_sys_zlib=true -Duse_sys_lz4=true -Duse_sys_xxhash=true -Duse_ssl=true -Duse_libuv=true -Duse_sys_capstone=true -Denable_tests=false -Denable_r2r=false -Dwant_threads=false

Debugger is disabled (-Ddebugger=false) only on the s390x platform (big-endian) - there were some issues with that. Long time I have not checked whether it got any better.

Here the radare2.spec stanza:

%meson \
 -Duse_sys_magic=true \
%if 0%{?fedora} \|\| 0%{?rhel} >= 8
 -Duse_sys_zip=true \
%else
 -Duse_sys_zip=false \
%endif
 -Duse_sys_zlib=true \
 -Duse_sys_lz4=true \
 -Duse_sys_xxhash=true \
 -Duse_ssl=true \
 -Duse_libuv=true \
%ifarch s390x
 -Ddebugger=false \
%endif
 -Duse_sys_capstone=true \
 -Denable_tests=false \
 -Denable_r2r=false \
 -Dwant_threads=false     # multithreading doesn't work well with Iaito package
%meson_build

also, other comments and personal opinions:
libcapstone, libzip, libmagic

This is generic strategic decision of the distributions (Fedora, Debian ...) to preferably use shared system libraries rather then local copies of code snippets embedded in various projects. It is not a dogma, but at least as a packager I need to track what libraries are embedded with versions and sufficient identification so it is possible for people tracking vulnerabilities to assess whether package is vulnerable or not, when some of the embedded/linked libraries is found vulnerable.

For example the libr/magic ... it is not really clear what version is this exactly based on, what has been patched, whether vulnerabilities since 2010 (when the code was probably forked) have been patched. This would make it hard for people who track the vulnerabilities in Fedora to judge, is this still vulnerable or not. Especially as radare2 does not only embeds pristine libraries, but these are also heavily modified.

And embedding 3rd party libraries brings also the licensing questions, which not-lawyers like to avoid to resolve. It is easier for packager to leave this to be handled by the standalone library packages and just link to those.

For example the libr/magic is licensed with BSD 2 clause license, Radare2 is GPLv3+.
You do not provide some review of licenses and licenses as standalone files for BSD, so I as packager would have to carve the license out from the files and distribute this with the binary packages as standalone license files.

[xambroz]

false.zip

[xambroz]

seems sanitize works only with clang and not gcc

[~/tmp/radare2-5.8.4] 2023-03-19 00:28:51 +0100
$ sys/sanitize.sh 
=========================================================================
Sanitize build script can be configured with the SANITIZE environment variable.
Use one of the following words to specify which sanitizers to use:
  - address     - detect memory errors
  - thread      - detect thread racing issues
  - leak        - find memory leaks
  - memory      - detect uninitialized reads
  - undefined   - find undefined behaviour
  - ...
For more information:
  http://clang.llvm.org/docs/UsersManual.html#controlling-code-generation
For example:
  $ SANITIZE='leak memory address' sys/sanitize.sh
Current value:
  SANITIZE=address undefined signed-integer-overflow
=========================================================================
/usr/bin/ld: cannot find /usr/lib64/libasan.so.8.0.0: No such file or directory
collect2: error: ld returned 1 exit status
Your compiler doesn't support a sanitizer in SANITIZE.

[trufae]

Asan works with gcc, clang and msvc. It was recently implemented in visual studio 2022. So maybe your gcc installation is incomplete or broken. That was implemented in gcc 4.8 but maybe the distro requires an extra package or ldflag like -lasan to make it work :?

[xambroz]

There is some race condition about this, which I still do not quite understand.
On one machine it started working under my normal user account then it segfaults again.
Just now :

[xambroz]

Managed to compile/install with sys/sanitize.sh (I was having libasan installed for i686, but obviously x86_64 is needed).
Unfortunately the bug doesn't demonstrate itself when compiled with libasan.
If there is meson option for that, I might try to recompile the RPM.

[trufae]

its weird because asan builds are able to catch very weird bugs like integer overflows or off-by-one reads which doesnt cause any crash on normal executions.. i still cant reproduce. can you try with valgrind then?

i also trtied with the same exact meson line you shared in the previous message and i it doesnt crash for me

[trufae]

did you tried with the patch i shared some comments above? the multithreading thing with iaito was fixed a year ago. theres no need to pass this flag to make iaito happy nowadays

[xambroz]

its weird because asan builds are able to catch very weird bugs like integer overflows or off-by-one reads which doesnt cause any crash on normal executions..

asan is reporting a lot of stuff, but that is after I quit. The crash on opening is not manifesting:

$ radare2 /bin/false
WARN: run r2 with -e bin.cache=true to fix relocations in disassembly
 -- You will soon have an out of memory experience.
[0x00002960]> 
[0x00002960]> q

=================================================================
==2655464==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 9792 byte(s) in 136 object(s) allocated from:
    #0 0x7f9c1f2ba097 in calloc (/lib64/libasan.so.8+0xba097)
    #1 0x7f9c1ee42a8d in parse_def /home/mambroz/tmp/radare2-5.8.4/libr/reg/profile.c:65
    #2 0x7f9c1ee43389 in r_reg_set_profile_string /home/mambroz/tmp/radare2-5.8.4/libr/reg/profile.c:239
    #3 0x7f9c1d5ca5bc in r_anal_set_reg_profile /home/mambroz/tmp/radare2-5.8.4/libr/anal/anal.c:308
    #4 0x7f9c1e774800 in cb_asmbits /home/mambroz/tmp/radare2-5.8.4/libr/core/cconfig.c:972
    #5 0x7f9c1f904bab in r_config_set_i /home/mambroz/tmp/radare2-5.8.4/libr/config/config.c:614
    #6 0x7f9c1e68aa82 in r_core_init /home/mambroz/tmp/radare2-5.8.4/libr/core/core.c:3231
    #7 0x7f9c1e68167c in r_core_new /home/mambroz/tmp/radare2-5.8.4/libr/core/core.c:926
    #8 0x7f9c1f9520b9 in r_main_radare2 /home/mambroz/tmp/radare2-5.8.4/libr/main/radare2.c:563
    #9 0x563b4d278587 in main /home/mambroz/tmp/radare2-5.8.4/binr/radare2/radare2.c:104
    #10 0x7f9c1ee8950f in __libc_start_call_main (/lib64/libc.so.6+0x2750f)

Direct leak of 5976 byte(s) in 83 object(s) allocated from:
    #0 0x7f9c1f2ba097 in calloc (/lib64/libasan.so.8+0xba097)
    #1 0x7f9c1ee42a8d in parse_def /home/mambroz/tmp/radare2-5.8.4/libr/reg/profile.c:65
    #2 0x7f9c1ee43389 in r_reg_set_profile_string /home/mambroz/tmp/radare2-5.8.4/libr/reg/profile.c:239
    #3 0x7f9c1e978d7a in r_debug_use /home/mambroz/tmp/radare2-5.8.4/libr/debug/plugin.c:36
    #4 0x7f9c1e776fac in cb_dbgbackend /home/mambroz/tmp/radare2-5.8.4/libr/core/cconfig.c:1875
    #5 0x7f9c1f903eca in r_config_set_cb /home/mambroz/tmp/radare2-5.8.4/libr/config/config.c:391
    #6 0x7f9c1e78049b in r_core_config_init /home/mambroz/tmp/radare2-5.8.4/libr/core/cconfig.c:3942
    #7 0x7f9c1e68aa57 in r_core_init /home/mambroz/tmp/radare2-5.8.4/libr/core/core.c:3221
    #8 0x7f9c1e68167c in r_core_new /home/mambroz/tmp/radare2-5.8.4/libr/core/core.c:926
    #9 0x7f9c1f9520b9 in r_main_radare2 /home/mambroz/tmp/radare2-5.8.4/libr/main/radare2.c:563
    #10 0x563b4d278587 in main /home/mambroz/tmp/radare2-5.8.4/binr/radare2/radare2.c:104
    #11 0x7f9c1ee8950f in __libc_start_call_main (/lib64/libc.so.6+0x2750f)

Direct leak of 5544 byte(s) in 77 object(s) allocated from:
    #0 0x7f9c1f2ba097 in calloc (/lib64/libasan.so.8+0xba097)
    #1 0x7f9c1ee42a8d in parse_def /home/mambroz/tmp/radare2-5.8.4/libr/reg/profile.c:65
    #2 0x7f9c1ee43389 in r_reg_set_profile_string /home/mambroz/tmp/radare2-5.8.4/libr/reg/profile.c:239
    #3 0x7f9c1d5ca5bc in r_anal_set_reg_profile /home/mambroz/tmp/radare2-5.8.4/libr/anal/anal.c:308
    #4 0x7f9c1d5ca292 in r_anal_use /home/mambroz/tmp/radare2-5.8.4/libr/anal/anal.c:244
    #5 0x7f9c1e7729c9 in cb_analarch /home/mambroz/tmp/radare2-5.8.4/libr/core/cconfig.c:418
    #6 0x7f9c1f903eca in r_config_set_cb /home/mambroz/tmp/radare2-5.8.4/libr/config/config.c:391
    #7 0x7f9c1e77bb37 in r_core_config_init /home/mambroz/tmp/radare2-5.8.4/libr/core/cconfig.c:3497
    #8 0x7f9c1e68aa57 in r_core_init /home/mambroz/tmp/radare2-5.8.4/libr/core/core.c:3221
    #9 0x7f9c1e68167c in r_core_new /home/mambroz/tmp/radare2-5.8.4/libr/core/core.c:926
    #10 0x7f9c1f9520b9 in r_main_radare2 /home/mambroz/tmp/radare2-5.8.4/libr/main/radare2.c:563
    #11 0x563b4d278587 in main /home/mambroz/tmp/radare2-5.8.4/binr/radare2/radare2.c:104
    #12 0x7f9c1ee8950f in __libc_start_call_main (/lib64/libc.so.6+0x2750f)

Direct leak of 1136 byte(s) in 1 object(s) allocated from:
    #0 0x7f9c1f2ba097 in calloc (/lib64/libasan.so.8+0xba097)
    #1 0x7f9c1f09af78 in r_num_new /home/mambroz/tmp/radare2-5.8.4/libr/util/unum.c:100
    #2 0x7f9c1e335b74 in r_arch_new /home/mambroz/tmp/radare2-5.8.4/libr/arch/arch.c:22
    #3 0x7f9c1d5c9883 in r_anal_new /home/mambroz/tmp/radare2-5.8.4/libr/anal/anal.c:94
    #4 0x7f9c1ee4d951 in r_egg_new /home/mambroz/tmp/radare2-5.8.4/libr/egg/egg.c:58
    #5 0x7f9c1e689d4f in r_core_init /home/mambroz/tmp/radare2-5.8.4/libr/core/core.c:3075
    #6 0x7f9c1e68167c in r_core_new /home/mambroz/tmp/radare2-5.8.4/libr/core/core.c:926
    #7 0x7f9c1f9520b9 in r_main_radare2 /home/mambroz/tmp/radare2-5.8.4/libr/main/radare2.c:563
    #8 0x563b4d278587 in main /home/mambroz/tmp/radare2-5.8.4/binr/radare2/radare2.c:104
    #9 0x7f9c1ee8950f in __libc_start_call_main (/lib64/libc.so.6+0x2750f)

Direct leak of 1136 byte(s) in 1 object(s) allocated from:
    #0 0x7f9c1f2ba097 in calloc (/lib64/libasan.so.8+0xba097)
    #1 0x7f9c1f09af78 in r_num_new /home/mambroz/tmp/radare2-5.8.4/libr/util/unum.c:100
    #2 0x7f9c1e335b74 in r_arch_new /home/mambroz/tmp/radare2-5.8.4/libr/arch/arch.c:22
    #3 0x7f9c1d5c9883 in r_anal_new /home/mambroz/tmp/radare2-5.8.4/libr/anal/anal.c:94
    #4 0x7f9c1ee4d951 in r_egg_new /home/mambroz/tmp/radare2-5.8.4/libr/egg/egg.c:58
    #5 0x7f9c1e9745a0 in r_debug_new /home/mambroz/tmp/radare2-5.8.4/libr/debug/debug.c:363
    #6 0x7f9c1e68a902 in r_core_init /home/mambroz/tmp/radare2-5.8.4/libr/core/core.c:3205
    #7 0x7f9c1e68167c in r_core_new /home/mambroz/tmp/radare2-5.8.4/libr/core/core.c:926
    #8 0x7f9c1f9520b9 in r_main_radare2 /home/mambroz/tmp/radare2-5.8.4/libr/main/radare2.c:563
    #9 0x563b4d278587 in main /home/mambroz/tmp/radare2-5.8.4/binr/radare2/radare2.c:104
    #10 0x7f9c1ee8950f in __libc_start_call_main (/lib64/libc.so.6+0x2750f)

Direct leak of 96 byte(s) in 1 object(s) allocated from:
    #0 0x7f9c1f2ba097 in calloc (/lib64/libasan.so.8+0xba097)
    #1 0x7f9c1e336c83 in r_arch_config_new /home/mambroz/tmp/radare2-5.8.4/libr/arch/arch_config.c:88
    #2 0x7f9c1ea15549 in r_asm_new /home/mambroz/tmp/radare2-5.8.4/libr/asm/asm.c:194
    #3 0x7f9c1ee4d933 in r_egg_new /home/mambroz/tmp/radare2-5.8.4/libr/egg/egg.c:54
    #4 0x7f9c1e689d4f in r_core_init /home/mambroz/tmp/radare2-5.8.4/libr/core/core.c:3075
    #5 0x7f9c1e68167c in r_core_new /home/mambroz/tmp/radare2-5.8.4/libr/core/core.c:926
    #6 0x7f9c1f9520b9 in r_main_radare2 /home/mambroz/tmp/radare2-5.8.4/libr/main/radare2.c:563
    #7 0x563b4d278587 in main /home/mambroz/tmp/radare2-5.8.4/binr/radare2/radare2.c:104
    #8 0x7f9c1ee8950f in __libc_start_call_main (/lib64/libc.so.6+0x2750f)

Direct leak of 56 byte(s) in 1 object(s) allocated from:
    #0 0x7f9c1f2ba097 in calloc (/lib64/libasan.so.8+0xba097)
    #1 0x7f9c1e337914 in r_arch_session /home/mambroz/tmp/radare2-5.8.4/libr/arch/arch_session.c:6
    #2 0x7f9c1e335ef5 in r_arch_use /home/mambroz/tmp/radare2-5.8.4/libr/arch/arch.c:88
    #3 0x7f9c1e335f3f in r_arch_use_decoder /home/mambroz/tmp/radare2-5.8.4/libr/arch/arch.c:101
    #4 0x7f9c1e772d4e in cb_archdecoder /home/mambroz/tmp/radare2-5.8.4/libr/core/cconfig.c:464
    #5 0x7f9c1f903eca in r_config_set_cb /home/mambroz/tmp/radare2-5.8.4/libr/config/config.c:391
    #6 0x7f9c1e77bc5f in r_core_config_init /home/mambroz/tmp/radare2-5.8.4/libr/core/cconfig.c:3505
    #7 0x7f9c1e68aa57 in r_core_init /home/mambroz/tmp/radare2-5.8.4/libr/core/core.c:3221
    #8 0x7f9c1e68167c in r_core_new /home/mambroz/tmp/radare2-5.8.4/libr/core/core.c:926
    #9 0x7f9c1f9520b9 in r_main_radare2 /home/mambroz/tmp/radare2-5.8.4/libr/main/radare2.c:563
    #10 0x563b4d278587 in main /home/mambroz/tmp/radare2-5.8.4/binr/radare2/radare2.c:104
    #11 0x7f9c1ee8950f in __libc_start_call_main (/lib64/libc.so.6+0x2750f)

Direct leak of 32 byte(s) in 1 object(s) allocated from:
    #0 0x7f9c1f2ba097 in calloc (/lib64/libasan.so.8+0xba097)
    #1 0x7f9c1f0ba6ce in r_list_new /home/mambroz/tmp/radare2-5.8.4/libr/util/list.c:184
    #2 0x7f9c1f0bb11e in r_list_clone /home/mambroz/tmp/radare2-5.8.4/libr/util/list.c:399
    #3 0x7f9c1de8bf2b in sections /home/mambroz/tmp/radare2-5.8.4/libr/..//libr/bin/p/bin_elf.inc:549
    #4 0x7f9c1de9083b in size /home/mambroz/tmp/radare2-5.8.4/libr/..//libr/bin/p/bin_elf.inc:1519
    #5 0x7f9c1de4160c in r_bin_object_set_items /home/mambroz/tmp/radare2-5.8.4/libr/bin/bobj.c:310
    #6 0x7f9c1de40f9a in r_bin_object_new /home/mambroz/tmp/radare2-5.8.4/libr/bin/bobj.c:186
    #7 0x7f9c1de3e389 in r_bin_file_new_from_buffer /home/mambroz/tmp/radare2-5.8.4/libr/bin/bfile.c:609
    #8 0x7f9c1de2ca32 in r_bin_open_buf /home/mambroz/tmp/radare2-5.8.4/libr/bin/bin.c:284
    #9 0x7f9c1de2cd92 in r_bin_open_io /home/mambroz/tmp/radare2-5.8.4/libr/bin/bin.c:347
    #10 0x7f9c1e76f5e1 in r_core_file_do_load_for_io_plugin /home/mambroz/tmp/radare2-5.8.4/libr/core/cfile.c:437
    #11 0x7f9c1e76fe06 in r_core_bin_load /home/mambroz/tmp/radare2-5.8.4/libr/core/cfile.c:647
    #12 0x7f9c1f951d6b in binload /home/mambroz/tmp/radare2-5.8.4/libr/main/radare2.c:469
    #13 0x7f9c1f955600 in r_main_radare2 /home/mambroz/tmp/radare2-5.8.4/libr/main/radare2.c:1390
    #14 0x563b4d278587 in main /home/mambroz/tmp/radare2-5.8.4/binr/radare2/radare2.c:104
    #15 0x7f9c1ee8950f in __libc_start_call_main (/lib64/libc.so.6+0x2750f)

Direct leak of 32 byte(s) in 1 object(s) allocated from:
    #0 0x7f9c1f2ba097 in calloc (/lib64/libasan.so.8+0xba097)
    #1 0x7f9c1f0ba6ce in r_list_new /home/mambroz/tmp/radare2-5.8.4/libr/util/list.c:184
    #2 0x7f9c1f0ba703 in r_list_newf /home/mambroz/tmp/radare2-5.8.4/libr/util/list.c:193
    #3 0x7f9c1de8b793 in sections /home/mambroz/tmp/radare2-5.8.4/libr/..//libr/bin/p/bin_elf.inc:420
    #4 0x7f9c1de9083b in size /home/mambroz/tmp/radare2-5.8.4/libr/..//libr/bin/p/bin_elf.inc:1519
    #5 0x7f9c1de4160c in r_bin_object_set_items /home/mambroz/tmp/radare2-5.8.4/libr/bin/bobj.c:310
    #6 0x7f9c1de40f9a in r_bin_object_new /home/mambroz/tmp/radare2-5.8.4/libr/bin/bobj.c:186
    #7 0x7f9c1de3e389 in r_bin_file_new_from_buffer /home/mambroz/tmp/radare2-5.8.4/libr/bin/bfile.c:609
    #8 0x7f9c1de2ca32 in r_bin_open_buf /home/mambroz/tmp/radare2-5.8.4/libr/bin/bin.c:284
    #9 0x7f9c1de2cd92 in r_bin_open_io /home/mambroz/tmp/radare2-5.8.4/libr/bin/bin.c:347
    #10 0x7f9c1e76f5e1 in r_core_file_do_load_for_io_plugin /home/mambroz/tmp/radare2-5.8.4/libr/core/cfile.c:437
    #11 0x7f9c1e76fe06 in r_core_bin_load /home/mambroz/tmp/radare2-5.8.4/libr/core/cfile.c:647
    #12 0x7f9c1f951d6b in binload /home/mambroz/tmp/radare2-5.8.4/libr/main/radare2.c:469
    #13 0x7f9c1f955600 in r_main_radare2 /home/mambroz/tmp/radare2-5.8.4/libr/main/radare2.c:1390
    #14 0x563b4d278587 in main /home/mambroz/tmp/radare2-5.8.4/binr/radare2/radare2.c:104
    #15 0x7f9c1ee8950f in __libc_start_call_main (/lib64/libc.so.6+0x2750f)

Direct leak of 1 byte(s) in 1 object(s) allocated from:
    #0 0x7f9c1f27243b in strdup (/lib64/libasan.so.8+0x7243b)
    #1 0x7f9c1e775aa4 in cb_codevar /home/mambroz/tmp/radare2-5.8.4/libr/core/cconfig.c:1412
    #2 0x7f9c1f903eca in r_config_set_cb /home/mambroz/tmp/radare2-5.8.4/libr/config/config.c:391
    #3 0x7f9c1e77ef83 in r_core_config_init /home/mambroz/tmp/radare2-5.8.4/libr/core/cconfig.c:3796
    #4 0x7f9c1e68aa57 in r_core_init /home/mambroz/tmp/radare2-5.8.4/libr/core/core.c:3221
    #5 0x7f9c1e68167c in r_core_new /home/mambroz/tmp/radare2-5.8.4/libr/core/core.c:926
    #6 0x7f9c1f9520b9 in r_main_radare2 /home/mambroz/tmp/radare2-5.8.4/libr/main/radare2.c:563
    #7 0x563b4d278587 in main /home/mambroz/tmp/radare2-5.8.4/binr/radare2/radare2.c:104
    #8 0x7f9c1ee8950f in __libc_start_call_main (/lib64/libc.so.6+0x2750f)

Indirect leak of 3680 byte(s) in 46 object(s) allocated from:
    #0 0x7f9c1f2ba097 in calloc (/lib64/libasan.so.8+0xba097)
    #1 0x7f9c1de3137c in r_bin_section_clone /home/mambroz/tmp/radare2-5.8.4/libr/bin/bin.c:1424
    #2 0x7f9c1f0bb16f in r_list_clone /home/mambroz/tmp/radare2-5.8.4/libr/util/list.c:406
    #3 0x7f9c1de8bf2b in sections /home/mambroz/tmp/radare2-5.8.4/libr/..//libr/bin/p/bin_elf.inc:549
    #4 0x7f9c1de9083b in size /home/mambroz/tmp/radare2-5.8.4/libr/..//libr/bin/p/bin_elf.inc:1519
    #5 0x7f9c1de4160c in r_bin_object_set_items /home/mambroz/tmp/radare2-5.8.4/libr/bin/bobj.c:310
    #6 0x7f9c1de40f9a in r_bin_object_new /home/mambroz/tmp/radare2-5.8.4/libr/bin/bobj.c:186
    #7 0x7f9c1de3e389 in r_bin_file_new_from_buffer /home/mambroz/tmp/radare2-5.8.4/libr/bin/bfile.c:609
    #8 0x7f9c1de2ca32 in r_bin_open_buf /home/mambroz/tmp/radare2-5.8.4/libr/bin/bin.c:284
    #9 0x7f9c1de2cd92 in r_bin_open_io /home/mambroz/tmp/radare2-5.8.4/libr/bin/bin.c:347
    #10 0x7f9c1e76f5e1 in r_core_file_do_load_for_io_plugin /home/mambroz/tmp/radare2-5.8.4/libr/core/cfile.c:437
    #11 0x7f9c1e76fe06 in r_core_bin_load /home/mambroz/tmp/radare2-5.8.4/libr/core/cfile.c:647
    #12 0x7f9c1f951d6b in binload /home/mambroz/tmp/radare2-5.8.4/libr/main/radare2.c:469
    #13 0x7f9c1f955600 in r_main_radare2 /home/mambroz/tmp/radare2-5.8.4/libr/main/radare2.c:1390
    #14 0x563b4d278587 in main /home/mambroz/tmp/radare2-5.8.4/binr/radare2/radare2.c:104
    #15 0x7f9c1ee8950f in __libc_start_call_main (/lib64/libc.so.6+0x2750f)

Indirect leak of 1104 byte(s) in 46 object(s) allocated from:
    #0 0x7f9c1f2ba097 in calloc (/lib64/libasan.so.8+0xba097)
    #1 0x7f9c1f0ba73b in r_list_item_new /home/mambroz/tmp/radare2-5.8.4/libr/util/list.c:201
    #2 0x7f9c1f0ba7be in r_list_append /home/mambroz/tmp/radare2-5.8.4/libr/util/list.c:211
    #3 0x7f9c1f0bb181 in r_list_clone /home/mambroz/tmp/radare2-5.8.4/libr/util/list.c:406
    #4 0x7f9c1de8bf2b in sections /home/mambroz/tmp/radare2-5.8.4/libr/..//libr/bin/p/bin_elf.inc:549
    #5 0x7f9c1de9083b in size /home/mambroz/tmp/radare2-5.8.4/libr/..//libr/bin/p/bin_elf.inc:1519
    #6 0x7f9c1de4160c in r_bin_object_set_items /home/mambroz/tmp/radare2-5.8.4/libr/bin/bobj.c:310
    #7 0x7f9c1de40f9a in r_bin_object_new /home/mambroz/tmp/radare2-5.8.4/libr/bin/bobj.c:186
    #8 0x7f9c1de3e389 in r_bin_file_new_from_buffer /home/mambroz/tmp/radare2-5.8.4/libr/bin/bfile.c:609
    #9 0x7f9c1de2ca32 in r_bin_open_buf /home/mambroz/tmp/radare2-5.8.4/libr/bin/bin.c:284
    #10 0x7f9c1de2cd92 in r_bin_open_io /home/mambroz/tmp/radare2-5.8.4/libr/bin/bin.c:347
    #11 0x7f9c1e76f5e1 in r_core_file_do_load_for_io_plugin /home/mambroz/tmp/radare2-5.8.4/libr/core/cfile.c:437
    #12 0x7f9c1e76fe06 in r_core_bin_load /home/mambroz/tmp/radare2-5.8.4/libr/core/cfile.c:647
    #13 0x7f9c1f951d6b in binload /home/mambroz/tmp/radare2-5.8.4/libr/main/radare2.c:469
    #14 0x7f9c1f955600 in r_main_radare2 /home/mambroz/tmp/radare2-5.8.4/libr/main/radare2.c:1390
    #15 0x563b4d278587 in main /home/mambroz/tmp/radare2-5.8.4/binr/radare2/radare2.c:104
    #16 0x7f9c1ee8950f in __libc_start_call_main (/lib64/libc.so.6+0x2750f)

Indirect leak of 593 byte(s) in 136 object(s) allocated from:
    #0 0x7f9c1f27243b in strdup (/lib64/libasan.so.8+0x7243b)
    #1 0x7f9c1ee42ac1 in parse_def /home/mambroz/tmp/radare2-5.8.4/libr/reg/profile.c:70
    #2 0x7f9c1ee43389 in r_reg_set_profile_string /home/mambroz/tmp/radare2-5.8.4/libr/reg/profile.c:239
    #3 0x7f9c1d5ca5bc in r_anal_set_reg_profile /home/mambroz/tmp/radare2-5.8.4/libr/anal/anal.c:308
    #4 0x7f9c1e774800 in cb_asmbits /home/mambroz/tmp/radare2-5.8.4/libr/core/cconfig.c:972
    #5 0x7f9c1f904bab in r_config_set_i /home/mambroz/tmp/radare2-5.8.4/libr/config/config.c:614
    #6 0x7f9c1e68aa82 in r_core_init /home/mambroz/tmp/radare2-5.8.4/libr/core/core.c:3231
    #7 0x7f9c1e68167c in r_core_new /home/mambroz/tmp/radare2-5.8.4/libr/core/core.c:926
    #8 0x7f9c1f9520b9 in r_main_radare2 /home/mambroz/tmp/radare2-5.8.4/libr/main/radare2.c:563
    #9 0x563b4d278587 in main /home/mambroz/tmp/radare2-5.8.4/binr/radare2/radare2.c:104
    #10 0x7f9c1ee8950f in __libc_start_call_main (/lib64/libc.so.6+0x2750f)

Indirect leak of 442 byte(s) in 46 object(s) allocated from:
    #0 0x7f9c1f27243b in strdup (/lib64/libasan.so.8+0x7243b)
    #1 0x7f9c1de313ba in r_bin_section_clone /home/mambroz/tmp/radare2-5.8.4/libr/bin/bin.c:1427
    #2 0x7f9c1f0bb16f in r_list_clone /home/mambroz/tmp/radare2-5.8.4/libr/util/list.c:406
    #3 0x7f9c1de8bf2b in sections /home/mambroz/tmp/radare2-5.8.4/libr/..//libr/bin/p/bin_elf.inc:549
    #4 0x7f9c1de9083b in size /home/mambroz/tmp/radare2-5.8.4/libr/..//libr/bin/p/bin_elf.inc:1519
    #5 0x7f9c1de4160c in r_bin_object_set_items /home/mambroz/tmp/radare2-5.8.4/libr/bin/bobj.c:310
    #6 0x7f9c1de40f9a in r_bin_object_new /home/mambroz/tmp/radare2-5.8.4/libr/bin/bobj.c:186
    #7 0x7f9c1de3e389 in r_bin_file_new_from_buffer /home/mambroz/tmp/radare2-5.8.4/libr/bin/bfile.c:609
    #8 0x7f9c1de2ca32 in r_bin_open_buf /home/mambroz/tmp/radare2-5.8.4/libr/bin/bin.c:284
    #9 0x7f9c1de2cd92 in r_bin_open_io /home/mambroz/tmp/radare2-5.8.4/libr/bin/bin.c:347
    #10 0x7f9c1e76f5e1 in r_core_file_do_load_for_io_plugin /home/mambroz/tmp/radare2-5.8.4/libr/core/cfile.c:437
    #11 0x7f9c1e76fe06 in r_core_bin_load /home/mambroz/tmp/radare2-5.8.4/libr/core/cfile.c:647
    #12 0x7f9c1f951d6b in binload /home/mambroz/tmp/radare2-5.8.4/libr/main/radare2.c:469
    #13 0x7f9c1f955600 in r_main_radare2 /home/mambroz/tmp/radare2-5.8.4/libr/main/radare2.c:1390
    #14 0x563b4d278587 in main /home/mambroz/tmp/radare2-5.8.4/binr/radare2/radare2.c:104
    #15 0x7f9c1ee8950f in __libc_start_call_main (/lib64/libc.so.6+0x2750f)

Indirect leak of 359 byte(s) in 83 object(s) allocated from:
    #0 0x7f9c1f27243b in strdup (/lib64/libasan.so.8+0x7243b)
    #1 0x7f9c1ee42ac1 in parse_def /home/mambroz/tmp/radare2-5.8.4/libr/reg/profile.c:70
    #2 0x7f9c1ee43389 in r_reg_set_profile_string /home/mambroz/tmp/radare2-5.8.4/libr/reg/profile.c:239
    #3 0x7f9c1e978d7a in r_debug_use /home/mambroz/tmp/radare2-5.8.4/libr/debug/plugin.c:36
    #4 0x7f9c1e776fac in cb_dbgbackend /home/mambroz/tmp/radare2-5.8.4/libr/core/cconfig.c:1875
    #5 0x7f9c1f903eca in r_config_set_cb /home/mambroz/tmp/radare2-5.8.4/libr/config/config.c:391
    #6 0x7f9c1e78049b in r_core_config_init /home/mambroz/tmp/radare2-5.8.4/libr/core/cconfig.c:3942
    #7 0x7f9c1e68aa57 in r_core_init /home/mambroz/tmp/radare2-5.8.4/libr/core/core.c:3221
    #8 0x7f9c1e68167c in r_core_new /home/mambroz/tmp/radare2-5.8.4/libr/core/core.c:926
    #9 0x7f9c1f9520b9 in r_main_radare2 /home/mambroz/tmp/radare2-5.8.4/libr/main/radare2.c:563
    #10 0x563b4d278587 in main /home/mambroz/tmp/radare2-5.8.4/binr/radare2/radare2.c:104
    #11 0x7f9c1ee8950f in __libc_start_call_main (/lib64/libc.so.6+0x2750f)

Indirect leak of 336 byte(s) in 77 object(s) allocated from:
    #0 0x7f9c1f27243b in strdup (/lib64/libasan.so.8+0x7243b)
    #1 0x7f9c1ee42ac1 in parse_def /home/mambroz/tmp/radare2-5.8.4/libr/reg/profile.c:70
    #2 0x7f9c1ee43389 in r_reg_set_profile_string /home/mambroz/tmp/radare2-5.8.4/libr/reg/profile.c:239
    #3 0x7f9c1d5ca5bc in r_anal_set_reg_profile /home/mambroz/tmp/radare2-5.8.4/libr/anal/anal.c:308
    #4 0x7f9c1d5ca292 in r_anal_use /home/mambroz/tmp/radare2-5.8.4/libr/anal/anal.c:244
    #5 0x7f9c1e7729c9 in cb_analarch /home/mambroz/tmp/radare2-5.8.4/libr/core/cconfig.c:418
    #6 0x7f9c1f903eca in r_config_set_cb /home/mambroz/tmp/radare2-5.8.4/libr/config/config.c:391
    #7 0x7f9c1e77bb37 in r_core_config_init /home/mambroz/tmp/radare2-5.8.4/libr/core/cconfig.c:3497
    #8 0x7f9c1e68aa57 in r_core_init /home/mambroz/tmp/radare2-5.8.4/libr/core/core.c:3221
    #9 0x7f9c1e68167c in r_core_new /home/mambroz/tmp/radare2-5.8.4/libr/core/core.c:926
    #10 0x7f9c1f9520b9 in r_main_radare2 /home/mambroz/tmp/radare2-5.8.4/libr/main/radare2.c:563
    #11 0x563b4d278587 in main /home/mambroz/tmp/radare2-5.8.4/binr/radare2/radare2.c:104
    #12 0x7f9c1ee8950f in __libc_start_call_main (/lib64/libc.so.6+0x2750f)

Indirect leak of 100 byte(s) in 11 object(s) allocated from:
    #0 0x7f9c1f27243b in strdup (/lib64/libasan.so.8+0x7243b)
    #1 0x7f9c1ee42e33 in parse_def /home/mambroz/tmp/radare2-5.8.4/libr/reg/profile.c:121
    #2 0x7f9c1ee43389 in r_reg_set_profile_string /home/mambroz/tmp/radare2-5.8.4/libr/reg/profile.c:239
    #3 0x7f9c1e978d7a in r_debug_use /home/mambroz/tmp/radare2-5.8.4/libr/debug/plugin.c:36
    #4 0x7f9c1e776fac in cb_dbgbackend /home/mambroz/tmp/radare2-5.8.4/libr/core/cconfig.c:1875
    #5 0x7f9c1f903eca in r_config_set_cb /home/mambroz/tmp/radare2-5.8.4/libr/config/config.c:391
    #6 0x7f9c1e78049b in r_core_config_init /home/mambroz/tmp/radare2-5.8.4/libr/core/cconfig.c:3942
    #7 0x7f9c1e68aa57 in r_core_init /home/mambroz/tmp/radare2-5.8.4/libr/core/core.c:3221
    #8 0x7f9c1e68167c in r_core_new /home/mambroz/tmp/radare2-5.8.4/libr/core/core.c:926
    #9 0x7f9c1f9520b9 in r_main_radare2 /home/mambroz/tmp/radare2-5.8.4/libr/main/radare2.c:563
    #10 0x563b4d278587 in main /home/mambroz/tmp/radare2-5.8.4/binr/radare2/radare2.c:104
    #11 0x7f9c1ee8950f in __libc_start_call_main (/lib64/libc.so.6+0x2750f)

Indirect leak of 100 byte(s) in 11 object(s) allocated from:
    #0 0x7f9c1f27243b in strdup (/lib64/libasan.so.8+0x7243b)
    #1 0x7f9c1ee42e33 in parse_def /home/mambroz/tmp/radare2-5.8.4/libr/reg/profile.c:121
    #2 0x7f9c1ee43389 in r_reg_set_profile_string /home/mambroz/tmp/radare2-5.8.4/libr/reg/profile.c:239
    #3 0x7f9c1d5ca5bc in r_anal_set_reg_profile /home/mambroz/tmp/radare2-5.8.4/libr/anal/anal.c:308
    #4 0x7f9c1e774800 in cb_asmbits /home/mambroz/tmp/radare2-5.8.4/libr/core/cconfig.c:972
    #5 0x7f9c1f904bab in r_config_set_i /home/mambroz/tmp/radare2-5.8.4/libr/config/config.c:614
    #6 0x7f9c1e68aa82 in r_core_init /home/mambroz/tmp/radare2-5.8.4/libr/core/core.c:3231
    #7 0x7f9c1e68167c in r_core_new /home/mambroz/tmp/radare2-5.8.4/libr/core/core.c:926
    #8 0x7f9c1f9520b9 in r_main_radare2 /home/mambroz/tmp/radare2-5.8.4/libr/main/radare2.c:563
    #9 0x563b4d278587 in main /home/mambroz/tmp/radare2-5.8.4/binr/radare2/radare2.c:104
    #10 0x7f9c1ee8950f in __libc_start_call_main (/lib64/libc.so.6+0x2750f)

Indirect leak of 96 byte(s) in 1 object(s) allocated from:
    #0 0x7f9c1f2ba097 in calloc (/lib64/libasan.so.8+0xba097)
    #1 0x7f9c1e336b95 in r_arch_config_clone /home/mambroz/tmp/radare2-5.8.4/libr/arch/arch_config.c:76
    #2 0x7f9c1e335f24 in r_arch_use_decoder /home/mambroz/tmp/radare2-5.8.4/libr/arch/arch.c:100
    #3 0x7f9c1e772d4e in cb_archdecoder /home/mambroz/tmp/radare2-5.8.4/libr/core/cconfig.c:464
    #4 0x7f9c1f903eca in r_config_set_cb /home/mambroz/tmp/radare2-5.8.4/libr/config/config.c:391
    #5 0x7f9c1e77bc5f in r_core_config_init /home/mambroz/tmp/radare2-5.8.4/libr/core/cconfig.c:3505
    #6 0x7f9c1e68aa57 in r_core_init /home/mambroz/tmp/radare2-5.8.4/libr/core/core.c:3221
    #7 0x7f9c1e68167c in r_core_new /home/mambroz/tmp/radare2-5.8.4/libr/core/core.c:926
    #8 0x7f9c1f9520b9 in r_main_radare2 /home/mambroz/tmp/radare2-5.8.4/libr/main/radare2.c:563
    #9 0x563b4d278587 in main /home/mambroz/tmp/radare2-5.8.4/binr/radare2/radare2.c:104
    #10 0x7f9c1ee8950f in __libc_start_call_main (/lib64/libc.so.6+0x2750f)

Indirect leak of 61 byte(s) in 7 object(s) allocated from:
    #0 0x7f9c1f27243b in strdup (/lib64/libasan.so.8+0x7243b)
    #1 0x7f9c1de313e8 in r_bin_section_clone /home/mambroz/tmp/radare2-5.8.4/libr/bin/bin.c:1428
    #2 0x7f9c1f0bb16f in r_list_clone /home/mambroz/tmp/radare2-5.8.4/libr/util/list.c:406
    #3 0x7f9c1de8bf2b in sections /home/mambroz/tmp/radare2-5.8.4/libr/..//libr/bin/p/bin_elf.inc:549
    #4 0x7f9c1de9083b in size /home/mambroz/tmp/radare2-5.8.4/libr/..//libr/bin/p/bin_elf.inc:1519
    #5 0x7f9c1de4160c in r_bin_object_set_items /home/mambroz/tmp/radare2-5.8.4/libr/bin/bobj.c:310
    #6 0x7f9c1de40f9a in r_bin_object_new /home/mambroz/tmp/radare2-5.8.4/libr/bin/bobj.c:186
    #7 0x7f9c1de3e389 in r_bin_file_new_from_buffer /home/mambroz/tmp/radare2-5.8.4/libr/bin/bfile.c:609
    #8 0x7f9c1de2ca32 in r_bin_open_buf /home/mambroz/tmp/radare2-5.8.4/libr/bin/bin.c:284
    #9 0x7f9c1de2cd92 in r_bin_open_io /home/mambroz/tmp/radare2-5.8.4/libr/bin/bin.c:347
    #10 0x7f9c1e76f5e1 in r_core_file_do_load_for_io_plugin /home/mambroz/tmp/radare2-5.8.4/libr/core/cfile.c:437
    #11 0x7f9c1e76fe06 in r_core_bin_load /home/mambroz/tmp/radare2-5.8.4/libr/core/cfile.c:647
    #12 0x7f9c1f951d6b in binload /home/mambroz/tmp/radare2-5.8.4/libr/main/radare2.c:469
    #13 0x7f9c1f955600 in r_main_radare2 /home/mambroz/tmp/radare2-5.8.4/libr/main/radare2.c:1390
    #14 0x563b4d278587 in main /home/mambroz/tmp/radare2-5.8.4/binr/radare2/radare2.c:104
    #15 0x7f9c1ee8950f in __libc_start_call_main (/lib64/libc.so.6+0x2750f)

Indirect leak of 40 byte(s) in 1 object(s) allocated from:
    #0 0x7f9c1f2ba097 in calloc (/lib64/libasan.so.8+0xba097)
    #1 0x7f9c1de8aca6 in dtproceed /home/mambroz/tmp/radare2-5.8.4/libr/..//libr/bin/p/bin_elf.inc:212
    #2 0x7f9c1de8b0db in parse_pt_dynamic /home/mambroz/tmp/radare2-5.8.4/libr/..//libr/bin/p/bin_elf.inc:289
    #3 0x7f9c1de8ba67 in sections /home/mambroz/tmp/radare2-5.8.4/libr/..//libr/bin/p/bin_elf.inc:439
    #4 0x7f9c1de9083b in size /home/mambroz/tmp/radare2-5.8.4/libr/..//libr/bin/p/bin_elf.inc:1519
    #5 0x7f9c1de4160c in r_bin_object_set_items /home/mambroz/tmp/radare2-5.8.4/libr/bin/bobj.c:310
    #6 0x7f9c1de40f9a in r_bin_object_new /home/mambroz/tmp/radare2-5.8.4/libr/bin/bobj.c:186
    #7 0x7f9c1de3e389 in r_bin_file_new_from_buffer /home/mambroz/tmp/radare2-5.8.4/libr/bin/bfile.c:609
    #8 0x7f9c1de2ca32 in r_bin_open_buf /home/mambroz/tmp/radare2-5.8.4/libr/bin/bin.c:284
    #9 0x7f9c1de2cd92 in r_bin_open_io /home/mambroz/tmp/radare2-5.8.4/libr/bin/bin.c:347
    #10 0x7f9c1e76f5e1 in r_core_file_do_load_for_io_plugin /home/mambroz/tmp/radare2-5.8.4/libr/core/cfile.c:437
    #11 0x7f9c1e76fe06 in r_core_bin_load /home/mambroz/tmp/radare2-5.8.4/libr/core/cfile.c:647
    #12 0x7f9c1f951d6b in binload /home/mambroz/tmp/radare2-5.8.4/libr/main/radare2.c:469
    #13 0x7f9c1f955600 in r_main_radare2 /home/mambroz/tmp/radare2-5.8.4/libr/main/radare2.c:1390
    #14 0x563b4d278587 in main /home/mambroz/tmp/radare2-5.8.4/binr/radare2/radare2.c:104
    #15 0x7f9c1ee8950f in __libc_start_call_main (/lib64/libc.so.6+0x2750f)

Indirect leak of 40 byte(s) in 1 object(s) allocated from:
    #0 0x7f9c1f2ba097 in calloc (/lib64/libasan.so.8+0xba097)
    #1 0x7f9c1de8aca6 in dtproceed /home/mambroz/tmp/radare2-5.8.4/libr/..//libr/bin/p/bin_elf.inc:212
    #2 0x7f9c1de8afcb in parse_pt_dynamic /home/mambroz/tmp/radare2-5.8.4/libr/..//libr/bin/p/bin_elf.inc:271
    #3 0x7f9c1de8ba67 in sections /home/mambroz/tmp/radare2-5.8.4/libr/..//libr/bin/p/bin_elf.inc:439
    #4 0x7f9c1de9083b in size /home/mambroz/tmp/radare2-5.8.4/libr/..//libr/bin/p/bin_elf.inc:1519
    #5 0x7f9c1de4160c in r_bin_object_set_items /home/mambroz/tmp/radare2-5.8.4/libr/bin/bobj.c:310
    #6 0x7f9c1de40f9a in r_bin_object_new /home/mambroz/tmp/radare2-5.8.4/libr/bin/bobj.c:186
    #7 0x7f9c1de3e389 in r_bin_file_new_from_buffer /home/mambroz/tmp/radare2-5.8.4/libr/bin/bfile.c:609
    #8 0x7f9c1de2ca32 in r_bin_open_buf /home/mambroz/tmp/radare2-5.8.4/libr/bin/bin.c:284
    #9 0x7f9c1de2cd92 in r_bin_open_io /home/mambroz/tmp/radare2-5.8.4/libr/bin/bin.c:347
    #10 0x7f9c1e76f5e1 in r_core_file_do_load_for_io_plugin /home/mambroz/tmp/radare2-5.8.4/libr/core/cfile.c:437
    #11 0x7f9c1e76fe06 in r_core_bin_load /home/mambroz/tmp/radare2-5.8.4/libr/core/cfile.c:647
    #12 0x7f9c1f951d6b in binload /home/mambroz/tmp/radare2-5.8.4/libr/main/radare2.c:469
    #13 0x7f9c1f955600 in r_main_radare2 /home/mambroz/tmp/radare2-5.8.4/libr/main/radare2.c:1390
    #14 0x563b4d278587 in main /home/mambroz/tmp/radare2-5.8.4/binr/radare2/radare2.c:104
    #15 0x7f9c1ee8950f in __libc_start_call_main (/lib64/libc.so.6+0x2750f)

Indirect leak of 24 byte(s) in 1 object(s) allocated from:
    #0 0x7f9c1f2ba097 in calloc (/lib64/libasan.so.8+0xba097)
    #1 0x7f9c1f0ba73b in r_list_item_new /home/mambroz/tmp/radare2-5.8.4/libr/util/list.c:201
    #2 0x7f9c1f0ba7be in r_list_append /home/mambroz/tmp/radare2-5.8.4/libr/util/list.c:211
    #3 0x7f9c1de8ad16 in dtproceed /home/mambroz/tmp/radare2-5.8.4/libr/..//libr/bin/p/bin_elf.inc:220
    #4 0x7f9c1de8b0db in parse_pt_dynamic /home/mambroz/tmp/radare2-5.8.4/libr/..//libr/bin/p/bin_elf.inc:289
    #5 0x7f9c1de8ba67 in sections /home/mambroz/tmp/radare2-5.8.4/libr/..//libr/bin/p/bin_elf.inc:439
    #6 0x7f9c1de9083b in size /home/mambroz/tmp/radare2-5.8.4/libr/..//libr/bin/p/bin_elf.inc:1519
    #7 0x7f9c1de4160c in r_bin_object_set_items /home/mambroz/tmp/radare2-5.8.4/libr/bin/bobj.c:310
    #8 0x7f9c1de40f9a in r_bin_object_new /home/mambroz/tmp/radare2-5.8.4/libr/bin/bobj.c:186
    #9 0x7f9c1de3e389 in r_bin_file_new_from_buffer /home/mambroz/tmp/radare2-5.8.4/libr/bin/bfile.c:609
    #10 0x7f9c1de2ca32 in r_bin_open_buf /home/mambroz/tmp/radare2-5.8.4/libr/bin/bin.c:284
    #11 0x7f9c1de2cd92 in r_bin_open_io /home/mambroz/tmp/radare2-5.8.4/libr/bin/bin.c:347
    #12 0x7f9c1e76f5e1 in r_core_file_do_load_for_io_plugin /home/mambroz/tmp/radare2-5.8.4/libr/core/cfile.c:437
    #13 0x7f9c1e76fe06 in r_core_bin_load /home/mambroz/tmp/radare2-5.8.4/libr/core/cfile.c:647
    #14 0x7f9c1f951d6b in binload /home/mambroz/tmp/radare2-5.8.4/libr/main/radare2.c:469
    #15 0x7f9c1f955600 in r_main_radare2 /home/mambroz/tmp/radare2-5.8.4/libr/main/radare2.c:1390
    #16 0x563b4d278587 in main /home/mambroz/tmp/radare2-5.8.4/binr/radare2/radare2.c:104
    #17 0x7f9c1ee8950f in __libc_start_call_main (/lib64/libc.so.6+0x2750f)

Indirect leak of 24 byte(s) in 1 object(s) allocated from:
    #0 0x7f9c1f2ba097 in calloc (/lib64/libasan.so.8+0xba097)
    #1 0x7f9c1f0ba73b in r_list_item_new /home/mambroz/tmp/radare2-5.8.4/libr/util/list.c:201
    #2 0x7f9c1f0ba7be in r_list_append /home/mambroz/tmp/radare2-5.8.4/libr/util/list.c:211
    #3 0x7f9c1de8ad16 in dtproceed /home/mambroz/tmp/radare2-5.8.4/libr/..//libr/bin/p/bin_elf.inc:220
    #4 0x7f9c1de8afcb in parse_pt_dynamic /home/mambroz/tmp/radare2-5.8.4/libr/..//libr/bin/p/bin_elf.inc:271
    #5 0x7f9c1de8ba67 in sections /home/mambroz/tmp/radare2-5.8.4/libr/..//libr/bin/p/bin_elf.inc:439
    #6 0x7f9c1de9083b in size /home/mambroz/tmp/radare2-5.8.4/libr/..//libr/bin/p/bin_elf.inc:1519
    #7 0x7f9c1de4160c in r_bin_object_set_items /home/mambroz/tmp/radare2-5.8.4/libr/bin/bobj.c:310
    #8 0x7f9c1de40f9a in r_bin_object_new /home/mambroz/tmp/radare2-5.8.4/libr/bin/bobj.c:186
    #9 0x7f9c1de3e389 in r_bin_file_new_from_buffer /home/mambroz/tmp/radare2-5.8.4/libr/bin/bfile.c:609
    #10 0x7f9c1de2ca32 in r_bin_open_buf /home/mambroz/tmp/radare2-5.8.4/libr/bin/bin.c:284
    #11 0x7f9c1de2cd92 in r_bin_open_io /home/mambroz/tmp/radare2-5.8.4/libr/bin/bin.c:347
    #12 0x7f9c1e76f5e1 in r_core_file_do_load_for_io_plugin /home/mambroz/tmp/radare2-5.8.4/libr/core/cfile.c:437
    #13 0x7f9c1e76fe06 in r_core_bin_load /home/mambroz/tmp/radare2-5.8.4/libr/core/cfile.c:647
    #14 0x7f9c1f951d6b in binload /home/mambroz/tmp/radare2-5.8.4/libr/main/radare2.c:469
    #15 0x7f9c1f955600 in r_main_radare2 /home/mambroz/tmp/radare2-5.8.4/libr/main/radare2.c:1390
    #16 0x563b4d278587 in main /home/mambroz/tmp/radare2-5.8.4/binr/radare2/radare2.c:104
    #17 0x7f9c1ee8950f in __libc_start_call_main (/lib64/libc.so.6+0x2750f)

Indirect leak of 18 byte(s) in 1 object(s) allocated from:
    #0 0x7f9c1f27243b in strdup (/lib64/libasan.so.8+0x7243b)
    #1 0x7f9c1ee42e33 in parse_def /home/mambroz/tmp/radare2-5.8.4/libr/reg/profile.c:121
    #2 0x7f9c1ee43389 in r_reg_set_profile_string /home/mambroz/tmp/radare2-5.8.4/libr/reg/profile.c:239
    #3 0x7f9c1d5ca5bc in r_anal_set_reg_profile /home/mambroz/tmp/radare2-5.8.4/libr/anal/anal.c:308
    #4 0x7f9c1d5ca292 in r_anal_use /home/mambroz/tmp/radare2-5.8.4/libr/anal/anal.c:244
    #5 0x7f9c1e7729c9 in cb_analarch /home/mambroz/tmp/radare2-5.8.4/libr/core/cconfig.c:418
    #6 0x7f9c1f903eca in r_config_set_cb /home/mambroz/tmp/radare2-5.8.4/libr/config/config.c:391
    #7 0x7f9c1e77bb37 in r_core_config_init /home/mambroz/tmp/radare2-5.8.4/libr/core/cconfig.c:3497
    #8 0x7f9c1e68aa57 in r_core_init /home/mambroz/tmp/radare2-5.8.4/libr/core/core.c:3221
    #9 0x7f9c1e68167c in r_core_new /home/mambroz/tmp/radare2-5.8.4/libr/core/core.c:926
    #10 0x7f9c1f9520b9 in r_main_radare2 /home/mambroz/tmp/radare2-5.8.4/libr/main/radare2.c:563
    #11 0x563b4d278587 in main /home/mambroz/tmp/radare2-5.8.4/binr/radare2/radare2.c:104
    #12 0x7f9c1ee8950f in __libc_start_call_main (/lib64/libc.so.6+0x2750f)

Indirect leak of 6 byte(s) in 1 object(s) allocated from:
    #0 0x7f9c1f27243b in strdup (/lib64/libasan.so.8+0x7243b)
    #1 0x7f9c1d5ca6c9 in r_anal_set_triplet /home/mambroz/tmp/radare2-5.8.4/libr/anal/anal.c:328
    #2 0x7f9c1d5ca8d6 in r_anal_set_os /home/mambroz/tmp/radare2-5.8.4/libr/anal/anal.c:365
    #3 0x7f9c1e774dd1 in cb_asmos /home/mambroz/tmp/radare2-5.8.4/libr/core/cconfig.c:1110
    #4 0x7f9c1f904501 in r_config_set /home/mambroz/tmp/radare2-5.8.4/libr/config/config.c:493
    #5 0x7f9c1e7b1acb in bin_info /home/mambroz/tmp/radare2-5.8.4/libr/core/cbin.c:880
    #6 0x7f9c1e7bfaf7 in r_core_bin_info /home/mambroz/tmp/radare2-5.8.4/libr/core/cbin.c:4397
    #7 0x7f9c1e7afe19 in r_core_bin_set_env /home/mambroz/tmp/radare2-5.8.4/libr/core/cbin.c:358
    #8 0x7f9c1e76f61e in r_core_file_do_load_for_io_plugin /home/mambroz/tmp/radare2-5.8.4/libr/core/cfile.c:442
    #9 0x7f9c1e76fe06 in r_core_bin_load /home/mambroz/tmp/radare2-5.8.4/libr/core/cfile.c:647
    #10 0x7f9c1f951d6b in binload /home/mambroz/tmp/radare2-5.8.4/libr/main/radare2.c:469
    #11 0x7f9c1f955600 in r_main_radare2 /home/mambroz/tmp/radare2-5.8.4/libr/main/radare2.c:1390
    #12 0x563b4d278587 in main /home/mambroz/tmp/radare2-5.8.4/binr/radare2/radare2.c:104
    #13 0x7f9c1ee8950f in __libc_start_call_main (/lib64/libc.so.6+0x2750f)

Indirect leak of 4 byte(s) in 1 object(s) allocated from:
    #0 0x7f9c1f27243b in strdup (/lib64/libasan.so.8+0x7243b)
    #1 0x7f9c1e33697e in r_arch_config_use /home/mambroz/tmp/radare2-5.8.4/libr/arch/arch_config.c:29
    #2 0x7f9c1d5ca281 in r_anal_use /home/mambroz/tmp/radare2-5.8.4/libr/anal/anal.c:243
    #3 0x7f9c1e7729c9 in cb_analarch /home/mambroz/tmp/radare2-5.8.4/libr/core/cconfig.c:418
    #4 0x7f9c1f904501 in r_config_set /home/mambroz/tmp/radare2-5.8.4/libr/config/config.c:493
    #5 0x7f9c1e7b1bcb in bin_info /home/mambroz/tmp/radare2-5.8.4/libr/core/cbin.c:891
    #6 0x7f9c1e7bfaf7 in r_core_bin_info /home/mambroz/tmp/radare2-5.8.4/libr/core/cbin.c:4397
    #7 0x7f9c1e7afe19 in r_core_bin_set_env /home/mambroz/tmp/radare2-5.8.4/libr/core/cbin.c:358
    #8 0x7f9c1e76f61e in r_core_file_do_load_for_io_plugin /home/mambroz/tmp/radare2-5.8.4/libr/core/cfile.c:442
    #9 0x7f9c1e76fe06 in r_core_bin_load /home/mambroz/tmp/radare2-5.8.4/libr/core/cfile.c:647
    #10 0x7f9c1f951d6b in binload /home/mambroz/tmp/radare2-5.8.4/libr/main/radare2.c:469
    #11 0x7f9c1f955600 in r_main_radare2 /home/mambroz/tmp/radare2-5.8.4/libr/main/radare2.c:1390
    #12 0x563b4d278587 in main /home/mambroz/tmp/radare2-5.8.4/binr/radare2/radare2.c:104
    #13 0x7f9c1ee8950f in __libc_start_call_main (/lib64/libc.so.6+0x2750f)

Indirect leak of 4 byte(s) in 1 object(s) allocated from:
    #0 0x7f9c1f27243b in strdup (/lib64/libasan.so.8+0x7243b)
    #1 0x7f9c1e336a7c in r_arch_config_set_cpu /home/mambroz/tmp/radare2-5.8.4/libr/arch/arch_config.c:41
    #2 0x7f9c1ea15c0d in r_asm_set_cpu /home/mambroz/tmp/radare2-5.8.4/libr/asm/asm.c:351
    #3 0x7f9c1e7743b8 in cb_asmarch /home/mambroz/tmp/radare2-5.8.4/libr/core/cconfig.c:876
    #4 0x7f9c1f904501 in r_config_set /home/mambroz/tmp/radare2-5.8.4/libr/config/config.c:493
    #5 0x7f9c1e7b1ba6 in bin_info /home/mambroz/tmp/radare2-5.8.4/libr/core/cbin.c:890
    #6 0x7f9c1e7bfaf7 in r_core_bin_info /home/mambroz/tmp/radare2-5.8.4/libr/core/cbin.c:4397
    #7 0x7f9c1e7afe19 in r_core_bin_set_env /home/mambroz/tmp/radare2-5.8.4/libr/core/cbin.c:358
    #8 0x7f9c1e76f61e in r_core_file_do_load_for_io_plugin /home/mambroz/tmp/radare2-5.8.4/libr/core/cfile.c:442
    #9 0x7f9c1e76fe06 in r_core_bin_load /home/mambroz/tmp/radare2-5.8.4/libr/core/cfile.c:647
    #10 0x7f9c1f951d6b in binload /home/mambroz/tmp/radare2-5.8.4/libr/main/radare2.c:469
    #11 0x7f9c1f955600 in r_main_radare2 /home/mambroz/tmp/radare2-5.8.4/libr/main/radare2.c:1390
    #12 0x563b4d278587 in main /home/mambroz/tmp/radare2-5.8.4/binr/radare2/radare2.c:104
    #13 0x7f9c1ee8950f in __libc_start_call_main (/lib64/libc.so.6+0x2750f)

Indirect leak of 4 byte(s) in 1 object(s) allocated from:
    #0 0x7f9c1f27243b in strdup (/lib64/libasan.so.8+0x7243b)
    #1 0x7f9c1e336bc7 in r_arch_config_clone /home/mambroz/tmp/radare2-5.8.4/libr/arch/arch_config.c:80
    #2 0x7f9c1e335f24 in r_arch_use_decoder /home/mambroz/tmp/radare2-5.8.4/libr/arch/arch.c:100
    #3 0x7f9c1e772d4e in cb_archdecoder /home/mambroz/tmp/radare2-5.8.4/libr/core/cconfig.c:464
    #4 0x7f9c1f903eca in r_config_set_cb /home/mambroz/tmp/radare2-5.8.4/libr/config/config.c:391
    #5 0x7f9c1e77bc5f in r_core_config_init /home/mambroz/tmp/radare2-5.8.4/libr/core/cconfig.c:3505
    #6 0x7f9c1e68aa57 in r_core_init /home/mambroz/tmp/radare2-5.8.4/libr/core/core.c:3221
    #7 0x7f9c1e68167c in r_core_new /home/mambroz/tmp/radare2-5.8.4/libr/core/core.c:926
    #8 0x7f9c1f9520b9 in r_main_radare2 /home/mambroz/tmp/radare2-5.8.4/libr/main/radare2.c:563
    #9 0x563b4d278587 in main /home/mambroz/tmp/radare2-5.8.4/binr/radare2/radare2.c:104
    #10 0x7f9c1ee8950f in __libc_start_call_main (/lib64/libc.so.6+0x2750f)

Indirect leak of 1 byte(s) in 1 object(s) allocated from:
    #0 0x7f9c1f27243b in strdup (/lib64/libasan.so.8+0x7243b)
    #1 0x7f9c1e77a4fe in cb_asmabi /home/mambroz/tmp/radare2-5.8.4/libr/core/cconfig.c:3209
    #2 0x7f9c1f903eca in r_config_set_cb /home/mambroz/tmp/radare2-5.8.4/libr/config/config.c:391
    #3 0x7f9c1e77c138 in r_core_config_init /home/mambroz/tmp/radare2-5.8.4/libr/core/cconfig.c:3543
    #4 0x7f9c1e68aa57 in r_core_init /home/mambroz/tmp/radare2-5.8.4/libr/core/core.c:3221
    #5 0x7f9c1e68167c in r_core_new /home/mambroz/tmp/radare2-5.8.4/libr/core/core.c:926
    #6 0x7f9c1f9520b9 in r_main_radare2 /home/mambroz/tmp/radare2-5.8.4/libr/main/radare2.c:563
    #7 0x563b4d278587 in main /home/mambroz/tmp/radare2-5.8.4/binr/radare2/radare2.c:104
    #8 0x7f9c1ee8950f in __libc_start_call_main (/lib64/libc.so.6+0x2750f)

SUMMARY: AddressSanitizer: 30837 byte(s) leaked in 777 allocation(s).

[xambroz]

did you tried with the patch i shared some comments above? the multithreading thing with iaito was fixed a year ago. theres no need to pass this flag to make iaito happy nowadays

Nope - sorry I failed to recognize it is patch fixing it. I thought it is general comment.
I will try.

[trufae]

I merged the proposed patch into master so you can git pull and try there :)

Those asan messages are leaks (30KB of memory leaks) i plan to spend some time fixing those during before 5.8.6 but those are harmless. So cant say whats making it fail for you :/

[xambroz]

I have tried with the patch. Now the segfault happens in hashRBinElfSymbol.lto_priv.1 and not the sdb_hash.
https://copr.fedorainfracloud.org/coprs/rebus/infosec/build/5693740/

(gdb) bt
#0  0x00007ffff70ee44c in hashRBinElfSymbol.lto_priv.1 () from /lib64/libr_bin.so.5.8.4
#1  0x0000555555565563 in reserve_kv.lto_priv ()
#2  0x000055555556589a in insert_update.lto_priv ()
#3  0x00007ffff70f487e in Elf64__r_bin_elf_get_symbols_imports.lto_priv.0 () from /lib64/libr_bin.so.5.8.4
#4  0x00007ffff70b0270 in entries.lto_priv () from /lib64/libr_bin.so.5.8.4
#5  0x00007ffff709fc57 in r_bin_object_set_items () from /lib64/libr_bin.so.5.8.4
#6  0x00007ffff70a05e7 in r_bin_object_new () from /lib64/libr_bin.so.5.8.4
#7  0x00007ffff7090524 in r_bin_open_buf () from /lib64/libr_bin.so.5.8.4
#8  0x00007ffff7090c03 in r_bin_open_io () from /lib64/libr_bin.so.5.8.4
#9  0x00007ffff737a4f6 in r_core_bin_load () from /lib64/libr_core.so.5.8.4
#10 0x00007ffff7e23438 in r_main_radare2 () from /lib64/libr_main.so.5.8.4
#11 0x00007ffff7c4d510 in __libc_start_call_main (main=main@entry=0x555555561840 <main>, argc=argc@entry=2, argv=argv@entry=0x7fffffffd868)
    at ../sysdeps/nptl/libc_start_call_main.h:58
#12 0x00007ffff7c4d5c9 in __libc_start_main_impl (main=0x555555561840 <main>, argc=2, argv=0x7fffffffd868, init=<optimized out>, 
    fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fffffffd858) at ../csu/libc-start.c:381
#13 0x0000555555561a85 in _start ()

[xambroz]

There is definitely some race condition to this. I have tried fresh account with no history of using radare2.

$ sudo su -
[root@hermes ~]# useradd mambroz1
[root@hermes ~]# su - mambroz1
[mambroz1@hermes ~]$ radare2 /usr/bin/false
WARN: run r2 with -e bin.cache=true to fix relocations in disassembly
^D
[mambroz1@hermes ~]$ radare2 /usr/bin/false
WARN: run r2 with -e bin.cache=true to fix relocations in disassembly
[0x00002960]> q
[mambroz1@hermes ~]$ radare2 -e bin.cache=true /usr/bin/false
Segmentation fault (core dumped)
[mambroz1@hermes ~]$ radare2 /usr/bin/false
WARN: run r2 with -e bin.cache=true to fix relocations in disassembly
[0x00002960]> q
[mambroz1@hermes ~]$ radare2 -e bin.cache=true /usr/bin/false
Segmentation fault (core dumped)
[mambroz1@hermes ~]$ radare2 -e bin.cache=false /usr/bin/false
Segmentation fault (core dumped)
[mambroz1@hermes ~]$ radare2 -e bin.cache /usr/bin/false
Segmentation fault (core dumped)

And then after a while playing with that the situation changed and getting the core dump all the time.,
but not getting that when fiddling with the caching.

Backtrace with the debug info

0x00007ffff70ee44c in hashRBinElfSymbol.lto_priv.1 ()
    at ../libr/bin/format/elf/elf.c:3616
3616	static ut32 hashRBinElfSymbol(const void *obj) {
(gdb) br
Breakpoint 1 at 0x7ffff70ee44c: file ../libr/bin/format/elf/elf.c, line 3616.
(gdb) bt
#0  0x00007ffff70ee44c in hashRBinElfSymbol.lto_priv.1 ()
    at ../libr/bin/format/elf/elf.c:3616
#1  0x0000555555565563 in hashfn (k=0x5555557dbe10, ht=0x555555788740)
    at ../shlr/sdb/src/ht.inc:20
#2  bucketfn (k=0x5555557dbe10, ht=0x555555788740)
    at ../shlr/sdb/src/ht.inc:24
#3  reserve_kv (ht=ht@entry=0x555555788740, 
    key=key@entry=0x5555557dbe10, key_len=0, update=update@entry=false)
    at ../shlr/sdb/src/ht.inc:186
#4  0x000055555556589a in insert_update (ht=0x555555788740, 
    key=0x5555557dbe10, value=0x5555557dbe10, update=<optimized out>)
    at ../shlr/sdb/src/ht.inc:226
#5  0x00007ffff70f487e in Elf64__r_bin_elf_get_symbols_imports (
    bin=0x5555557923b0, type=3) at ../libr/bin/format/elf/elf.c:3843
#6  0x00007ffff70b0270 in Elf64_r_bin_elf_get_symbols (
    bin=0x5555557923b0) at ../libr/bin/format/elf/elf.c:3982
#7  entries (bf=<optimized out>) at ../libr/bin/p/bin_elf.inc:679
#8  0x00007ffff709fc57 in r_bin_object_set_items (
    bf=bf@entry=0x555555795b50, bo=bo@entry=0x555555792f20)
    at ../libr/bin/bobj.c:322
#9  0x00007ffff70a05e7 in r_bin_object_new (bf=0x555555795b50, 
    plugin=0x5555555f3f70, baseaddr=18446744073709551615, loadaddr=0, 
    offset=0, sz=33248) at ../libr/bin/bobj.c:186
#10 0x00007ffff7090524 in r_bin_file_new_from_buffer (
    pluginname=<optimized out>, fd=<optimized out>, 
    loadaddr=<optimized out>, baseaddr=<optimized out>, 
    rawstr=<optimized out>, buf=<optimized out>, file=<optimized out>, 
    bin=<optimized out>) at ../libr/bin/bfile.c:609
#11 r_bin_open_buf (bin=bin@entry=0x5555555ef4f0, 
    buf=buf@entry=0x5555557919d0, opt=opt@entry=0x7fffffffdd60)
    at ../libr/bin/bin.c:284
#12 0x00007ffff7090c03 in r_bin_open_io (bin=0x5555555ef4f0, 
--Type <RET> for more, q to quit, c to continue without paging-- 
    opt=opt@entry=0x7fffffffdd60) at ../libr/bin/bin.c:347
#13 0x00007ffff737a4f6 in r_core_file_do_load_for_io_plugin (loadaddr=0, baseaddr=18446744073709551615, r=0x7ffff619e010) at ../libr/core/cfile.c:437
#14 r_core_bin_load (r=r@entry=0x7ffff619e010, filenameuri=0x5555557919b0 "/bin/false", baddr=baddr@entry=18446744073709551615)
    at ../libr/core/cfile.c:647
#15 0x00007ffff7e40438 in binload (baddr=18446744073709551615, filepath=<optimized out>, r=0x7ffff619e010) at ../libr/main/radare2.c:469
#16 r_main_radare2 (argc=<optimized out>, argv=<optimized out>) at ../libr/main/radare2.c:1390
#17 0x00007ffff7c6a510 in __libc_start_call_main (main=main@entry=0x555555561840 <main>, argc=argc@entry=4, argv=argv@entry=0x7fffffffe078)
    at ../sysdeps/nptl/libc_start_call_main.h:58
#18 0x00007ffff7c6a5c9 in __libc_start_main_impl (main=0x555555561840 <main>, argc=4, argv=0x7fffffffe078, init=<optimized out>, 
    fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fffffffe068) at ../csu/libc-start.c:381
#19 0x0000555555561a85 in _start ()

[trufae]

there are no threads in r2, so it can't be a race condition. if it fails randomly it should be spotted by valgrind or asan because it should be an uninitialized variable in use or UB.

that key_len=0, in your log looks liek it could end up with a malloc(0) that is undefined behaviour.. but theres a check before entering there to ensure that no empty keys are used... i have some work to do now but i'll check again with detail. also can you build without optimizations? like -O1 or so, but dont add lto or more optimizations otherwise the compiler invents new functions and the backtrace is confusing.

thanks!

[xambroz]

there are no threads in r2, so it can't be a race condition.

I mean "race condition" not necessarily limited to threads interacting between themselves, but in broader sense that it depends also on something else within whole system, which I might or might not be able to influence.

i have some work to do now but i'll check again with detail.

Sure ... thanks.

if it fails randomly it should be spotted by valgrind

Valgrind reports this:

$ valgrind  radare2 /bin/false
==2764054== Memcheck, a memory error detector
==2764054== Copyright (C) 2002-2022, and GNU GPL'd, by Julian Seward et al.
==2764054== Using Valgrind-3.20.0 and LibVEX; rerun with -h for copyright info
==2764054== Command: radare2 /bin/false
==2764054== 
==2764054== Conditional jump or move depends on uninitialised value(s)
==2764054==    at 0x559F86C: Elf64__r_bin_elf_get_symbols_imports.lto_priv.0 (elf.c:3842)
==2764054==    by 0x555B26F: UnknownInlinedFun (elf.c:3982)
==2764054==    by 0x555B26F: entries.lto_priv.13 (bin_elf.inc:679)
==2764054==    by 0x554AC56: r_bin_object_set_items (bobj.c:322)
==2764054==    by 0x554B5E6: r_bin_object_new (bobj.c:186)
==2764054==    by 0x553B523: UnknownInlinedFun (bfile.c:609)
==2764054==    by 0x553B523: r_bin_open_buf (bin.c:284)
==2764054==    by 0x553BC02: r_bin_open_io (bin.c:347)
==2764054==    by 0x53674F5: UnknownInlinedFun (cfile.c:437)
==2764054==    by 0x53674F5: r_core_bin_load (cfile.c:647)
==2764054==    by 0x49D1437: UnknownInlinedFun (radare2.c:469)
==2764054==    by 0x49D1437: r_main_radare2 (radare2.c:1390)
==2764054==    by 0x4A3950F: (below main) (libc_start_call_main.h:58)
==2764054== 
==2764054== Conditional jump or move depends on uninitialised value(s)
==2764054==    at 0x559F86C: Elf64__r_bin_elf_get_symbols_imports.lto_priv.0 (elf.c:3842)
==2764054==    by 0x555D1F7: UnknownInlinedFun (elf.c:3989)
==2764054==    by 0x555D1F7: imports.lto_priv.4 (bin_elf.inc:786)
==2764054==    by 0x554ACE6: r_bin_object_set_items (bobj.c:334)
==2764054==    by 0x554B5E6: r_bin_object_new (bobj.c:186)
==2764054==    by 0x553B523: UnknownInlinedFun (bfile.c:609)
==2764054==    by 0x553B523: r_bin_open_buf (bin.c:284)
==2764054==    by 0x553BC02: r_bin_open_io (bin.c:347)
==2764054==    by 0x53674F5: UnknownInlinedFun (cfile.c:437)
==2764054==    by 0x53674F5: r_core_bin_load (cfile.c:647)
==2764054==    by 0x49D1437: UnknownInlinedFun (radare2.c:469)
==2764054==    by 0x49D1437: r_main_radare2 (radare2.c:1390)
==2764054==    by 0x4A3950F: (below main) (libc_start_call_main.h:58)
==2764054== 
WARN: run r2 with -e bin.cache=true to fix relocations in disassembly
[0x00002960]> ==2764054== Syscall param pselect6(sig->ss) points to uninitialised byte(s)
==2764054==    at 0x4B13B00: pselect64_syscall (pselect.c:34)
==2764054==    by 0x4B13B00: pselect (pselect.c:56)
==2764054==    by 0x4D6B642: r_cons_readchar (input.c:642)
==2764054==    by 0x4D6E670: UnknownInlinedFun (dietline.c:242)
==2764054==    by 0x4D6E670: r_line_readline_cb (dietline.c:1425)
==2764054==    by 0x5347329: r_core_fgets (core.c:2183)
==2764054==    by 0x534FDC2: r_core_prompt (core.c:3530)
==2764054==    by 0x5350196: r_core_prompt_loop (core.c:3367)
==2764054==    by 0x49CFB1F: r_main_radare2 (radare2.c:1701)
==2764054==    by 0x4A3950F: (below main) (libc_start_call_main.h:58)
==2764054==  Address 0x1ffeffe280 is on thread 1's stack
==2764054==  in frame #1, created by r_cons_readchar (input.c:604)
==2764054== 

But again like with asan - executing with valgrind it doesn't segfault.

like -O1 or so, but dont add lto or more optimizations otherwise the compiler invents new functions and the backtrace is confusing.

I will try prepare build like that.

[trufae]

omg the valgrind log is useful. i think i understand the bug now. but i have to run because im late because of real life stuff. i'll do another blind fix when i have some time to check the code properly because ideally i would like to rewrote this function that looks like crap and ive seen some sketchy things. thanks for your patience and testing. i wish i could repro too. i tried with static analyzers and no luck there. but i think theres a logic bug in this mess

[trufae]

Can you git pull and try again with master? i think i fixed the calloc(0) issue

[xambroz]

i wish i could repro too.

sent you email.

Can you git pull and try again with master? i think i fixed the calloc(0) issue

I will try

[xambroz]

https://copr.fedorainfracloud.org/coprs/rebus/infosec/build/5707264/
used 73795bd for snapshot of git.
It helped and took me some time before it segfault, but still there is something wrong:

$ radare2 -v
radare2 5.8.5 0 @ linux-x86-64 git.5.8.5
commit: unknown build: 2023-03-25__00:00:00
$ radare2 /bin/false
Segmentation fault (core dumped)

Backtrace from gsb:

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff70ee53c in hashRBinElfSymbol.lto_priv.1 () at ../libr/bin/format/elf/elf.c:3616
3616	static ut32 hashRBinElfSymbol(const void *obj) {
(gdb) bt
#0  0x00007ffff70ee53c in hashRBinElfSymbol.lto_priv.1 () at ../libr/bin/format/elf/elf.c:3616
#1  0x0000555555565563 in hashfn (k=0x5555557de730, ht=0x5555557fa6c0) at ../shlr/sdb/src/ht.inc:20
#2  bucketfn (k=0x5555557de730, ht=0x5555557fa6c0) at ../shlr/sdb/src/ht.inc:24
#3  reserve_kv (ht=ht@entry=0x5555557fa6c0, key=key@entry=0x5555557de730, key_len=0, update=update@entry=false) at ../shlr/sdb/src/ht.inc:186
#4  0x000055555556589a in insert_update (ht=0x5555557fa6c0, key=0x5555557de730, value=0x5555557de730, update=<optimized out>)
    at ../shlr/sdb/src/ht.inc:226
#5  0x00007ffff70f4ab3 in Elf64__r_bin_elf_get_symbols_imports (bin=0x55555570f730, type=3) at ../libr/bin/format/elf/elf.c:3864
#6  0x00007ffff70b0280 in Elf64_r_bin_elf_get_symbols (bin=0x55555570f730) at ../libr/bin/format/elf/elf.c:4001
#7  entries (bf=<optimized out>) at ../libr/bin/p/bin_elf.inc:679
#8  0x00007ffff709fc57 in r_bin_object_set_items (bf=bf@entry=0x55555570f2c0, bo=bo@entry=0x55555570f4b0) at ../libr/bin/bobj.c:322
#9  0x00007ffff70a05e7 in r_bin_object_new (bf=0x55555570f2c0, plugin=0x5555555f50d0, baseaddr=18446744073709551615, loadaddr=0, offset=0, sz=33248)
    at ../libr/bin/bobj.c:186
#10 0x00007ffff7090524 in r_bin_file_new_from_buffer (pluginname=<optimized out>, fd=<optimized out>, loadaddr=<optimized out>, 
    baseaddr=<optimized out>, rawstr=<optimized out>, buf=<optimized out>, file=<optimized out>, bin=<optimized out>) at ../libr/bin/bfile.c:609
#11 r_bin_open_buf (bin=bin@entry=0x5555555f0650, buf=buf@entry=0x55555570f270, opt=opt@entry=0x7fffffffd410) at ../libr/bin/bin.c:284
#12 0x00007ffff7090c03 in r_bin_open_io (bin=0x5555555f0650, opt=opt@entry=0x7fffffffd410) at ../libr/bin/bin.c:347
#13 0x00007ffff737a5e6 in r_core_file_do_load_for_io_plugin (loadaddr=0, baseaddr=18446744073709551615, r=0x7ffff619e010) at ../libr/core/cfile.c:437
#14 r_core_bin_load (r=r@entry=0x7ffff619e010, filenameuri=0x55555570e1b0 "/bin/false", baddr=baddr@entry=18446744073709551615)
    at ../libr/core/cfile.c:647
#15 0x00007ffff7e23438 in binload (baddr=18446744073709551615, filepath=<optimized out>, r=0x7ffff619e010) at ../libr/main/radare2.c:469
#16 r_main_radare2 (argc=<optimized out>, argv=<optimized out>) at ../libr/main/radare2.c:1390
#17 0x00007ffff7c4d510 in __libc_start_call_main (main=main@entry=0x555555561840 <main>, argc=argc@entry=2, argv=argv@entry=0x7fffffffd728)
    at ../sysdeps/nptl/libc_start_call_main.h:58
#18 0x00007ffff7c4d5c9 in __libc_start_main_impl (main=0x555555561840 <main>, argc=2, argv=0x7fffffffd728, init=<optimized out>, 
    fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fffffffd718) at ../csu/libc-start.c:381
#19 0x0000555555561a85 in _start ()

Running with Valgrind again prevents the segfault:

$ valgrind radare2 /bin/false
==2879830== Memcheck, a memory error detector
==2879830== Copyright (C) 2002-2022, and GNU GPL'd, by Julian Seward et al.
==2879830== Using Valgrind-3.20.0 and LibVEX; rerun with -h for copyright info
==2879830== Command: radare2 /bin/false
==2879830== 
==2879830== Conditional jump or move depends on uninitialised value(s)
==2879830==    at 0x55A0AA1: Elf64__r_bin_elf_get_symbols_imports.lto_priv.0 (elf.c:3863)
==2879830==    by 0x555C27F: UnknownInlinedFun (elf.c:4001)
==2879830==    by 0x555C27F: entries.lto_priv.13 (bin_elf.inc:679)
==2879830==    by 0x554BC56: r_bin_object_set_items (bobj.c:322)
==2879830==    by 0x554C5E6: r_bin_object_new (bobj.c:186)
==2879830==    by 0x553C523: UnknownInlinedFun (bfile.c:609)
==2879830==    by 0x553C523: r_bin_open_buf (bin.c:284)
==2879830==    by 0x553CC02: r_bin_open_io (bin.c:347)
==2879830==    by 0x53675E5: UnknownInlinedFun (cfile.c:437)
==2879830==    by 0x53675E5: r_core_bin_load (cfile.c:647)
==2879830==    by 0x49D1437: UnknownInlinedFun (radare2.c:469)
==2879830==    by 0x49D1437: r_main_radare2 (radare2.c:1390)
==2879830==    by 0x4A3950F: (below main) (libc_start_call_main.h:58)
==2879830== 
==2879830== Conditional jump or move depends on uninitialised value(s)
==2879830==    at 0x55A0AA1: Elf64__r_bin_elf_get_symbols_imports.lto_priv.0 (elf.c:3863)
==2879830==    by 0x555E207: UnknownInlinedFun (elf.c:4008)
==2879830==    by 0x555E207: imports.lto_priv.4 (bin_elf.inc:786)
==2879830==    by 0x554BCE6: r_bin_object_set_items (bobj.c:334)
==2879830==    by 0x554C5E6: r_bin_object_new (bobj.c:186)
==2879830==    by 0x553C523: UnknownInlinedFun (bfile.c:609)
==2879830==    by 0x553C523: r_bin_open_buf (bin.c:284)
==2879830==    by 0x553CC02: r_bin_open_io (bin.c:347)
==2879830==    by 0x53675E5: UnknownInlinedFun (cfile.c:437)
==2879830==    by 0x53675E5: r_core_bin_load (cfile.c:647)
==2879830==    by 0x49D1437: UnknownInlinedFun (radare2.c:469)
==2879830==    by 0x49D1437: r_main_radare2 (radare2.c:1390)
==2879830==    by 0x4A3950F: (below main) (libc_start_call_main.h:58)
==2879830== 
WARN: run r2 with -e bin.cache=true to fix relocations in disassembly
[0x00002960]> ==2879830== Syscall param pselect6(sig->ss) points to uninitialised byte(s)
==2879830==    at 0x4B13B00: pselect64_syscall (pselect.c:34)
==2879830==    by 0x4B13B00: pselect (pselect.c:56)
==2879830==    by 0x4D6B642: r_cons_readchar (input.c:642)
==2879830==    by 0x4D6E670: UnknownInlinedFun (dietline.c:242)
==2879830==    by 0x4D6E670: r_line_readline_cb (dietline.c:1425)
==2879830==    by 0x5347419: r_core_fgets (core.c:2183)
==2879830==    by 0x534FEB2: r_core_prompt (core.c:3530)
==2879830==    by 0x5350286: r_core_prompt_loop (core.c:3367)
==2879830==    by 0x49CFB1F: r_main_radare2 (radare2.c:1701)
==2879830==    by 0x4A3950F: (below main) (libc_start_call_main.h:58)
==2879830==  Address 0x1ffeffe180 is on thread 1's stack
==2879830==  in frame #1, created by r_cons_readchar (input.c:604)
==2879830== 

[trufae]

Can you try again? i think that i managed to repro after cleaning up some code in the parser.. still far from ideal, but I hope i hit the nail now :3

[xambroz]

OK ... not able to reproduce and valgrind is clean. Solved, thank you.

[xambroz]

tested with 70a78f0

[trufae]

i found the reason why asan build didnt catched this and also found the root cause for a couple of similar issues that are now fixed too :) I guess you'll need another release to package it properly, right? i would like to do some more work on before 5.8.6, but im aware this was an important problem thanks for reporting!

…

On Tue, Mar 28, 2023 at 5:53 PM Michal Ambroz ***@***.***> wrote: tested with 70a78f0 <70a78f0> — Reply to this email directly, view it on GitHub <#21491 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/ABRCGG7LTEBC2G2V2SM2MDTW6MCOJANCNFSM6AAAAAAV5XZ6BI> . You are receiving this because you were assigned.Message ID: ***@***.***>

[xambroz]

root cause for a couple of similar issues that are now fixed too :)

That is so cool .. thank you.

I guess you'll need another release to package it properly, right? i would like to do some more work on before 5.8.6,

Thank you, release would be preferable, but I understand you have also other things to fix. As packager I have got options to go with git snapshot or cherry-pick individual patches as well.

I have already pushed the Fedora Rawhide branch and planned F38 with the mentioned git snapshot 70a78f0
https://koji.fedoraproject.org/koji/packageinfo?packageID=27515
Just the package name looks "odd" (5.8.5 version) and ugly (suffix specifying the date and git snapshot).

For the supported Fedora branches I plan to wait for the 5.8.6 release, if it is not too far.
But if you tell me you plan it not sooner than one month, I still have got option to cherrypick or use the git snapshot as well.

[trufae]

There are a bunch of important fixes and i'll try to push for more fixes and improvements to make the new release in about a month. Usually releases depend on features or issues being fixed. Im doing good progress lately and that wont be the last release for this abi seasson. So depending on my spare time and contributors i hope to get this done in time for you 👍