ag/agv crash on any file

[condret]

┌─[17:07:46]─[condret@arch-laptop]─[/home/condret]
└──> r2 /bin/ls
-- Use +,-,*,/ to change the size of the block
[0x0040489c]> aa
[0x0040489c]> ag > dotfile.dot
Speicherzugriffsfehler (Speicherabzug geschrieben)
┌─[17:08:19]─[condret@arch-laptop]─[/home/condret]
└──>

(Speicherzugriffsfehler is similar to segfault or even the same)

[radare]

cant reproduce. i tried on linux32, linux64 and osx64. Works everywhere here.

Can you upload the bin somewhere? are you using latest git clean build?

can you paste a valgrind output? gdb backtrace/register dump?

On 09 Dec 2013, at 16:19, condret [email protected] wrote:

┌─[17:07:46]─[condret@arch-laptop]─[/home/condret]
└──> r2 /bin/ls
-- Use +,-,*,/ to change the size of the block
[0x0040489c]> aa
[0x0040489c]> ag > dotfile.dot
Speicherzugriffsfehler (Speicherabzug geschrieben)
┌─[17:08:19]─[condret@arch-laptop]─[/home/condret]
└──>

(Speicherzugriffsfehler is similar to segfault or even the same)

—
Reply to this email directly or view it on GitHub.

[condret]

this only happens if asm.middle = true

[zonkzonk]

confirmed here with radare2 0.9.7git @ linux-little-x86-64 git.0.9.6-163-g4bc74d0
commit: 4bc74d0 build: 2013-12-09

[0x00000000]> aa
[0x00000000]> ag > dotfile.dot

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff6a0cc95 in r_anal_reflines_middle (a=0x682290, list=0x0, addr=0, len=2) at reflines.c:71
71 for (pos = (&(list->list))->next; pos != (&(list->list)); pos = pos->next) {
(gdb) bt
#0 0x00007ffff6a0cc95 in r_anal_reflines_middle (a=0x682290, list=0x0, addr=0, len=2) at reflines.c:71
#1 0x00007ffff7bb6f38 in r_core_print_disasm (p=0x668050, core=0x606900 , addr=0, buf=0x6c7b50 "", len=512, l=512, invbreak=0, cbytes=1)
at disasm.c:681
#2 0x00007ffff7b908b0 in cmd_print (data=0x606900 , input=0x6c0a81 "D 512") at cmd_print.c:1083
#3 0x00007ffff5f63f8c in r_cmd_call (cmd=0x68fb40, input=0x6c0a80 "pD 512") at cmd.c:172
#4 0x00007ffff7b99fd5 in r_core_cmd_subst_i (core=0x606900 , cmd=0x6c0a80 "pD 512") at cmd.c:1255
#5 0x00007ffff7b98893 in r_core_cmd_subst (core=0x606900 , cmd=0x6c0a80 "pD 512") at cmd.c:841
#6 0x00007ffff7b9a9d6 in r_core_cmd (core=0x606900 , cstr=0x7fffffffd390 "pD 512 @ 0x00000000", log=0) at cmd.c:1437
#7 0x00007ffff7b9b1a7 in r_core_cmd_str (core=0x606900 , cmd=0x7fffffffd390 "pD 512 @ 0x00000000") at cmd.c:1607
#8 0x00007ffff7ba722d in r_core_anal_graph_label (core=0x606900 , bb=0x6c08c0, opts=2) at anal.c:101
#9 0x00007ffff7ba77b0 in r_core_anal_graph_nodes (core=0x606900 , fcn=0x6f5d60, opts=2) at anal.c:194
#10 0x00007ffff7ba9f51 in r_core_anal_graph (core=0x606900 , addr=0, opts=2) at anal.c:876
#11 0x00007ffff7b85b1d in cmd_anal (data=0x606900 , input=0x6c0981 "g") at cmd_anal.c:677
#12 0x00007ffff5f63f8c in r_cmd_call (cmd=0x68fb40, input=0x6c0980 "ag") at cmd.c:172
#13 0x00007ffff7b9a06e in r_core_cmd_subst_i (core=0x606900 , cmd=0x6c0980 "ag") at cmd.c:1268
#14 0x00007ffff7b98893 in r_core_cmd_subst (core=0x606900 , cmd=0x6c0980 "ag") at cmd.c:841
#15 0x00007ffff7b99582 in r_core_cmd_subst_i (core=0x606900 , cmd=0x6cfb60 "ag") at cmd.c:1082
#16 0x00007ffff7b98893 in r_core_cmd_subst (core=0x606900 , cmd=0x6cfb60 "ag") at cmd.c:841
#17 0x00007ffff7b9a9d6 in r_core_cmd (core=0x606900 , cstr=0x6e3330 "ag > dotfile.dot", log=1) at cmd.c:1437
#18 0x00007ffff7b771b9 in r_core_prompt_exec (r=0x606900 ) at core.c:703
#19 0x00000000004045e3 in main (argc=3, argv=0x7fffffffeb68) at radare2.c:583

[radare]

ok, i can reproduce it now :) will check later at night

thanks

On 09 Dec 2013, at 18:32, condret [email protected] wrote:

this only happens if asm.middle = true

—
Reply to this email directly or view it on GitHub.