0x00007fdf5d136cb5 in r_io_seek #6516

zonkzonk · 2017-01-16T11:03:07Z

morrn,

r2 -e io.cache=true -e dbg.bpinmaps=0 -e io.va=true -c"aaaa; pd 10; db -1; db entry0; dc; ds; dbt; V$j$y$z %c%c%c%p" -d --  "/tmp/bash --norc"

then screen blanks and opening new window in dwm crashes r2. (guess sigwinch)

core dump:

,gdb -q r2 core 
Mon Jan 16 11:55:38 CET 2017
Reading symbols from r2...done.

warning: core file may not match specified executable file.
[New LWP 2246]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Core was generated by `r2 -e io.cache=true -e dbg.bpinmaps=0 -e io.va=true -caaaa; pd 10; db -1; db en'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0  0x00007fdf5d136cb5 in r_io_seek (io=0x560bf7e15370, offset=405, whence=0) at io.c:832
832             if (io->plugin && io->plugin->lseek) {
(gdb) bt
#0  0x00007fdf5d136cb5 in r_io_seek (io=0x560bf7e15370, offset=405, whence=0) at io.c:832
#1  0x00007fdf5d135eb1 in r_io_read_at (io=0x560bf7e15370, addr=405, buf=0x560bf7e86b65 '\377' <repeats 200 times>..., len=405) at io.c:507
#2  0x00007fdf5f0009d5 in r_core_read_at (core=0x560bf74d75a0 <r>, addr=405, buf=0x560bf7e86b65 '\377' <repeats 200 times>..., size=405) at cio.c:489
#3  0x00007fdf5efca9a8 in cmd_print (data=0x560bf74d75a0 <r>, input=0x560bf7e88491 "d $r") at cmd_print.c:3298
#4  0x00007fdf5f020bd0 in r_cmd_call (cmd=0x560bf7e288b0, input=0x560bf7e88490 "pd $r") at cmd_api.c:226
#5  0x00007fdf5efe5e89 in r_core_cmd_subst_i (core=0x560bf74d75a0 <r>, cmd=0x560bf7e88490 "pd $r", colon=0x0) at cmd.c:2077
#6  0x00007fdf5efe34cd in r_core_cmd_subst (core=0x560bf74d75a0 <r>, cmd=0x560bf7e88490 "pd $r") at cmd.c:1355
#7  0x00007fdf5efe7d42 in r_core_cmd (core=0x560bf74d75a0 <r>, cstr=0x7fdf5f081faa "pd $r", log=0) at cmd.c:2633
#8  0x00007fdf5efe83ec in r_core_cmd0 (user=0x560bf74d75a0 <r>, cmd=0x7fdf5f081faa "pd $r") at cmd.c:2779
#9  0x00007fdf5effe703 in visual_refresh (core=0x560bf74d75a0 <r>) at visual.c:2420
#10 0x00007fdf5e8c3497 in resize (sig=28) at cons.c:276
#11 <signal handler called>
#12 0x00007fdf5b1766be in __read_nocancel () at ../sysdeps/unix/syscall-template.S:81
#13 0x00007fdf5d1355e8 in r_io_read_internal (io=0x560bf7e15370, buf=0x560bf7e86691 '\377' <repeats 200 times>..., len=809) at io.c:325
#14 0x00007fdf5d135f9b in r_io_read_at (io=0x560bf7e15370, addr=0, buf=0x560bf7e86690 "\r", '\377' <repeats 199 times>..., len=809) at io.c:520
#15 0x00007fdf5f0009d5 in r_core_read_at (core=0x560bf74d75a0 <r>, addr=0, buf=0x560bf7e86690 "\r", '\377' <repeats 199 times>..., size=810) at cio.c:489
#16 0x00007fdf5f04a7d6 in r_core_print_disasm (p=0x560bf7dc00c0, core=0x560bf74d75a0 <r>, addr=0, buf=0x560bf7e86690 "\r", '\377' <repeats 199 times>..., len=810, l=81, invbreak=0, cbytes=0) at disasm.c:3677
#17 0x00007fdf5efca9fd in cmd_print (data=0x560bf74d75a0 <r>, input=0x560bf7e63f71 "d $r") at cmd_print.c:3299
#18 0x00007fdf5f020bd0 in r_cmd_call (cmd=0x560bf7e288b0, input=0x560bf7e63f70 "pd $r") at cmd_api.c:226
#19 0x00007fdf5efe5e89 in r_core_cmd_subst_i (core=0x560bf74d75a0 <r>, cmd=0x560bf7e63f70 "pd $r", colon=0x0) at cmd.c:2077
#20 0x00007fdf5efe34cd in r_core_cmd_subst (core=0x560bf74d75a0 <r>, cmd=0x560bf7e63f70 "pd $r") at cmd.c:1355
#21 0x00007fdf5efe7d42 in r_core_cmd (core=0x560bf74d75a0 <r>, cstr=0x7fdf5f081faa "pd $r", log=0) at cmd.c:2633
#22 0x00007fdf5efe83ec in r_core_cmd0 (user=0x560bf74d75a0 <r>, cmd=0x7fdf5f081faa "pd $r") at cmd.c:2779
#23 0x00007fdf5effe703 in visual_refresh (core=0x560bf74d75a0 <r>) at visual.c:2420
#24 0x00007fdf5effed18 in r_core_visual (core=0x560bf74d75a0 <r>, input=0x560bf7e8710a "") at visual.c:2546
#25 0x00007fdf5efe21d0 in cmd_visual (data=0x560bf74d75a0 <r>, input=0x560bf7e87101 " %c%c%c%p") at cmd.c:968
#26 0x00007fdf5f020bd0 in r_cmd_call (cmd=0x560bf7e288b0, input=0x560bf7e87100 "V %c%c%c%p") at cmd_api.c:226
#27 0x00007fdf5efe5e89 in r_core_cmd_subst_i (core=0x560bf74d75a0 <r>, cmd=0x560bf7e87100 "V %c%c%c%p", colon=0x0) at cmd.c:2077
#28 0x00007fdf5efe34cd in r_core_cmd_subst (core=0x560bf74d75a0 <r>, cmd=0x560bf7e87100 "V %c%c%c%p") at cmd.c:1355
#29 0x00007fdf5efe35c7 in r_core_cmd_subst (core=0x560bf74d75a0 <r>, cmd=0x560bf7e870e0 "dbt") at cmd.c:1377
#30 0x00007fdf5efe35c7 in r_core_cmd_subst (core=0x560bf74d75a0 <r>, cmd=0x560bf7e63f10 "ds") at cmd.c:1377
#31 0x00007fdf5efe35c7 in r_core_cmd_subst (core=0x560bf74d75a0 <r>, cmd=0x560bf7e6daf0 "dc") at cmd.c:1377
#32 0x00007fdf5efe35c7 in r_core_cmd_subst (core=0x560bf74d75a0 <r>, cmd=0x560bf7dbb0a0 "db entry0") at cmd.c:1377
#33 0x00007fdf5efe35c7 in r_core_cmd_subst (core=0x560bf74d75a0 <r>, cmd=0x560bf7e1e5e0 "db -1") at cmd.c:1377
#34 0x00007fdf5efe35c7 in r_core_cmd_subst (core=0x560bf74d75a0 <r>, cmd=0x560bf7e885e0 "pd 10") at cmd.c:1377
#35 0x00007fdf5efe35c7 in r_core_cmd_subst (core=0x560bf74d75a0 <r>, cmd=0x560bf7e63e70 "aaaa") at cmd.c:1377
#36 0x00007fdf5efe7d42 in r_core_cmd (core=0x560bf74d75a0 <r>, cstr=0x7ffdae11cd56 "aaaa; pd 10; db -1; db entry0; dc; ds; dbt; V %c%c%c%p", log=0) at cmd.c:2633
#37 0x00007fdf5efe83ec in r_core_cmd0 (user=0x560bf74d75a0 <r>, cmd=0x7ffdae11cd56 "aaaa; pd 10; db -1; db entry0; dc; ds; dbt; V %c%c%c%p") at cmd.c:2779
#38 0x0000560bf72d1c83 in run_commands (cmds=0x560bf7dbb010, files=0x560bf7dbb070, quiet=false) at radare2.c:329
#39 0x0000560bf72d415d in main (argc=11, argv=0x7ffdae11c738, envp=0x7ffdae11c798) at radare2.c:1050
(gdb) l
827             }
828             // if resolution fails... just return as invalid address
829             if (offset == UT64_MAX || !io->desc) {
830                     return UT64_MAX;
831             }
832             if (io->plugin && io->plugin->lseek) {
833                     ret = io->plugin->lseek (io, io->desc, offset, whence);
834             } else {
835                     ret = (ut64)lseek (io->desc->fd, offset, posix_whence);
836             }
(gdb) i r
rax            0x30     48
rbx            0x7fdf5ead6be0   140597342858208
rcx            0x195    405
rdx            0x0      0
rsi            0x195    405
rdi            0x560bf7e15370   94609403368304
rbp            0x7ffdae1183d0   0x7ffdae1183d0
rsp            0x7ffdae118390   0x7ffdae118390
r8             0x560bf7e869d0   94609403832784
r9             0x560bf7e869c0   94609403832768
r10            0x560bf7e869d0   94609403832784
r11            0x10     16
r12            0x560bf72d10e0   94609391554784
r13            0x7ffdae11c730   140727523854128
r14            0x0      0
r15            0x0      0
rip            0x7fdf5d136cb5   0x7fdf5d136cb5 <r_io_seek+303>
eflags         0x10206  [ PF IF RF ]
cs             0x33     51
ss             0x2b     43
ds             0x0      0
es             0x0      0
fs             0x0      0
gs             0x0      0
(gdb) x/40x $pc
0x7fdf5d136cb5 <r_io_seek+303>: 0x78808b48      0x48000004      0x2974c085      0xd8458b48
0x7fdf5d136cc5 <r_io_seek+319>: 0x78408b48      0x78808b48      0x48000004      0x48d8558b
0x7fdf5d136cd5 <r_io_seek+335>: 0x4d8b328b      0x558b48cc      0x7d8b48d0      0x48d0ffd8
0x7fdf5d136ce5 <r_io_seek+351>: 0xebf04589      0x4d8b481e      0x458b48d0      0x008b48d8
0x7fdf5d136cf5 <r_io_seek+367>: 0x558b008b      0xce8948ec      0xbce8c789      0x48fffec7
0x7fdf5d136d05 <r_io_seek+383>: 0x83f04589      0x7500cc7d      0x458b480c      0x558b48d8
0x7fdf5d136d15 <r_io_seek+399>: 0x508948d0      0x458b4820      0x55c3c9f0      0x48e58948
0x7fdf5d136d25 <r_io_fd_size+5>:        0x4820ec83      0x89e87d89      0x558be475      0x458b48e4
0x7fdf5d136d35 <r_io_fd_size+21>:       0x48d689e8      0xf0e8c789      0x48fffed6      0x48f84589
0x7fdf5d136d45 <r_io_fd_size+37>:       0x48f8558b      0x48e8458b      0x8948d689      0xd2d9e8c7
(gdb) x/40i $pc
=> 0x7fdf5d136cb5 <r_io_seek+303>:      mov    0x478(%rax),%rax
   0x7fdf5d136cbc <r_io_seek+310>:      test   %rax,%rax
   0x7fdf5d136cbf <r_io_seek+313>:      je     0x7fdf5d136cea <r_io_seek+356>
   0x7fdf5d136cc1 <r_io_seek+315>:      mov    -0x28(%rbp),%rax
   0x7fdf5d136cc5 <r_io_seek+319>:      mov    0x78(%rax),%rax
   0x7fdf5d136cc9 <r_io_seek+323>:      mov    0x478(%rax),%rax
   0x7fdf5d136cd0 <r_io_seek+330>:      mov    -0x28(%rbp),%rdx
   0x7fdf5d136cd4 <r_io_seek+334>:      mov    (%rdx),%rsi
   0x7fdf5d136cd7 <r_io_seek+337>:      mov    -0x34(%rbp),%ecx
   0x7fdf5d136cda <r_io_seek+340>:      mov    -0x30(%rbp),%rdx
   0x7fdf5d136cde <r_io_seek+344>:      mov    -0x28(%rbp),%rdi
   0x7fdf5d136ce2 <r_io_seek+348>:      callq  *%rax
   0x7fdf5d136ce4 <r_io_seek+350>:      mov    %rax,-0x10(%rbp)
   0x7fdf5d136ce8 <r_io_seek+354>:      jmp    0x7fdf5d136d08 <r_io_seek+386>
   0x7fdf5d136cea <r_io_seek+356>:      mov    -0x30(%rbp),%rcx
   0x7fdf5d136cee <r_io_seek+360>:      mov    -0x28(%rbp),%rax
   0x7fdf5d136cf2 <r_io_seek+364>:      mov    (%rax),%rax
   0x7fdf5d136cf5 <r_io_seek+367>:      mov    (%rax),%eax
   0x7fdf5d136cf7 <r_io_seek+369>:      mov    -0x14(%rbp),%edx
   0x7fdf5d136cfa <r_io_seek+372>:      mov    %rcx,%rsi
   0x7fdf5d136cfd <r_io_seek+375>:      mov    %eax,%edi
   0x7fdf5d136cff <r_io_seek+377>:      callq  0x7fdf5d1234c0 <lseek@plt>
   0x7fdf5d136d04 <r_io_seek+382>:      mov    %rax,-0x10(%rbp)
   0x7fdf5d136d08 <r_io_seek+386>:      cmpl   $0x0,-0x34(%rbp)
   0x7fdf5d136d0c <r_io_seek+390>:      jne    0x7fdf5d136d1a <r_io_seek+404>
   0x7fdf5d136d0e <r_io_seek+392>:      mov    -0x28(%rbp),%rax
   0x7fdf5d136d12 <r_io_seek+396>:      mov    -0x30(%rbp),%rdx
   0x7fdf5d136d16 <r_io_seek+400>:      mov    %rdx,0x20(%rax)
   0x7fdf5d136d1a <r_io_seek+404>:      mov    -0x10(%rbp),%rax
   0x7fdf5d136d1e <r_io_seek+408>:      leaveq 
   0x7fdf5d136d1f <r_io_seek+409>:      retq   
   0x7fdf5d136d20 <r_io_fd_size>:       push   %rbp
   0x7fdf5d136d21 <r_io_fd_size+1>:     mov    %rsp,%rbp
   0x7fdf5d136d24 <r_io_fd_size+4>:     sub    $0x20,%rsp
   0x7fdf5d136d28 <r_io_fd_size+8>:     mov    %rdi,-0x18(%rbp)
   0x7fdf5d136d2c <r_io_fd_size+12>:    mov    %esi,-0x1c(%rbp)
   0x7fdf5d136d2f <r_io_fd_size+15>:    mov    -0x1c(%rbp),%edx
   0x7fdf5d136d32 <r_io_fd_size+18>:    mov    -0x18(%rbp),%rax
   0x7fdf5d136d36 <r_io_fd_size+22>:    mov    %edx,%esi
   0x7fdf5d136d38 <r_io_fd_size+24>:    mov    %rax,%rdi

The text was updated successfully, but these errors were encountered:

radare · 2017-01-16T11:13:20Z

thats an uaf, gdb is useless here. valgrind shows: ==46569== Invalid read of size 8 ==46569== at 0x100C494A6: r_io_use_desc (io.c:286) ==46569== by 0x10011FC4C: r_core_read_at (cio.c:488) ==46569== by 0x100166104: r_core_print_disasm (disasm.c:3677) ==46569== by 0x1000AF42D: cmd_print (cmd_print.c:3299) ==46569== by 0x100144C96: r_cmd_call (cmd_api.c:226) ==46569== by 0x1000C5BE6: r_core_cmd_subst_i (cmd.c:2077) ==46569== by 0x100097254: r_core_cmd_subst (cmd.c:1355) ==46569== by 0x100097378: r_core_cmd_subst (cmd.c:1377) ==46569== by 0x100094DA6: r_core_cmd (cmd.c:2633) ==46569== by 0x10008A529: r_core_cmd0 (cmd.c:2779) ==46569== by 0x100004E8F: run_commands (in /usr/local/bin/r2) ==46569== by 0x100003EBB: main (in /usr/local/bin/r2) ==46569== Address 0x110674990 is 48 bytes inside a block of size 64 free'd ==46569== at 0x100074EF7: free (in /usr/local/Cellar/valgrind/3.11.0_1/lib/valgrind/vgpreload_memcheck-amd64-darwin.so) ==46569== by 0x100C50766: r_io_desc_free (desc.c:75) ==46569== by 0x100C50BCA: r_io_desc_del (desc.c:97) ==46569== by 0x10010586B: r_core_file_close (file.c:848) ==46569== by 0x1000D2595: cmd_esil_mem (cmd_anal.c:2554) ==46569== by 0x1000C85FA: cmd_anal_esil (cmd_anal.c:3003) ==46569== by 0x1000999F4: cmd_anal (cmd_anal.c:5318) ==46569== by 0x100144C96: r_cmd_call (cmd_api.c:226) ==46569== by 0x1000C5BE6: r_core_cmd_subst_i (cmd.c:2077) ==46569== by 0x100097254: r_core_cmd_subst (cmd.c:1355) ==46569== by 0x100094DA6: r_core_cmd (cmd.c:2633) ==46569== by 0x10008A529: r_core_cmd0 (cmd.c:2779) ==46569== Block was alloc'd at ==46569== at 0x1000751B9: calloc (in /usr/local/Cellar/valgrind/3.11.0_1/lib/valgrind/vgpreload_memcheck-amd64-darwin.so) ==46569== by 0x100C3F382: __open (io_malloc.c:142) ==46569== by 0x100C49338: __getioplugin (io.c:128) ==46569== by 0x100C4922A: r_io_open_nomap (io.c:201) ==46569== by 0x100105375: r_core_file_open (file.c:719) ==46569== by 0x1000D26E7: cmd_esil_mem (cmd_anal.c:2572) ==46569== by 0x1000C85FA: cmd_anal_esil (cmd_anal.c:3003) ==46569== by 0x1000999F4: cmd_anal (cmd_anal.c:5318) ==46569== by 0x100144C96: r_cmd_call (cmd_api.c:226) ==46569== by 0x1000C5BE6: r_core_cmd_subst_i (cmd.c:2077) ==46569== by 0x100097254: r_core_cmd_subst (cmd.c:1355) ==46569== by 0x100094DA6: r_core_cmd (cmd.c:2633) ==46569== ==46569== Invalid read of size 8 ==46569== at 0x100C3F63A: __lseek (io_malloc.c:90) ==46569== by 0x100C4A1D0: r_io_seek (io.c:833) ==46569== by 0x100C48BED: r_io_read_at (io.c:507) ==46569== by 0x10011FC67: r_core_read_at (cio.c:489) ==46569== by 0x100166104: r_core_print_disasm (disasm.c:3677) ==46569== by 0x1000AF42D: cmd_print (cmd_print.c:3299) ==46569== by 0x100144C96: r_cmd_call (cmd_api.c:226) ==46569== by 0x1000C5BE6: r_core_cmd_subst_i (cmd.c:2077) ==46569== by 0x100097254: r_core_cmd_subst (cmd.c:1355) ==46569== by 0x100097378: r_core_cmd_subst (cmd.c:1377) ==46569== by 0x100094DA6: r_core_cmd (cmd.c:2633) ==46569== by 0x10008A529: r_core_cmd0 (cmd.c:2779)

…

On 16 Jan 2017, at 12:03, zonkzonk ***@***.***> wrote: morrn, r2 -e io.cache=true -e dbg.bpinmaps=0 -e io.va=true -c"aaaa; pd 10; db -1; db entry0; dc; ds; dbt; V$j$y$z %c%c%c%p" -d -- "/tmp/bash --norc" then screen blanks and opening new window in dwm crashes r2. (guess sigwinch) core dump: ,gdb -q r2 core Mon Jan 16 11:55:38 CET 2017 Reading symbols from r2...done. warning: core file may not match specified executable file. [New LWP 2246] [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1". Core was generated by `r2 -e io.cache=true -e dbg.bpinmaps=0 -e io.va=true -caaaa; pd 10; db -1; db en'. Program terminated with signal SIGSEGV, Segmentation fault. #0 0x00007fdf5d136cb5 in r_io_seek (io=0x560bf7e15370, offset=405, whence=0) at io.c:832 832 if (io->plugin && io->plugin->lseek) { (gdb) bt #0 0x00007fdf5d136cb5 in r_io_seek (io=0x560bf7e15370, offset=405, whence=0) at io.c:832 #1 0x00007fdf5d135eb1 in r_io_read_at (io=0x560bf7e15370, addr=405, buf=0x560bf7e86b65 '\377' <repeats 200 times>..., len=405) at io.c:507 #2 0x00007fdf5f0009d5 in r_core_read_at (core=0x560bf74d75a0 <r>, addr=405, buf=0x560bf7e86b65 '\377' <repeats 200 times>..., size=405) at cio.c:489 #3 0x00007fdf5efca9a8 in cmd_print (data=0x560bf74d75a0 <r>, input=0x560bf7e88491 "d $r") at cmd_print.c:3298 #4 0x00007fdf5f020bd0 in r_cmd_call (cmd=0x560bf7e288b0, input=0x560bf7e88490 "pd $r") at cmd_api.c:226 #5 0x00007fdf5efe5e89 in r_core_cmd_subst_i (core=0x560bf74d75a0 <r>, cmd=0x560bf7e88490 "pd $r", colon=0x0) at cmd.c:2077 #6 0x00007fdf5efe34cd in r_core_cmd_subst (core=0x560bf74d75a0 <r>, cmd=0x560bf7e88490 "pd $r") at cmd.c:1355 #7 0x00007fdf5efe7d42 in r_core_cmd (core=0x560bf74d75a0 <r>, cstr=0x7fdf5f081faa "pd $r", log=0) at cmd.c:2633 #8 0x00007fdf5efe83ec in r_core_cmd0 (user=0x560bf74d75a0 <r>, cmd=0x7fdf5f081faa "pd $r") at cmd.c:2779 #9 0x00007fdf5effe703 in visual_refresh (core=0x560bf74d75a0 <r>) at visual.c:2420 #10 0x00007fdf5e8c3497 in resize (sig=28) at cons.c:276 #11 <signal handler called> #12 0x00007fdf5b1766be in __read_nocancel () at ../sysdeps/unix/syscall-template.S:81 #13 0x00007fdf5d1355e8 in r_io_read_internal (io=0x560bf7e15370, buf=0x560bf7e86691 '\377' <repeats 200 times>..., len=809) at io.c:325 #14 0x00007fdf5d135f9b in r_io_read_at (io=0x560bf7e15370, addr=0, buf=0x560bf7e86690 "\r", '\377' <repeats 199 times>..., len=809) at io.c:520 #15 0x00007fdf5f0009d5 in r_core_read_at (core=0x560bf74d75a0 <r>, addr=0, buf=0x560bf7e86690 "\r", '\377' <repeats 199 times>..., size=810) at cio.c:489 #16 0x00007fdf5f04a7d6 in r_core_print_disasm (p=0x560bf7dc00c0, core=0x560bf74d75a0 <r>, addr=0, buf=0x560bf7e86690 "\r", '\377' <repeats 199 times>..., len=810, l=81, invbreak=0, cbytes=0) at disasm.c:3677 #17 0x00007fdf5efca9fd in cmd_print (data=0x560bf74d75a0 <r>, input=0x560bf7e63f71 "d $r") at cmd_print.c:3299 #18 0x00007fdf5f020bd0 in r_cmd_call (cmd=0x560bf7e288b0, input=0x560bf7e63f70 "pd $r") at cmd_api.c:226 #19 0x00007fdf5efe5e89 in r_core_cmd_subst_i (core=0x560bf74d75a0 <r>, cmd=0x560bf7e63f70 "pd $r", colon=0x0) at cmd.c:2077 #20 0x00007fdf5efe34cd in r_core_cmd_subst (core=0x560bf74d75a0 <r>, cmd=0x560bf7e63f70 "pd $r") at cmd.c:1355 #21 0x00007fdf5efe7d42 in r_core_cmd (core=0x560bf74d75a0 <r>, cstr=0x7fdf5f081faa "pd $r", log=0) at cmd.c:2633 #22 0x00007fdf5efe83ec in r_core_cmd0 (user=0x560bf74d75a0 <r>, cmd=0x7fdf5f081faa "pd $r") at cmd.c:2779 #23 0x00007fdf5effe703 in visual_refresh (core=0x560bf74d75a0 <r>) at visual.c:2420 #24 0x00007fdf5effed18 in r_core_visual (core=0x560bf74d75a0 <r>, input=0x560bf7e8710a "") at visual.c:2546 #25 0x00007fdf5efe21d0 in cmd_visual (data=0x560bf74d75a0 <r>, input=0x560bf7e87101 " %c%c%c%p") at cmd.c:968 #26 0x00007fdf5f020bd0 in r_cmd_call (cmd=0x560bf7e288b0, input=0x560bf7e87100 "V %c%c%c%p") at cmd_api.c:226 #27 0x00007fdf5efe5e89 in r_core_cmd_subst_i (core=0x560bf74d75a0 <r>, cmd=0x560bf7e87100 "V %c%c%c%p", colon=0x0) at cmd.c:2077 #28 0x00007fdf5efe34cd in r_core_cmd_subst (core=0x560bf74d75a0 <r>, cmd=0x560bf7e87100 "V %c%c%c%p") at cmd.c:1355 #29 0x00007fdf5efe35c7 in r_core_cmd_subst (core=0x560bf74d75a0 <r>, cmd=0x560bf7e870e0 "dbt") at cmd.c:1377 #30 0x00007fdf5efe35c7 in r_core_cmd_subst (core=0x560bf74d75a0 <r>, cmd=0x560bf7e63f10 "ds") at cmd.c:1377 #31 0x00007fdf5efe35c7 in r_core_cmd_subst (core=0x560bf74d75a0 <r>, cmd=0x560bf7e6daf0 "dc") at cmd.c:1377 #32 0x00007fdf5efe35c7 in r_core_cmd_subst (core=0x560bf74d75a0 <r>, cmd=0x560bf7dbb0a0 "db entry0") at cmd.c:1377 #33 0x00007fdf5efe35c7 in r_core_cmd_subst (core=0x560bf74d75a0 <r>, cmd=0x560bf7e1e5e0 "db -1") at cmd.c:1377 #34 0x00007fdf5efe35c7 in r_core_cmd_subst (core=0x560bf74d75a0 <r>, cmd=0x560bf7e885e0 "pd 10") at cmd.c:1377 #35 0x00007fdf5efe35c7 in r_core_cmd_subst (core=0x560bf74d75a0 <r>, cmd=0x560bf7e63e70 "aaaa") at cmd.c:1377 #36 0x00007fdf5efe7d42 in r_core_cmd (core=0x560bf74d75a0 <r>, cstr=0x7ffdae11cd56 "aaaa; pd 10; db -1; db entry0; dc; ds; dbt; V %c%c%c%p", log=0) at cmd.c:2633 #37 0x00007fdf5efe83ec in r_core_cmd0 (user=0x560bf74d75a0 <r>, cmd=0x7ffdae11cd56 "aaaa; pd 10; db -1; db entry0; dc; ds; dbt; V %c%c%c%p") at cmd.c:2779 #38 0x0000560bf72d1c83 in run_commands (cmds=0x560bf7dbb010, files=0x560bf7dbb070, quiet=false) at radare2.c:329 #39 0x0000560bf72d415d in main (argc=11, argv=0x7ffdae11c738, envp=0x7ffdae11c798) at radare2.c:1050 (gdb) l 827 } 828 // if resolution fails... just return as invalid address 829 if (offset == UT64_MAX || !io->desc) { 830 return UT64_MAX; 831 } 832 if (io->plugin && io->plugin->lseek) { 833 ret = io->plugin->lseek (io, io->desc, offset, whence); 834 } else { 835 ret = (ut64)lseek (io->desc->fd, offset, posix_whence); 836 } (gdb) i r rax 0x30 48 rbx 0x7fdf5ead6be0 140597342858208 rcx 0x195 405 rdx 0x0 0 rsi 0x195 405 rdi 0x560bf7e15370 94609403368304 rbp 0x7ffdae1183d0 0x7ffdae1183d0 rsp 0x7ffdae118390 0x7ffdae118390 r8 0x560bf7e869d0 94609403832784 r9 0x560bf7e869c0 94609403832768 r10 0x560bf7e869d0 94609403832784 r11 0x10 16 r12 0x560bf72d10e0 94609391554784 r13 0x7ffdae11c730 140727523854128 r14 0x0 0 r15 0x0 0 rip 0x7fdf5d136cb5 0x7fdf5d136cb5 <r_io_seek+303> eflags 0x10206 [ PF IF RF ] cs 0x33 51 ss 0x2b 43 ds 0x0 0 es 0x0 0 fs 0x0 0 gs 0x0 0 (gdb) x/40x $pc 0x7fdf5d136cb5 <r_io_seek+303>: 0x78808b48 0x48000004 0x2974c085 0xd8458b48 0x7fdf5d136cc5 <r_io_seek+319>: 0x78408b48 0x78808b48 0x48000004 0x48d8558b 0x7fdf5d136cd5 <r_io_seek+335>: 0x4d8b328b 0x558b48cc 0x7d8b48d0 0x48d0ffd8 0x7fdf5d136ce5 <r_io_seek+351>: 0xebf04589 0x4d8b481e 0x458b48d0 0x008b48d8 0x7fdf5d136cf5 <r_io_seek+367>: 0x558b008b 0xce8948ec 0xbce8c789 0x48fffec7 0x7fdf5d136d05 <r_io_seek+383>: 0x83f04589 0x7500cc7d 0x458b480c 0x558b48d8 0x7fdf5d136d15 <r_io_seek+399>: 0x508948d0 0x458b4820 0x55c3c9f0 0x48e58948 0x7fdf5d136d25 <r_io_fd_size+5>: 0x4820ec83 0x89e87d89 0x558be475 0x458b48e4 0x7fdf5d136d35 <r_io_fd_size+21>: 0x48d689e8 0xf0e8c789 0x48fffed6 0x48f84589 0x7fdf5d136d45 <r_io_fd_size+37>: 0x48f8558b 0x48e8458b 0x8948d689 0xd2d9e8c7 (gdb) x/40i $pc => 0x7fdf5d136cb5 <r_io_seek+303>: mov 0x478(%rax),%rax 0x7fdf5d136cbc <r_io_seek+310>: test %rax,%rax 0x7fdf5d136cbf <r_io_seek+313>: je 0x7fdf5d136cea <r_io_seek+356> 0x7fdf5d136cc1 <r_io_seek+315>: mov -0x28(%rbp),%rax 0x7fdf5d136cc5 <r_io_seek+319>: mov 0x78(%rax),%rax 0x7fdf5d136cc9 <r_io_seek+323>: mov 0x478(%rax),%rax 0x7fdf5d136cd0 <r_io_seek+330>: mov -0x28(%rbp),%rdx 0x7fdf5d136cd4 <r_io_seek+334>: mov (%rdx),%rsi 0x7fdf5d136cd7 <r_io_seek+337>: mov -0x34(%rbp),%ecx 0x7fdf5d136cda <r_io_seek+340>: mov -0x30(%rbp),%rdx 0x7fdf5d136cde <r_io_seek+344>: mov -0x28(%rbp),%rdi 0x7fdf5d136ce2 <r_io_seek+348>: callq *%rax 0x7fdf5d136ce4 <r_io_seek+350>: mov %rax,-0x10(%rbp) 0x7fdf5d136ce8 <r_io_seek+354>: jmp 0x7fdf5d136d08 <r_io_seek+386> 0x7fdf5d136cea <r_io_seek+356>: mov -0x30(%rbp),%rcx 0x7fdf5d136cee <r_io_seek+360>: mov -0x28(%rbp),%rax 0x7fdf5d136cf2 <r_io_seek+364>: mov (%rax),%rax 0x7fdf5d136cf5 <r_io_seek+367>: mov (%rax),%eax 0x7fdf5d136cf7 <r_io_seek+369>: mov -0x14(%rbp),%edx 0x7fdf5d136cfa <r_io_seek+372>: mov %rcx,%rsi 0x7fdf5d136cfd <r_io_seek+375>: mov %eax,%edi 0x7fdf5d136cff <r_io_seek+377>: callq 0x7fdf5d1234c0 ***@***.***> 0x7fdf5d136d04 <r_io_seek+382>: mov %rax,-0x10(%rbp) 0x7fdf5d136d08 <r_io_seek+386>: cmpl $0x0,-0x34(%rbp) 0x7fdf5d136d0c <r_io_seek+390>: jne 0x7fdf5d136d1a <r_io_seek+404> 0x7fdf5d136d0e <r_io_seek+392>: mov -0x28(%rbp),%rax 0x7fdf5d136d12 <r_io_seek+396>: mov -0x30(%rbp),%rdx 0x7fdf5d136d16 <r_io_seek+400>: mov %rdx,0x20(%rax) 0x7fdf5d136d1a <r_io_seek+404>: mov -0x10(%rbp),%rax 0x7fdf5d136d1e <r_io_seek+408>: leaveq 0x7fdf5d136d1f <r_io_seek+409>: retq 0x7fdf5d136d20 <r_io_fd_size>: push %rbp 0x7fdf5d136d21 <r_io_fd_size+1>: mov %rsp,%rbp 0x7fdf5d136d24 <r_io_fd_size+4>: sub $0x20,%rsp 0x7fdf5d136d28 <r_io_fd_size+8>: mov %rdi,-0x18(%rbp) 0x7fdf5d136d2c <r_io_fd_size+12>: mov %esi,-0x1c(%rbp) 0x7fdf5d136d2f <r_io_fd_size+15>: mov -0x1c(%rbp),%edx 0x7fdf5d136d32 <r_io_fd_size+18>: mov -0x18(%rbp),%rax 0x7fdf5d136d36 <r_io_fd_size+22>: mov %edx,%esi 0x7fdf5d136d38 <r_io_fd_size+24>: mov %rax,%rdi — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub <#6516>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AA3-lq9oF85I92TOD0iVrlnWjpLYi4DVks5rS05tgaJpZM4LkbeB>.

radare closed this as completed in b0fb7c9 Jan 16, 2017

radare mentioned this issue Jan 31, 2017

Update the siol-branch #6627

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

0x00007fdf5d136cb5 in r_io_seek #6516

0x00007fdf5d136cb5 in r_io_seek #6516

zonkzonk commented Jan 16, 2017

radare commented Jan 16, 2017 via email

0x00007fdf5d136cb5 in r_io_seek #6516

0x00007fdf5d136cb5 in r_io_seek #6516

Comments

zonkzonk commented Jan 16, 2017

radare commented Jan 16, 2017 via email