[Bug 8671] New: Segmentation fault - Invalid free trapcmd (fuzz)

bugzilla at busybox.net bugzilla at busybox.net
Tue Feb 9 19:23:27 UTC 2016


https://bugs.busybox.net/show_bug.cgi?id=8671

            Bug ID: 8671
           Summary: Segmentation fault - Invalid free trapcmd (fuzz)
           Product: Busybox
           Version: 1.24.x
          Hardware: All
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P5
         Component: Other
          Assignee: unassigned at busybox.net
          Reporter: fernando at null-life.com
                CC: busybox-cvs at busybox.net
  Target Milestone: ---

Created attachment 6311
  --> https://bugs.busybox.net/attachment.cgi?id=6311&action=edit
crash test

(gdb) run sh fuzzed.sh 
Starting program: /root/fuzzshell/busybox_unstripped sh fuzzed.sh
fuzzed.sh: trap: line 1: 4846957808957: invalid signal specification
*** Error in `/root/fuzzshell/busybox_unstripped': free(): invalid pointer:
0x08105364 ***

Program received signal SIGABRT, Aborted.
0xb7fdcc38 in __kernel_vsyscall ()
(gdb) bt
#0  0xb7fdcc38 in __kernel_vsyscall ()
#1  0xb7df0e17 in __GI_raise (sig=6) at ../sysdeps/unix/sysv/linux/raise.c:55
#2  0xb7df23e9 in __GI_abort () at abort.c:89
#3  0xb7e2e43e in __libc_message (do_abort=1, fmt=0xb7f262f8 "*** Error in
`%s': %s: 0x%s ***\n") at ../sysdeps/posix/libc_fatal.c:175
#4  0xb7e34007 in malloc_printerr (action=<optimized out>, str=0xb7f22490
"free(): invalid pointer", ptr=0x8105364) at malloc.c:4965
#5  0xb7e3475d in _int_free (av=0x696c2064, p=<optimized out>, have_lock=0) at
malloc.c:3834
#6  0x0808bad4 in trapcmd ()
#7  0x00000001 in ?? ()


Valgrind reports

==30861== Invalid free() / delete / delete[] / realloc()
==30861==    at 0x402C3B8: free (vg_replace_malloc.c:530)
==30861==    by 0x808BAD3: trapcmd (in /root/fuzzshell/busybox_unstripped)
==30861==  Address 0x333831 is not stack'd, malloc'd or (recently) free'd

I'm unable to minimize my test cases since I can't get ASAN working on my build
#8641

-- 
You are receiving this mail because:
You are on the CC list for the bug.


More information about the busybox-cvs mailing list