Hi there, While fuzzing the GNU Readline with hongfuzz, I found a stack exhaustion issue which seems to be happened due to deep recursion
This bug report tested on following GNU Readline versions: - GNU Readline git devel rev: 109eadf6fe5c6a7e95ef0298820897ce6ee9172e - GNU Readline git master rev: cf3c762ecfff5b2f445647a0f1543693984a5540 - GNU Readline 8.1-rc3 - GNU Readline 8.1 Attaching a reproducer link where I have uploaded the test input, (my apologies if not allowed to post links, please let me know if any issues): https://github.com/bsdb0y/investigations/raw/master/stack-exhaust-poc1 Issue can be reproduced by running: cat stack-exhaust-poc1|./examples/rlbasic ================================================================= ==1879148==ERROR: AddressSanitizer: stack-overflow on address 0x7fffff7fed00 (pc 0x000000498ae6 bp 0x7fffff7ff540 sp 0x7fffff7fed00 T0) #0 0x498ae6 in realloc (/src/readline-devel/readline/examples/rlbasic+0x498ae6) #1 0x655002 in xrealloc /src/readline-devel/readline/xmalloc.c:70:20 #2 0x4d167c in _rl_dispatch_subseq /src/readline-devel/readline/readline.c:895:4 #3 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9 #4 0x4d16fa in _rl_dispatch_subseq /src/readline-devel/readline/readline.c:901:8 #5 0x4f8f62 in rl_domove_motion_callback /src/readline-devel/readline/vi_mode.c:1184:3 #6 0x4f8f62 in rl_vi_change_to /src/readline-devel/readline/vi_mode.c:1500:11 #7 0x4d16fa in _rl_dispatch_subseq /src/readline-devel/readline/readline.c:901:8 #8 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9 #9 0x4d16fa in _rl_dispatch_subseq /src/readline-devel/readline/readline.c:901:8 #10 0x4f8f62 in rl_domove_motion_callback /src/readline-devel/readline/vi_mode.c:1184:3 #11 0x4f8f62 in rl_vi_change_to /src/readline-devel/readline/vi_mode.c:1500:11 #12 0x4d16fa in _rl_dispatch_subseq /src/readline-devel/readline/readline.c:901:8 #13 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9 #14 0x4d16fa in _rl_dispatch_subseq /src/readline-devel/readline/readline.c:901:8 #15 0x4f8f62 in rl_domove_motion_callback /src/readline-devel/readline/vi_mode.c:1184:3 #16 0x4f8f62 in rl_vi_change_to /src/readline-devel/readline/vi_mode.c:1500:11 #17 0x4d16fa in _rl_dispatch_subseq /src/readline-devel/readline/readline.c:901:8 #18 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9 #19 0x4d16fa in _rl_dispatch_subseq /src/readline-devel/readline/readline.c:901:8 #20 0x4f8f62 in rl_domove_motion_callback /src/readline-devel/readline/vi_mode.c:1184:3 #21 0x4f8f62 in rl_vi_change_to /src/readline-devel/readline/vi_mode.c:1500:11 #22 0x4d16fa in _rl_dispatch_subseq /src/readline-devel/readline/readline.c:901:8 #23 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9 #24 0x4d16fa in _rl_dispatch_subseq /src/readline-devel/readline/readline.c:901:8 #25 0x4f8f62 in rl_domove_motion_callback /src/readline-devel/readline/vi_mode.c:1184:3 #26 0x4f8f62 in rl_vi_change_to /src/readline-devel/readline/vi_mode.c:1500:11 #27 0x4d16fa in _rl_dispatch_subseq /src/readline-devel/readline/readline.c:901:8 #28 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9 #29 0x4d16fa in _rl_dispatch_subseq /src/readline-devel/readline/readline.c:901:8 #30 0x4f8f62 in rl_domove_motion_callback /src/readline-devel/readline/vi_mode.c:1184:3 #31 0x4f8f62 in rl_vi_change_to /src/readline-devel/readline/vi_mode.c:1500:11 #32 0x4d16fa in _rl_dispatch_subseq /src/readline-devel/readline/readline.c:901:8 #33 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9 #34 0x4d16fa in _rl_dispatch_subseq /src/readline-devel/readline/readline.c:901:8 #35 0x4f8f62 in rl_domove_motion_callback /src/readline-devel/readline/vi_mode.c:1184:3 #36 0x4f8f62 in rl_vi_change_to /src/readline-devel/readline/vi_mode.c:1500:11 #37 0x4d16fa in _rl_dispatch_subseq /src/readline-devel/readline/readline.c:901:8 #38 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9 #39 0x4d16fa in _rl_dispatch_subseq /src/readline-devel/readline/readline.c:901:8 #40 0x4f8f62 in rl_domove_motion_callback /src/readline-devel/readline/vi_mode.c:1184:3 #41 0x4f8f62 in rl_vi_change_to /src/readline-devel/readline/vi_mode.c:1500:11 #42 0x4d16fa in _rl_dispatch_subseq /src/readline-devel/readline/readline.c:901:8 #43 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9 #44 0x4d16fa in _rl_dispatch_subseq /src/readline-devel/readline/readline.c:901:8 #45 0x4f8f62 in rl_domove_motion_callback /src/readline-devel/readline/vi_mode.c:1184:3 #46 0x4f8f62 in rl_vi_change_to /src/readline-devel/readline/vi_mode.c:1500:11 #47 0x4d16fa in _rl_dispatch_subseq /src/readline-devel/readline/readline.c:901:8 #48 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9 #49 0x4d16fa in _rl_dispatch_subseq /src/readline-devel/readline/readline.c:901:8 #50 0x4f8f62 in rl_domove_motion_callback /src/readline-devel/readline/vi_mode.c:1184:3 #51 0x4f8f62 in rl_vi_change_to /src/readline-devel/readline/vi_mode.c:1500:11 #52 0x4d16fa in _rl_dispatch_subseq /src/readline-devel/readline/readline.c:901:8 #53 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9 #54 0x4d16fa in _rl_dispatch_subseq /src/readline-devel/readline/readline.c:901:8 #55 0x4f8f62 in rl_domove_motion_callback /src/readline-devel/readline/vi_mode.c:1184:3 #56 0x4f8f62 in rl_vi_change_to /src/readline-devel/readline/vi_mode.c:1500:11 #57 0x4d16fa in _rl_dispatch_subseq /src/readline-devel/readline/readline.c:901:8 #58 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9 #59 0x4d16fa in _rl_dispatch_subseq /src/readline-devel/readline/readline.c:901:8 #60 0x4f8f62 in rl_domove_motion_callback /src/readline-devel/readline/vi_mode.c:1184:3 #61 0x4f8f62 in rl_vi_change_to /src/readline-devel/readline/vi_mode.c:1500:11 #62 0x4d16fa in _rl_dispatch_subseq /src/readline-devel/readline/readline.c:901:8 #63 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9 #64 0x4d16fa in _rl_dispatch_subseq /src/readline-devel/readline/readline.c:901:8 #65 0x4f8f62 in rl_domove_motion_callback /src/readline-devel/readline/vi_mode.c:1184:3 #66 0x4f8f62 in rl_vi_change_to /src/readline-devel/readline/vi_mode.c:1500:11 #67 0x4d16fa in _rl_dispatch_subseq /src/readline-devel/readline/readline.c:901:8 #68 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9 #69 0x4d16fa in _rl_dispatch_subseq /src/readline-devel/readline/readline.c:901:8 #70 0x4f8f62 in rl_domove_motion_callback /src/readline-devel/readline/vi_mode.c:1184:3 #71 0x4f8f62 in rl_vi_change_to /src/readline-devel/readline/vi_mode.c:1500:11 #72 0x4d16fa in _rl_dispatch_subseq /src/readline-devel/readline/readline.c:901:8 #73 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9 #74 0x4d16fa in _rl_dispatch_subseq /src/readline-devel/readline/readline.c:901:8 #75 0x4f8f62 in rl_domove_motion_callback /src/readline-devel/readline/vi_mode.c:1184:3 #76 0x4f8f62 in rl_vi_change_to /src/readline-devel/readline/vi_mode.c:1500:11 #77 0x4d16fa in _rl_dispatch_subseq /src/readline-devel/readline/readline.c:901:8 #78 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9 #79 0x4d16fa in _rl_dispatch_subseq /src/readline-devel/readline/readline.c:901:8 #80 0x4f8f62 in rl_domove_motion_callback /src/readline-devel/readline/vi_mode.c:1184:3 #81 0x4f8f62 in rl_vi_change_to /src/readline-devel/readline/vi_mode.c:1500:11 #82 0x4d16fa in _rl_dispatch_subseq /src/readline-devel/readline/readline.c:901:8 #83 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9 #84 0x4d16fa in _rl_dispatch_subseq /src/readline-devel/readline/readline.c:901:8 #85 0x4f8f62 in rl_domove_motion_callback /src/readline-devel/readline/vi_mode.c:1184:3 #86 0x4f8f62 in rl_vi_change_to /src/readline-devel/readline/vi_mode.c:1500:11 #87 0x4d16fa in _rl_dispatch_subseq /src/readline-devel/readline/readline.c:901:8 #88 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9 #89 0x4d16fa in _rl_dispatch_subseq /src/readline-devel/readline/readline.c:901:8 #90 0x4f8f62 in rl_domove_motion_callback /src/readline-devel/readline/vi_mode.c:1184:3 #91 0x4f8f62 in rl_vi_change_to /src/readline-devel/readline/vi_mode.c:1500:11 #92 0x4d16fa in _rl_dispatch_subseq /src/readline-devel/readline/readline.c:901:8 #93 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9 #94 0x4d16fa in _rl_dispatch_subseq /src/readline-devel/readline/readline.c:901:8 #95 0x4f8f62 in rl_domove_motion_callback /src/readline-devel/readline/vi_mode.c:1184:3 #96 0x4f8f62 in rl_vi_change_to /src/readline-devel/readline/vi_mode.c:1500:11 #97 0x4d16fa in _rl_dispatch_subseq /src/readline-devel/readline/readline.c:901:8 #98 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9 #99 0x4d16fa in _rl_dispatch_subseq /src/readline-devel/readline/readline.c:901:8 #100 0x4f8f62 in rl_domove_motion_callback /src/readline-devel/readline/vi_mode.c:1184:3 #101 0x4f8f62 in rl_vi_change_to /src/readline-devel/readline/vi_mode.c:1500:11 #102 0x4d16fa in _rl_dispatch_subseq /src/readline-devel/readline/readline.c:901:8 #103 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9 #104 0x4d16fa in _rl_dispatch_subseq /src/readline-devel/readline/readline.c:901:8 #105 0x4f8f62 in rl_domove_motion_callback /src/readline-devel/readline/vi_mode.c:1184:3 #106 0x4f8f62 in rl_vi_change_to /src/readline-devel/readline/vi_mode.c:1500:11 #107 0x4d16fa in _rl_dispatch_subseq /src/readline-devel/readline/readline.c:901:8 #108 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9 #109 0x4d16fa in _rl_dispatch_subseq /src/readline-devel/readline/readline.c:901:8 #110 0x4f8f62 in rl_domove_motion_callback /src/readline-devel/readline/vi_mode.c:1184:3 #111 0x4f8f62 in rl_vi_change_to /src/readline-devel/readline/vi_mode.c:1500:11 #112 0x4d16fa in _rl_dispatch_subseq /src/readline-devel/readline/readline.c:901:8 #113 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9 #114 0x4d16fa in _rl_dispatch_subseq /src/readline-devel/readline/readline.c:901:8 #115 0x4f8f62 in rl_domove_motion_callback /src/readline-devel/readline/vi_mode.c:1184:3 #116 0x4f8f62 in rl_vi_change_to /src/readline-devel/readline/vi_mode.c:1500:11 #117 0x4d16fa in _rl_dispatch_subseq /src/readline-devel/readline/readline.c:901:8 #118 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9 #119 0x4d16fa in _rl_dispatch_subseq /src/readline-devel/readline/readline.c:901:8 #120 0x4f8f62 in rl_domove_motion_callback /src/readline-devel/readline/vi_mode.c:1184:3 #121 0x4f8f62 in rl_vi_change_to /src/readline-devel/readline/vi_mode.c:1500:11 #122 0x4d16fa in _rl_dispatch_subseq /src/readline-devel/readline/readline.c:901:8 #123 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9 #124 0x4d16fa in _rl_dispatch_subseq /src/readline-devel/readline/readline.c:901:8 #125 0x4f8f62 in rl_domove_motion_callback /src/readline-devel/readline/vi_mode.c:1184:3 #126 0x4f8f62 in rl_vi_change_to /src/readline-devel/readline/vi_mode.c:1500:11 #127 0x4d16fa in _rl_dispatch_subseq /src/readline-devel/readline/readline.c:901:8 #128 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9 #129 0x4d16fa in _rl_dispatch_subseq /src/readline-devel/readline/readline.c:901:8 #130 0x4f8f62 in rl_domove_motion_callback /src/readline-devel/readline/vi_mode.c:1184:3 #131 0x4f8f62 in rl_vi_change_to /src/readline-devel/readline/vi_mode.c:1500:11 #132 0x4d16fa in _rl_dispatch_subseq /src/readline-devel/readline/readline.c:901:8 #133 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9 #134 0x4d16fa in _rl_dispatch_subseq /src/readline-devel/readline/readline.c:901:8 #135 0x4f8f62 in rl_domove_motion_callback /src/readline-devel/readline/vi_mode.c:1184:3 #136 0x4f8f62 in rl_vi_change_to /src/readline-devel/readline/vi_mode.c:1500:11 #137 0x4d16fa in _rl_dispatch_subseq /src/readline-devel/readline/readline.c:901:8 #138 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9 #139 0x4d16fa in _rl_dispatch_subseq /src/readline-devel/readline/readline.c:901:8 #140 0x4f8f62 in rl_domove_motion_callback /src/readline-devel/readline/vi_mode.c:1184:3 #141 0x4f8f62 in rl_vi_change_to /src/readline-devel/readline/vi_mode.c:1500:11 #142 0x4d16fa in _rl_dispatch_subseq /src/readline-devel/readline/readline.c:901:8 #143 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9 #144 0x4d16fa in _rl_dispatch_subseq /src/readline-devel/readline/readline.c:901:8 #145 0x4f8f62 in rl_domove_motion_callback /src/readline-devel/readline/vi_mode.c:1184:3 #146 0x4f8f62 in rl_vi_change_to /src/readline-devel/readline/vi_mode.c:1500:11 #147 0x4d16fa in _rl_dispatch_subseq /src/readline-devel/readline/readline.c:901:8 #148 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9 #149 0x4d16fa in _rl_dispatch_subseq /src/readline-devel/readline/readline.c:901:8 #150 0x4f8f62 in rl_domove_motion_callback /src/readline-devel/readline/vi_mode.c:1184:3 #151 0x4f8f62 in rl_vi_change_to /src/readline-devel/readline/vi_mode.c:1500:11 #152 0x4d16fa in _rl_dispatch_subseq /src/readline-devel/readline/readline.c:901:8 #153 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9 #154 0x4d16fa in _rl_dispatch_subseq /src/readline-devel/readline/readline.c:901:8 #155 0x4f8f62 in rl_domove_motion_callback /src/readline-devel/readline/vi_mode.c:1184:3 #156 0x4f8f62 in rl_vi_change_to /src/readline-devel/readline/vi_mode.c:1500:11 #157 0x4d16fa in _rl_dispatch_subseq /src/readline-devel/readline/readline.c:901:8 #158 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9 #159 0x4d16fa in _rl_dispatch_subseq /src/readline-devel/readline/readline.c:901:8 #160 0x4f8f62 in rl_domove_motion_callback /src/readline-devel/readline/vi_mode.c:1184:3 #161 0x4f8f62 in rl_vi_change_to /src/readline-devel/readline/vi_mode.c:1500:11 #162 0x4d16fa in _rl_dispatch_subseq /src/readline-devel/readline/readline.c:901:8 #163 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9 #164 0x4d16fa in _rl_dispatch_subseq /src/readline-devel/readline/readline.c:901:8 #165 0x4f8f62 in rl_domove_motion_callback /src/readline-devel/readline/vi_mode.c:1184:3 #166 0x4f8f62 in rl_vi_change_to /src/readline-devel/readline/vi_mode.c:1500:11 #167 0x4d16fa in _rl_dispatch_subseq /src/readline-devel/readline/readline.c:901:8 #168 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9 #169 0x4d16fa in _rl_dispatch_subseq /src/readline-devel/readline/readline.c:901:8 #170 0x4f8f62 in rl_domove_motion_callback /src/readline-devel/readline/vi_mode.c:1184:3 #171 0x4f8f62 in rl_vi_change_to /src/readline-devel/readline/vi_mode.c:1500:11 #172 0x4d16fa in _rl_dispatch_subseq /src/readline-devel/readline/readline.c:901:8 #173 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9 #174 0x4d16fa in _rl_dispatch_subseq /src/readline-devel/readline/readline.c:901:8 #175 0x4f8f62 in rl_domove_motion_callback /src/readline-devel/readline/vi_mode.c:1184:3 #176 0x4f8f62 in rl_vi_change_to /src/readline-devel/readline/vi_mode.c:1500:11 #177 0x4d16fa in _rl_dispatch_subseq /src/readline-devel/readline/readline.c:901:8 #178 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9 #179 0x4d16fa in _rl_dispatch_subseq /src/readline-devel/readline/readline.c:901:8 #180 0x4f8f62 in rl_domove_motion_callback /src/readline-devel/readline/vi_mode.c:1184:3 #181 0x4f8f62 in rl_vi_change_to /src/readline-devel/readline/vi_mode.c:1500:11 #182 0x4d16fa in _rl_dispatch_subseq /src/readline-devel/readline/readline.c:901:8 #183 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9 #184 0x4d16fa in _rl_dispatch_subseq /src/readline-devel/readline/readline.c:901:8 #185 0x4f8f62 in rl_domove_motion_callback /src/readline-devel/readline/vi_mode.c:1184:3 #186 0x4f8f62 in rl_vi_change_to /src/readline-devel/readline/vi_mode.c:1500:11 #187 0x4d16fa in _rl_dispatch_subseq /src/readline-devel/readline/readline.c:901:8 #188 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9 #189 0x4d16fa in _rl_dispatch_subseq /src/readline-devel/readline/readline.c:901:8 #190 0x4f8f62 in rl_domove_motion_callback /src/readline-devel/readline/vi_mode.c:1184:3 #191 0x4f8f62 in rl_vi_change_to /src/readline-devel/readline/vi_mode.c:1500:11 #192 0x4d16fa in _rl_dispatch_subseq /src/readline-devel/readline/readline.c:901:8 #193 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9 #194 0x4d16fa in _rl_dispatch_subseq /src/readline-devel/readline/readline.c:901:8 #195 0x4f8f62 in rl_domove_motion_callback /src/readline-devel/readline/vi_mode.c:1184:3 #196 0x4f8f62 in rl_vi_change_to /src/readline-devel/readline/vi_mode.c:1500:11 #197 0x4d16fa in _rl_dispatch_subseq /src/readline-devel/readline/readline.c:901:8 #198 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9 #199 0x4d16fa in _rl_dispatch_subseq /src/readline-devel/readline/readline.c:901:8 #200 0x4f8f62 in rl_domove_motion_callback /src/readline-devel/readline/vi_mode.c:1184:3 #201 0x4f8f62 in rl_vi_change_to /src/readline-devel/readline/vi_mode.c:1500:11 #202 0x4d16fa in _rl_dispatch_subseq /src/readline-devel/readline/readline.c:901:8 #203 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9 #204 0x4d16fa in _rl_dispatch_subseq /src/readline-devel/readline/readline.c:901:8 #205 0x4f8f62 in rl_domove_motion_callback /src/readline-devel/readline/vi_mode.c:1184:3 #206 0x4f8f62 in rl_vi_change_to /src/readline-devel/readline/vi_mode.c:1500:11 #207 0x4d16fa in _rl_dispatch_subseq /src/readline-devel/readline/readline.c:901:8 #208 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9 #209 0x4d16fa in _rl_dispatch_subseq /src/readline-devel/readline/readline.c:901:8 #210 0x4f8f62 in rl_domove_motion_callback /src/readline-devel/readline/vi_mode.c:1184:3 #211 0x4f8f62 in rl_vi_change_to /src/readline-devel/readline/vi_mode.c:1500:11 #212 0x4d16fa in _rl_dispatch_subseq /src/readline-devel/readline/readline.c:901:8 #213 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9 #214 0x4d16fa in _rl_dispatch_subseq /src/readline-devel/readline/readline.c:901:8 #215 0x4f8f62 in rl_domove_motion_callback /src/readline-devel/readline/vi_mode.c:1184:3 #216 0x4f8f62 in rl_vi_change_to /src/readline-devel/readline/vi_mode.c:1500:11 #217 0x4d16fa in _rl_dispatch_subseq /src/readline-devel/readline/readline.c:901:8 #218 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9 #219 0x4d16fa in _rl_dispatch_subseq /src/readline-devel/readline/readline.c:901:8 #220 0x4f8f62 in rl_domove_motion_callback /src/readline-devel/readline/vi_mode.c:1184:3 #221 0x4f8f62 in rl_vi_change_to /src/readline-devel/readline/vi_mode.c:1500:11 #222 0x4d16fa in _rl_dispatch_subseq /src/readline-devel/readline/readline.c:901:8 #223 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9 #224 0x4d16fa in _rl_dispatch_subseq /src/readline-devel/readline/readline.c:901:8 #225 0x4f8f62 in rl_domove_motion_callback /src/readline-devel/readline/vi_mode.c:1184:3 #226 0x4f8f62 in rl_vi_change_to /src/readline-devel/readline/vi_mode.c:1500:11 #227 0x4d16fa in _rl_dispatch_subseq /src/readline-devel/readline/readline.c:901:8 #228 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9 #229 0x4d16fa in _rl_dispatch_subseq /src/readline-devel/readline/readline.c:901:8 #230 0x4f8f62 in rl_domove_motion_callback /src/readline-devel/readline/vi_mode.c:1184:3 #231 0x4f8f62 in rl_vi_change_to /src/readline-devel/readline/vi_mode.c:1500:11 #232 0x4d16fa in _rl_dispatch_subseq /src/readline-devel/readline/readline.c:901:8 #233 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9 #234 0x4d16fa in _rl_dispatch_subseq /src/readline-devel/readline/readline.c:901:8 #235 0x4f8f62 in rl_domove_motion_callback /src/readline-devel/readline/vi_mode.c:1184:3 #236 0x4f8f62 in rl_vi_change_to /src/readline-devel/readline/vi_mode.c:1500:11 #237 0x4d16fa in _rl_dispatch_subseq /src/readline-devel/readline/readline.c:901:8 #238 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9 #239 0x4d16fa in _rl_dispatch_subseq /src/readline-devel/readline/readline.c:901:8 #240 0x4f8f62 in rl_domove_motion_callback /src/readline-devel/readline/vi_mode.c:1184:3 #241 0x4f8f62 in rl_vi_change_to /src/readline-devel/readline/vi_mode.c:1500:11 #242 0x4d16fa in _rl_dispatch_subseq /src/readline-devel/readline/readline.c:901:8 #243 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9 #244 0x4d16fa in _rl_dispatch_subseq /src/readline-devel/readline/readline.c:901:8 #245 0x4f8f62 in rl_domove_motion_callback /src/readline-devel/readline/vi_mode.c:1184:3 #246 0x4f8f62 in rl_vi_change_to /src/readline-devel/readline/vi_mode.c:1500:11 #247 0x4d16fa in _rl_dispatch_subseq /src/readline-devel/readline/readline.c:901:8 #248 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9 #249 0x4d16fa in _rl_dispatch_subseq /src/readline-devel/readline/readline.c:901:8 #250 0x4f8f62 in rl_domove_motion_callback /src/readline-devel/readline/vi_mode.c:1184:3 #251 0x4f8f62 in rl_vi_change_to /src/readline-devel/readline/vi_mode.c:1500:11 #252 0x4d16fa in _rl_dispatch_subseq /src/readline-devel/readline/readline.c:901:8 #253 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9 #254 0x4d16fa in _rl_dispatch_subseq /src/readline-devel/readline/readline.c:901:8 #255 0x4f8f62 in rl_domove_motion_callback /src/readline-devel/readline/vi_mode.c:1184:3 #256 0x4f8f62 in rl_vi_change_to /src/readline-devel/readline/vi_mode.c:1500:11 #257 0x4d16fa in _rl_dispatch_subseq /src/readline-devel/readline/readline.c:901:8 #258 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9 #259 0x4d16fa in _rl_dispatch_subseq /src/readline-devel/readline/readline.c:901:8 #260 0x4f8f62 in rl_domove_motion_callback /src/readline-devel/readline/vi_mode.c:1184:3 #261 0x4f8f62 in rl_vi_change_to /src/readline-devel/readline/vi_mode.c:1500:11 #262 0x4d16fa in _rl_dispatch_subseq /src/readline-devel/readline/readline.c:901:8 #263 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9 #264 0x4d16fa in _rl_dispatch_subseq /src/readline-devel/readline/readline.c:901:8 #265 0x4f8f62 in rl_domove_motion_callback /src/readline-devel/readline/vi_mode.c:1184:3 #266 0x4f8f62 in rl_vi_change_to /src/readline-devel/readline/vi_mode.c:1500:11 #267 0x4d16fa in _rl_dispatch_subseq /src/readline-devel/readline/readline.c:901:8 #268 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9 #269 0x4d16fa in _rl_dispatch_subseq /src/readline-devel/readline/readline.c:901:8 #270 0x4f8f62 in rl_domove_motion_callback /src/readline-devel/readline/vi_mode.c:1184:3 #271 0x4f8f62 in rl_vi_change_to /src/readline-devel/readline/vi_mode.c:1500:11 #272 0x4d16fa in _rl_dispatch_subseq /src/readline-devel/readline/readline.c:901:8 #273 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9 #274 0x4d16fa in _rl_dispatch_subseq /src/readline-devel/readline/readline.c:901:8 #275 0x4f8f62 in rl_domove_motion_callback /src/readline-devel/readline/vi_mode.c:1184:3 #276 0x4f8f62 in rl_vi_change_to /src/readline-devel/readline/vi_mode.c:1500:11 #277 0x4d16fa in _rl_dispatch_subseq /src/readline-devel/readline/readline.c:901:8 #278 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9 #279 0x4d16fa in _rl_dispatch_subseq /src/readline-devel/readline/readline.c:901:8 #280 0x4f8f62 in rl_domove_motion_callback /src/readline-devel/readline/vi_mode.c:1184:3 #281 0x4f8f62 in rl_vi_change_to /src/readline-devel/readline/vi_mode.c:1500:11 #282 0x4d16fa in _rl_dispatch_subseq /src/readline-devel/readline/readline.c:901:8 #283 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9 #284 0x4d16fa in _rl_dispatch_subseq /src/readline-devel/readline/readline.c:901:8 #285 0x4f8f62 in rl_domove_motion_callback /src/readline-devel/readline/vi_mode.c:1184:3 #286 0x4f8f62 in rl_vi_change_to /src/readline-devel/readline/vi_mode.c:1500:11 #287 0x4d16fa in _rl_dispatch_subseq /src/readline-devel/readline/readline.c:901:8 #288 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9 #289 0x4d16fa in _rl_dispatch_subseq /src/readline-devel/readline/readline.c:901:8 #290 0x4f8f62 in rl_domove_motion_callback /src/readline-devel/readline/vi_mode.c:1184:3 #291 0x4f8f62 in rl_vi_change_to /src/readline-devel/readline/vi_mode.c:1500:11 #292 0x4d16fa in _rl_dispatch_subseq /src/readline-devel/readline/readline.c:901:8 #293 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9 #294 0x4d16fa in _rl_dispatch_subseq /src/readline-devel/readline/readline.c:901:8 #295 0x4f8f62 in rl_domove_motion_callback /src/readline-devel/readline/vi_mode.c:1184:3 #296 0x4f8f62 in rl_vi_change_to /src/readline-devel/readline/vi_mode.c:1500:11 #297 0x4d16fa in _rl_dispatch_subseq /src/readline-devel/readline/readline.c:901:8 #298 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9 #299 0x4d16fa in _rl_dispatch_subseq /src/readline-devel/readline/readline.c:901:8 #300 0x4f8f62 in rl_domove_motion_callback /src/readline-devel/readline/vi_mode.c:1184:3 #301 0x4f8f62 in rl_vi_change_to /src/readline-devel/readline/vi_mode.c:1500:11 #302 0x4d16fa in _rl_dispatch_subseq /src/readline-devel/readline/readline.c:901:8 #303 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9 #304 0x4d16fa in _rl_dispatch_subseq /src/readline-devel/readline/readline.c:901:8 #305 0x4f8f62 in rl_domove_motion_callback /src/readline-devel/readline/vi_mode.c:1184:3 #306 0x4f8f62 in rl_vi_change_to /src/readline-devel/readline/vi_mode.c:1500:11 #307 0x4d16fa in _rl_dispatch_subseq /src/readline-devel/readline/readline.c:901:8 #308 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9 #309 0x4d16fa in _rl_dispatch_subseq /src/readline-devel/readline/readline.c:901:8 SUMMARY: AddressSanitizer: stack-overflow (/src/readline-devel/readline/examples/rlbasic+0x498ae6) in realloc ==1879148==ABORTING Valgrind Log: valgrind --tool=memcheck ./examples/rlbasic > /dev/null < stack-exhaust-poc1 ==1881919== Memcheck, a memory error detector ==1881919== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al. ==1881919== Using Valgrind-3.15.0 and LibVEX; rerun with -h for copyright info ==1881919== Command: ./rlbasic ==1881919== ==1881919== Stack overflow in thread #1: can't grow stack to 0x1ffe801000 ==1881919== ==1881919== Process terminating with default action of signal 11 (SIGSEGV): dumping core ==1881919== Access not within mapped region at address 0x1FFE801FF8 ==1881919== Stack overflow in thread #1: can't grow stack to 0x1ffe801000 ==1881919== at 0x13C4DD: xrealloc (xmalloc.c:70) ==1881919== If you believe this happened as a result of a stack ==1881919== overflow in your program's main thread (unlikely but ==1881919== possible), you can try to increase the size of the ==1881919== main thread stack using the --main-stacksize= flag. ==1881919== The main thread stack size used in this run was 8388608. ==1881919== Stack overflow in thread #1: can't grow stack to 0x1ffe801000 ==1881919== ==1881919== Process terminating with default action of signal 11 (SIGSEGV) ==1881919== Access not within mapped region at address 0x1FFE801FF0 ==1881919== Stack overflow in thread #1: can't grow stack to 0x1ffe801000 ==1881919== at 0x4831134: _vgnU_freeres (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_core-amd64-linux.so) ==1881919== If you believe this happened as a result of a stack ==1881919== overflow in your program's main thread (unlikely but ==1881919== possible), you can try to increase the size of the ==1881919== main thread stack using the --main-stacksize= flag. ==1881919== The main thread stack size used in this run was 8388608. ==1881919== ==1881919== HEAP SUMMARY: ==1881919== in use at exit: 328,096 bytes in 231 blocks ==1881919== total heap usage: 5,620 allocs, 5,389 frees, 206,448,120 bytes allocated ==1881919== ==1881919== LEAK SUMMARY: ==1881919== definitely lost: 0 bytes in 0 blocks ==1881919== indirectly lost: 0 bytes in 0 blocks ==1881919== possibly lost: 0 bytes in 0 blocks ==1881919== still reachable: 328,096 bytes in 231 blocks ==1881919== suppressed: 0 bytes in 0 blocks ==1881919== Rerun with --leak-check=full to see details of leaked memory ==1881919== ==1881919== For lists of detected and suppressed errors, rerun with: -s ==1881919== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 0 from 0) Segmentation fault - ulimit value is unlimited on the machine. Extra crash logs: ---CRASH SUMMARY--- Filename: ./stack-exhaust-poc1 SHA1: 6fd48596f8a3b4feffbf7067b0907268498491bf Classification: EXPLOITABLE Hash: d9e1794af557ab233c5c737b811074fb.34edfa84bd548bbbe15ff87f814291b8 Command: ./rlbasic Faulting Frame: _rl_dispatch_subseq @ 0x00000000004caaef: in /src/readline-devel/readline/examples/rlbasic Disassembly: 0x00000000004caad1: mov QWORD PTR ds:0xe70a20,rax 0x00000000004caad9: mov rax,QWORD PTR [rbp-0x30] 0x00000000004caadd: mov edi,DWORD PTR ds:0x5b4f00 0x00000000004caae4: imul edi,DWORD PTR ds:0x5b4f40 0x00000000004caaec: mov esi,DWORD PTR [rbp-0x8] => 0x00000000004caaef: call rax 0x00000000004caaf1: mov DWORD PTR [rbp-0x18],eax 0x00000000004caaf4: mov rax,QWORD PTR ds:0xe70a20 0x00000000004caafc: and rax,0xffffffffffffffdf 0x00000000004cab00: mov QWORD PTR ds:0xe70a20,rax Stack Head (1000 entries): _rl_dispatch_subseq @ 0x00000000004caaef: in /src/readline-devel/readline/examples/rlbasic _rl_dispatch @ 0x00000000004c9ca9: in /src/readline-devel/readline/examples/rlbasic rl_domove_motion_callback @ 0x00000000004db810: in /src/readline-devel/readline/examples/rlbasic rl_vi_change_to @ 0x00000000004dbce6: in /src/readline-devel/readline/examples/rlbasic _rl_dispatch_subseq @ 0x00000000004caaf1: in /src/readline-devel/readline/examples/rlbasic _rl_dispatch @ 0x00000000004c9ca9: in /src/readline-devel/readline/examples/rlbasic rl_vi_redo @ 0x00000000004ce86d: in /src/readline-devel/readline/examples/rlbasic _rl_dispatch_subseq @ 0x00000000004caaf1: in /src/readline-devel/readline/examples/rlbasic _rl_dispatch @ 0x00000000004c9ca9: in /src/readline-devel/readline/examples/rlbasic rl_domove_motion_callback @ 0x00000000004db810: in /src/readline-devel/readline/examples/rlbasic rl_vi_change_to @ 0x00000000004dbce6: in /src/readline-devel/readline/examples/rlbasic _rl_dispatch_subseq @ 0x00000000004caaf1: in /src/readline-devel/readline/examples/rlbasic _rl_dispatch @ 0x00000000004c9ca9: in /src/readline-devel/readline/examples/rlbasic rl_vi_redo @ 0x00000000004ce86d: in /src/readline-devel/readline/examples/rlbasic _rl_dispatch_subseq @ 0x00000000004caaf1: in /src/readline-devel/readline/examples/rlbasic _rl_dispatch @ 0x00000000004c9ca9: in /src/readline-devel/readline/examples/rlbasic Registers: rax=0x00000000004ce240 rbx=0x00007fffff7ff280 rcx=0x000000000000234c rdx=0x000000000000234c rsi=0x000000000000002e rdi=0x0000000000000001 rbp=0x00007fffff7ff1a0 rsp=0x00007fffff7fef60 r8=0x0000000000002340 r9=0x0000000000000000 r10=0x000000000000001e r11=0x00006250000b8c30 r12=0x000000000041c510 r13=0x00007fffffffe570 r14=0x0000000000000000 r15=0x0000000000000000 rip=0x00000000004caaef efl=0x0000000000010202 cs=0x0000000000000033 ss=0x000000000000002b ds=0x0000000000000000 es=0x0000000000000000 fs=0x0000000000000000 gs=0x0000000000000000 Please let me know for any information or for any support. Thanks, Kind regards, Neeraj Pal
