UPDATE: please discard this report as it is a false positive which happened due to the docker as I was fuzzing GNU readline inside the docker.
verified the poc in the host env and observed no crashes, investigating again in-depth on the host machine, shall share the further updates if any issues. my apologies for the confusion. Thanks, On Mon, Apr 5, 2021 at 1:49 AM Neeraj Pal <[email protected]> wrote: > > Hi there, > > While fuzzing the GNU Readline with hongfuzz, I found a stack > exhaustion issue which seems to be happened due to deep recursion > > This bug report tested on following GNU Readline versions: > - GNU Readline git devel rev: 109eadf6fe5c6a7e95ef0298820897ce6ee9172e > - GNU Readline git master rev: cf3c762ecfff5b2f445647a0f1543693984a5540 > - GNU Readline 8.1-rc3 > - GNU Readline 8.1 > > Attaching a reproducer link where I have uploaded the test input, (my > apologies if not allowed to post links, please let me know if any > issues): > https://github.com/bsdb0y/investigations/raw/master/stack-exhaust-poc1 > > Issue can be reproduced by running: > cat stack-exhaust-poc1|./examples/rlbasic > > ================================================================= > ==1879148==ERROR: AddressSanitizer: stack-overflow on address > 0x7fffff7fed00 (pc 0x000000498ae6 bp 0x7fffff7ff540 sp 0x7fffff7fed00 > T0) > #0 0x498ae6 in realloc > (/src/readline-devel/readline/examples/rlbasic+0x498ae6) > #1 0x655002 in xrealloc /src/readline-devel/readline/xmalloc.c:70:20 > #2 0x4d167c in _rl_dispatch_subseq > /src/readline-devel/readline/readline.c:895:4 > #3 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9 > #4 0x4d16fa in _rl_dispatch_subseq > /src/readline-devel/readline/readline.c:901:8 > #5 0x4f8f62 in rl_domove_motion_callback > /src/readline-devel/readline/vi_mode.c:1184:3 > #6 0x4f8f62 in rl_vi_change_to > /src/readline-devel/readline/vi_mode.c:1500:11 > #7 0x4d16fa in _rl_dispatch_subseq > /src/readline-devel/readline/readline.c:901:8 > #8 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9 > #9 0x4d16fa in _rl_dispatch_subseq > /src/readline-devel/readline/readline.c:901:8 > #10 0x4f8f62 in rl_domove_motion_callback > /src/readline-devel/readline/vi_mode.c:1184:3 > #11 0x4f8f62 in rl_vi_change_to > /src/readline-devel/readline/vi_mode.c:1500:11 > #12 0x4d16fa in _rl_dispatch_subseq > /src/readline-devel/readline/readline.c:901:8 > #13 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9 > #14 0x4d16fa in _rl_dispatch_subseq > /src/readline-devel/readline/readline.c:901:8 > #15 0x4f8f62 in rl_domove_motion_callback > /src/readline-devel/readline/vi_mode.c:1184:3 > #16 0x4f8f62 in rl_vi_change_to > /src/readline-devel/readline/vi_mode.c:1500:11 > #17 0x4d16fa in _rl_dispatch_subseq > /src/readline-devel/readline/readline.c:901:8 > #18 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9 > #19 0x4d16fa in _rl_dispatch_subseq > /src/readline-devel/readline/readline.c:901:8 > #20 0x4f8f62 in rl_domove_motion_callback > /src/readline-devel/readline/vi_mode.c:1184:3 > #21 0x4f8f62 in rl_vi_change_to > /src/readline-devel/readline/vi_mode.c:1500:11 > #22 0x4d16fa in _rl_dispatch_subseq > /src/readline-devel/readline/readline.c:901:8 > #23 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9 > #24 0x4d16fa in _rl_dispatch_subseq > /src/readline-devel/readline/readline.c:901:8 > #25 0x4f8f62 in rl_domove_motion_callback > /src/readline-devel/readline/vi_mode.c:1184:3 > #26 0x4f8f62 in rl_vi_change_to > /src/readline-devel/readline/vi_mode.c:1500:11 > #27 0x4d16fa in _rl_dispatch_subseq > /src/readline-devel/readline/readline.c:901:8 > #28 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9 > #29 0x4d16fa in _rl_dispatch_subseq > /src/readline-devel/readline/readline.c:901:8 > #30 0x4f8f62 in rl_domove_motion_callback > /src/readline-devel/readline/vi_mode.c:1184:3 > #31 0x4f8f62 in rl_vi_change_to > /src/readline-devel/readline/vi_mode.c:1500:11 > #32 0x4d16fa in _rl_dispatch_subseq > /src/readline-devel/readline/readline.c:901:8 > #33 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9 > #34 0x4d16fa in _rl_dispatch_subseq > /src/readline-devel/readline/readline.c:901:8 > #35 0x4f8f62 in rl_domove_motion_callback > /src/readline-devel/readline/vi_mode.c:1184:3 > #36 0x4f8f62 in rl_vi_change_to > /src/readline-devel/readline/vi_mode.c:1500:11 > #37 0x4d16fa in _rl_dispatch_subseq > /src/readline-devel/readline/readline.c:901:8 > #38 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9 > #39 0x4d16fa in _rl_dispatch_subseq > /src/readline-devel/readline/readline.c:901:8 > #40 0x4f8f62 in rl_domove_motion_callback > /src/readline-devel/readline/vi_mode.c:1184:3 > #41 0x4f8f62 in rl_vi_change_to > /src/readline-devel/readline/vi_mode.c:1500:11 > #42 0x4d16fa in _rl_dispatch_subseq > /src/readline-devel/readline/readline.c:901:8 > #43 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9 > #44 0x4d16fa in _rl_dispatch_subseq > /src/readline-devel/readline/readline.c:901:8 > #45 0x4f8f62 in rl_domove_motion_callback > /src/readline-devel/readline/vi_mode.c:1184:3 > #46 0x4f8f62 in rl_vi_change_to > /src/readline-devel/readline/vi_mode.c:1500:11 > #47 0x4d16fa in _rl_dispatch_subseq > /src/readline-devel/readline/readline.c:901:8 > #48 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9 > #49 0x4d16fa in _rl_dispatch_subseq > /src/readline-devel/readline/readline.c:901:8 > #50 0x4f8f62 in rl_domove_motion_callback > /src/readline-devel/readline/vi_mode.c:1184:3 > #51 0x4f8f62 in rl_vi_change_to > /src/readline-devel/readline/vi_mode.c:1500:11 > #52 0x4d16fa in _rl_dispatch_subseq > /src/readline-devel/readline/readline.c:901:8 > #53 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9 > #54 0x4d16fa in _rl_dispatch_subseq > /src/readline-devel/readline/readline.c:901:8 > #55 0x4f8f62 in rl_domove_motion_callback > /src/readline-devel/readline/vi_mode.c:1184:3 > #56 0x4f8f62 in rl_vi_change_to > /src/readline-devel/readline/vi_mode.c:1500:11 > #57 0x4d16fa in _rl_dispatch_subseq > /src/readline-devel/readline/readline.c:901:8 > #58 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9 > #59 0x4d16fa in _rl_dispatch_subseq > /src/readline-devel/readline/readline.c:901:8 > #60 0x4f8f62 in rl_domove_motion_callback > /src/readline-devel/readline/vi_mode.c:1184:3 > #61 0x4f8f62 in rl_vi_change_to > /src/readline-devel/readline/vi_mode.c:1500:11 > #62 0x4d16fa in _rl_dispatch_subseq > /src/readline-devel/readline/readline.c:901:8 > #63 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9 > #64 0x4d16fa in _rl_dispatch_subseq > /src/readline-devel/readline/readline.c:901:8 > #65 0x4f8f62 in rl_domove_motion_callback > /src/readline-devel/readline/vi_mode.c:1184:3 > #66 0x4f8f62 in rl_vi_change_to > /src/readline-devel/readline/vi_mode.c:1500:11 > #67 0x4d16fa in _rl_dispatch_subseq > /src/readline-devel/readline/readline.c:901:8 > #68 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9 > #69 0x4d16fa in _rl_dispatch_subseq > /src/readline-devel/readline/readline.c:901:8 > #70 0x4f8f62 in rl_domove_motion_callback > /src/readline-devel/readline/vi_mode.c:1184:3 > #71 0x4f8f62 in rl_vi_change_to > /src/readline-devel/readline/vi_mode.c:1500:11 > #72 0x4d16fa in _rl_dispatch_subseq > /src/readline-devel/readline/readline.c:901:8 > #73 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9 > #74 0x4d16fa in _rl_dispatch_subseq > /src/readline-devel/readline/readline.c:901:8 > #75 0x4f8f62 in rl_domove_motion_callback > /src/readline-devel/readline/vi_mode.c:1184:3 > #76 0x4f8f62 in rl_vi_change_to > /src/readline-devel/readline/vi_mode.c:1500:11 > #77 0x4d16fa in _rl_dispatch_subseq > /src/readline-devel/readline/readline.c:901:8 > #78 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9 > #79 0x4d16fa in _rl_dispatch_subseq > /src/readline-devel/readline/readline.c:901:8 > #80 0x4f8f62 in rl_domove_motion_callback > /src/readline-devel/readline/vi_mode.c:1184:3 > #81 0x4f8f62 in rl_vi_change_to > /src/readline-devel/readline/vi_mode.c:1500:11 > #82 0x4d16fa in _rl_dispatch_subseq > /src/readline-devel/readline/readline.c:901:8 > #83 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9 > #84 0x4d16fa in _rl_dispatch_subseq > /src/readline-devel/readline/readline.c:901:8 > #85 0x4f8f62 in rl_domove_motion_callback > /src/readline-devel/readline/vi_mode.c:1184:3 > #86 0x4f8f62 in rl_vi_change_to > /src/readline-devel/readline/vi_mode.c:1500:11 > #87 0x4d16fa in _rl_dispatch_subseq > /src/readline-devel/readline/readline.c:901:8 > #88 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9 > #89 0x4d16fa in _rl_dispatch_subseq > /src/readline-devel/readline/readline.c:901:8 > #90 0x4f8f62 in rl_domove_motion_callback > /src/readline-devel/readline/vi_mode.c:1184:3 > #91 0x4f8f62 in rl_vi_change_to > /src/readline-devel/readline/vi_mode.c:1500:11 > #92 0x4d16fa in _rl_dispatch_subseq > /src/readline-devel/readline/readline.c:901:8 > #93 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9 > #94 0x4d16fa in _rl_dispatch_subseq > /src/readline-devel/readline/readline.c:901:8 > #95 0x4f8f62 in rl_domove_motion_callback > /src/readline-devel/readline/vi_mode.c:1184:3 > #96 0x4f8f62 in rl_vi_change_to > /src/readline-devel/readline/vi_mode.c:1500:11 > #97 0x4d16fa in _rl_dispatch_subseq > /src/readline-devel/readline/readline.c:901:8 > #98 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9 > #99 0x4d16fa in _rl_dispatch_subseq > /src/readline-devel/readline/readline.c:901:8 > #100 0x4f8f62 in rl_domove_motion_callback > /src/readline-devel/readline/vi_mode.c:1184:3 > #101 0x4f8f62 in rl_vi_change_to > /src/readline-devel/readline/vi_mode.c:1500:11 > #102 0x4d16fa in _rl_dispatch_subseq > /src/readline-devel/readline/readline.c:901:8 > #103 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9 > #104 0x4d16fa in _rl_dispatch_subseq > /src/readline-devel/readline/readline.c:901:8 > #105 0x4f8f62 in rl_domove_motion_callback > /src/readline-devel/readline/vi_mode.c:1184:3 > #106 0x4f8f62 in rl_vi_change_to > /src/readline-devel/readline/vi_mode.c:1500:11 > #107 0x4d16fa in _rl_dispatch_subseq > /src/readline-devel/readline/readline.c:901:8 > #108 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9 > #109 0x4d16fa in _rl_dispatch_subseq > /src/readline-devel/readline/readline.c:901:8 > #110 0x4f8f62 in rl_domove_motion_callback > /src/readline-devel/readline/vi_mode.c:1184:3 > #111 0x4f8f62 in rl_vi_change_to > /src/readline-devel/readline/vi_mode.c:1500:11 > #112 0x4d16fa in _rl_dispatch_subseq > /src/readline-devel/readline/readline.c:901:8 > #113 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9 > #114 0x4d16fa in _rl_dispatch_subseq > /src/readline-devel/readline/readline.c:901:8 > #115 0x4f8f62 in rl_domove_motion_callback > /src/readline-devel/readline/vi_mode.c:1184:3 > #116 0x4f8f62 in rl_vi_change_to > /src/readline-devel/readline/vi_mode.c:1500:11 > #117 0x4d16fa in _rl_dispatch_subseq > /src/readline-devel/readline/readline.c:901:8 > #118 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9 > #119 0x4d16fa in _rl_dispatch_subseq > /src/readline-devel/readline/readline.c:901:8 > #120 0x4f8f62 in rl_domove_motion_callback > /src/readline-devel/readline/vi_mode.c:1184:3 > #121 0x4f8f62 in rl_vi_change_to > /src/readline-devel/readline/vi_mode.c:1500:11 > #122 0x4d16fa in _rl_dispatch_subseq > /src/readline-devel/readline/readline.c:901:8 > #123 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9 > #124 0x4d16fa in _rl_dispatch_subseq > /src/readline-devel/readline/readline.c:901:8 > #125 0x4f8f62 in rl_domove_motion_callback > /src/readline-devel/readline/vi_mode.c:1184:3 > #126 0x4f8f62 in rl_vi_change_to > /src/readline-devel/readline/vi_mode.c:1500:11 > #127 0x4d16fa in _rl_dispatch_subseq > /src/readline-devel/readline/readline.c:901:8 > #128 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9 > #129 0x4d16fa in _rl_dispatch_subseq > /src/readline-devel/readline/readline.c:901:8 > #130 0x4f8f62 in rl_domove_motion_callback > /src/readline-devel/readline/vi_mode.c:1184:3 > #131 0x4f8f62 in rl_vi_change_to > /src/readline-devel/readline/vi_mode.c:1500:11 > #132 0x4d16fa in _rl_dispatch_subseq > /src/readline-devel/readline/readline.c:901:8 > #133 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9 > #134 0x4d16fa in _rl_dispatch_subseq > /src/readline-devel/readline/readline.c:901:8 > #135 0x4f8f62 in rl_domove_motion_callback > /src/readline-devel/readline/vi_mode.c:1184:3 > #136 0x4f8f62 in rl_vi_change_to > /src/readline-devel/readline/vi_mode.c:1500:11 > #137 0x4d16fa in _rl_dispatch_subseq > /src/readline-devel/readline/readline.c:901:8 > #138 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9 > #139 0x4d16fa in _rl_dispatch_subseq > /src/readline-devel/readline/readline.c:901:8 > #140 0x4f8f62 in rl_domove_motion_callback > /src/readline-devel/readline/vi_mode.c:1184:3 > #141 0x4f8f62 in rl_vi_change_to > /src/readline-devel/readline/vi_mode.c:1500:11 > #142 0x4d16fa in _rl_dispatch_subseq > /src/readline-devel/readline/readline.c:901:8 > #143 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9 > #144 0x4d16fa in _rl_dispatch_subseq > /src/readline-devel/readline/readline.c:901:8 > #145 0x4f8f62 in rl_domove_motion_callback > /src/readline-devel/readline/vi_mode.c:1184:3 > #146 0x4f8f62 in rl_vi_change_to > /src/readline-devel/readline/vi_mode.c:1500:11 > #147 0x4d16fa in _rl_dispatch_subseq > /src/readline-devel/readline/readline.c:901:8 > #148 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9 > #149 0x4d16fa in _rl_dispatch_subseq > /src/readline-devel/readline/readline.c:901:8 > #150 0x4f8f62 in rl_domove_motion_callback > /src/readline-devel/readline/vi_mode.c:1184:3 > #151 0x4f8f62 in rl_vi_change_to > /src/readline-devel/readline/vi_mode.c:1500:11 > #152 0x4d16fa in _rl_dispatch_subseq > /src/readline-devel/readline/readline.c:901:8 > #153 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9 > #154 0x4d16fa in _rl_dispatch_subseq > /src/readline-devel/readline/readline.c:901:8 > #155 0x4f8f62 in rl_domove_motion_callback > /src/readline-devel/readline/vi_mode.c:1184:3 > #156 0x4f8f62 in rl_vi_change_to > /src/readline-devel/readline/vi_mode.c:1500:11 > #157 0x4d16fa in _rl_dispatch_subseq > /src/readline-devel/readline/readline.c:901:8 > #158 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9 > #159 0x4d16fa in _rl_dispatch_subseq > /src/readline-devel/readline/readline.c:901:8 > #160 0x4f8f62 in rl_domove_motion_callback > /src/readline-devel/readline/vi_mode.c:1184:3 > #161 0x4f8f62 in rl_vi_change_to > /src/readline-devel/readline/vi_mode.c:1500:11 > #162 0x4d16fa in _rl_dispatch_subseq > /src/readline-devel/readline/readline.c:901:8 > #163 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9 > #164 0x4d16fa in _rl_dispatch_subseq > /src/readline-devel/readline/readline.c:901:8 > #165 0x4f8f62 in rl_domove_motion_callback > /src/readline-devel/readline/vi_mode.c:1184:3 > #166 0x4f8f62 in rl_vi_change_to > /src/readline-devel/readline/vi_mode.c:1500:11 > #167 0x4d16fa in _rl_dispatch_subseq > /src/readline-devel/readline/readline.c:901:8 > #168 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9 > #169 0x4d16fa in _rl_dispatch_subseq > /src/readline-devel/readline/readline.c:901:8 > #170 0x4f8f62 in rl_domove_motion_callback > /src/readline-devel/readline/vi_mode.c:1184:3 > #171 0x4f8f62 in rl_vi_change_to > /src/readline-devel/readline/vi_mode.c:1500:11 > #172 0x4d16fa in _rl_dispatch_subseq > /src/readline-devel/readline/readline.c:901:8 > #173 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9 > #174 0x4d16fa in _rl_dispatch_subseq > /src/readline-devel/readline/readline.c:901:8 > #175 0x4f8f62 in rl_domove_motion_callback > /src/readline-devel/readline/vi_mode.c:1184:3 > #176 0x4f8f62 in rl_vi_change_to > /src/readline-devel/readline/vi_mode.c:1500:11 > #177 0x4d16fa in _rl_dispatch_subseq > /src/readline-devel/readline/readline.c:901:8 > #178 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9 > #179 0x4d16fa in _rl_dispatch_subseq > /src/readline-devel/readline/readline.c:901:8 > #180 0x4f8f62 in rl_domove_motion_callback > /src/readline-devel/readline/vi_mode.c:1184:3 > #181 0x4f8f62 in rl_vi_change_to > /src/readline-devel/readline/vi_mode.c:1500:11 > #182 0x4d16fa in _rl_dispatch_subseq > /src/readline-devel/readline/readline.c:901:8 > #183 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9 > #184 0x4d16fa in _rl_dispatch_subseq > /src/readline-devel/readline/readline.c:901:8 > #185 0x4f8f62 in rl_domove_motion_callback > /src/readline-devel/readline/vi_mode.c:1184:3 > #186 0x4f8f62 in rl_vi_change_to > /src/readline-devel/readline/vi_mode.c:1500:11 > #187 0x4d16fa in _rl_dispatch_subseq > /src/readline-devel/readline/readline.c:901:8 > #188 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9 > #189 0x4d16fa in _rl_dispatch_subseq > /src/readline-devel/readline/readline.c:901:8 > #190 0x4f8f62 in rl_domove_motion_callback > /src/readline-devel/readline/vi_mode.c:1184:3 > #191 0x4f8f62 in rl_vi_change_to > /src/readline-devel/readline/vi_mode.c:1500:11 > #192 0x4d16fa in _rl_dispatch_subseq > /src/readline-devel/readline/readline.c:901:8 > #193 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9 > #194 0x4d16fa in _rl_dispatch_subseq > /src/readline-devel/readline/readline.c:901:8 > #195 0x4f8f62 in rl_domove_motion_callback > /src/readline-devel/readline/vi_mode.c:1184:3 > #196 0x4f8f62 in rl_vi_change_to > /src/readline-devel/readline/vi_mode.c:1500:11 > #197 0x4d16fa in _rl_dispatch_subseq > /src/readline-devel/readline/readline.c:901:8 > #198 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9 > #199 0x4d16fa in _rl_dispatch_subseq > /src/readline-devel/readline/readline.c:901:8 > #200 0x4f8f62 in rl_domove_motion_callback > /src/readline-devel/readline/vi_mode.c:1184:3 > #201 0x4f8f62 in rl_vi_change_to > /src/readline-devel/readline/vi_mode.c:1500:11 > #202 0x4d16fa in _rl_dispatch_subseq > /src/readline-devel/readline/readline.c:901:8 > #203 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9 > #204 0x4d16fa in _rl_dispatch_subseq > /src/readline-devel/readline/readline.c:901:8 > #205 0x4f8f62 in rl_domove_motion_callback > /src/readline-devel/readline/vi_mode.c:1184:3 > #206 0x4f8f62 in rl_vi_change_to > /src/readline-devel/readline/vi_mode.c:1500:11 > #207 0x4d16fa in _rl_dispatch_subseq > /src/readline-devel/readline/readline.c:901:8 > #208 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9 > #209 0x4d16fa in _rl_dispatch_subseq > /src/readline-devel/readline/readline.c:901:8 > #210 0x4f8f62 in rl_domove_motion_callback > /src/readline-devel/readline/vi_mode.c:1184:3 > #211 0x4f8f62 in rl_vi_change_to > /src/readline-devel/readline/vi_mode.c:1500:11 > #212 0x4d16fa in _rl_dispatch_subseq > /src/readline-devel/readline/readline.c:901:8 > #213 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9 > #214 0x4d16fa in _rl_dispatch_subseq > /src/readline-devel/readline/readline.c:901:8 > #215 0x4f8f62 in rl_domove_motion_callback > /src/readline-devel/readline/vi_mode.c:1184:3 > #216 0x4f8f62 in rl_vi_change_to > /src/readline-devel/readline/vi_mode.c:1500:11 > #217 0x4d16fa in _rl_dispatch_subseq > /src/readline-devel/readline/readline.c:901:8 > #218 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9 > #219 0x4d16fa in _rl_dispatch_subseq > /src/readline-devel/readline/readline.c:901:8 > #220 0x4f8f62 in rl_domove_motion_callback > /src/readline-devel/readline/vi_mode.c:1184:3 > #221 0x4f8f62 in rl_vi_change_to > /src/readline-devel/readline/vi_mode.c:1500:11 > #222 0x4d16fa in _rl_dispatch_subseq > /src/readline-devel/readline/readline.c:901:8 > #223 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9 > #224 0x4d16fa in _rl_dispatch_subseq > /src/readline-devel/readline/readline.c:901:8 > #225 0x4f8f62 in rl_domove_motion_callback > /src/readline-devel/readline/vi_mode.c:1184:3 > #226 0x4f8f62 in rl_vi_change_to > /src/readline-devel/readline/vi_mode.c:1500:11 > #227 0x4d16fa in _rl_dispatch_subseq > /src/readline-devel/readline/readline.c:901:8 > #228 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9 > #229 0x4d16fa in _rl_dispatch_subseq > /src/readline-devel/readline/readline.c:901:8 > #230 0x4f8f62 in rl_domove_motion_callback > /src/readline-devel/readline/vi_mode.c:1184:3 > #231 0x4f8f62 in rl_vi_change_to > /src/readline-devel/readline/vi_mode.c:1500:11 > #232 0x4d16fa in _rl_dispatch_subseq > /src/readline-devel/readline/readline.c:901:8 > #233 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9 > #234 0x4d16fa in _rl_dispatch_subseq > /src/readline-devel/readline/readline.c:901:8 > #235 0x4f8f62 in rl_domove_motion_callback > /src/readline-devel/readline/vi_mode.c:1184:3 > #236 0x4f8f62 in rl_vi_change_to > /src/readline-devel/readline/vi_mode.c:1500:11 > #237 0x4d16fa in _rl_dispatch_subseq > /src/readline-devel/readline/readline.c:901:8 > #238 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9 > #239 0x4d16fa in _rl_dispatch_subseq > /src/readline-devel/readline/readline.c:901:8 > #240 0x4f8f62 in rl_domove_motion_callback > /src/readline-devel/readline/vi_mode.c:1184:3 > #241 0x4f8f62 in rl_vi_change_to > /src/readline-devel/readline/vi_mode.c:1500:11 > #242 0x4d16fa in _rl_dispatch_subseq > /src/readline-devel/readline/readline.c:901:8 > #243 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9 > #244 0x4d16fa in _rl_dispatch_subseq > /src/readline-devel/readline/readline.c:901:8 > #245 0x4f8f62 in rl_domove_motion_callback > /src/readline-devel/readline/vi_mode.c:1184:3 > #246 0x4f8f62 in rl_vi_change_to > /src/readline-devel/readline/vi_mode.c:1500:11 > #247 0x4d16fa in _rl_dispatch_subseq > /src/readline-devel/readline/readline.c:901:8 > #248 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9 > #249 0x4d16fa in _rl_dispatch_subseq > /src/readline-devel/readline/readline.c:901:8 > #250 0x4f8f62 in rl_domove_motion_callback > /src/readline-devel/readline/vi_mode.c:1184:3 > #251 0x4f8f62 in rl_vi_change_to > /src/readline-devel/readline/vi_mode.c:1500:11 > #252 0x4d16fa in _rl_dispatch_subseq > /src/readline-devel/readline/readline.c:901:8 > #253 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9 > #254 0x4d16fa in _rl_dispatch_subseq > /src/readline-devel/readline/readline.c:901:8 > #255 0x4f8f62 in rl_domove_motion_callback > /src/readline-devel/readline/vi_mode.c:1184:3 > #256 0x4f8f62 in rl_vi_change_to > /src/readline-devel/readline/vi_mode.c:1500:11 > #257 0x4d16fa in _rl_dispatch_subseq > /src/readline-devel/readline/readline.c:901:8 > #258 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9 > #259 0x4d16fa in _rl_dispatch_subseq > /src/readline-devel/readline/readline.c:901:8 > #260 0x4f8f62 in rl_domove_motion_callback > /src/readline-devel/readline/vi_mode.c:1184:3 > #261 0x4f8f62 in rl_vi_change_to > /src/readline-devel/readline/vi_mode.c:1500:11 > #262 0x4d16fa in _rl_dispatch_subseq > /src/readline-devel/readline/readline.c:901:8 > #263 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9 > #264 0x4d16fa in _rl_dispatch_subseq > /src/readline-devel/readline/readline.c:901:8 > #265 0x4f8f62 in rl_domove_motion_callback > /src/readline-devel/readline/vi_mode.c:1184:3 > #266 0x4f8f62 in rl_vi_change_to > /src/readline-devel/readline/vi_mode.c:1500:11 > #267 0x4d16fa in _rl_dispatch_subseq > /src/readline-devel/readline/readline.c:901:8 > #268 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9 > #269 0x4d16fa in _rl_dispatch_subseq > /src/readline-devel/readline/readline.c:901:8 > #270 0x4f8f62 in rl_domove_motion_callback > /src/readline-devel/readline/vi_mode.c:1184:3 > #271 0x4f8f62 in rl_vi_change_to > /src/readline-devel/readline/vi_mode.c:1500:11 > #272 0x4d16fa in _rl_dispatch_subseq > /src/readline-devel/readline/readline.c:901:8 > #273 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9 > #274 0x4d16fa in _rl_dispatch_subseq > /src/readline-devel/readline/readline.c:901:8 > #275 0x4f8f62 in rl_domove_motion_callback > /src/readline-devel/readline/vi_mode.c:1184:3 > #276 0x4f8f62 in rl_vi_change_to > /src/readline-devel/readline/vi_mode.c:1500:11 > #277 0x4d16fa in _rl_dispatch_subseq > /src/readline-devel/readline/readline.c:901:8 > #278 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9 > #279 0x4d16fa in _rl_dispatch_subseq > /src/readline-devel/readline/readline.c:901:8 > #280 0x4f8f62 in rl_domove_motion_callback > /src/readline-devel/readline/vi_mode.c:1184:3 > #281 0x4f8f62 in rl_vi_change_to > /src/readline-devel/readline/vi_mode.c:1500:11 > #282 0x4d16fa in _rl_dispatch_subseq > /src/readline-devel/readline/readline.c:901:8 > #283 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9 > #284 0x4d16fa in _rl_dispatch_subseq > /src/readline-devel/readline/readline.c:901:8 > #285 0x4f8f62 in rl_domove_motion_callback > /src/readline-devel/readline/vi_mode.c:1184:3 > #286 0x4f8f62 in rl_vi_change_to > /src/readline-devel/readline/vi_mode.c:1500:11 > #287 0x4d16fa in _rl_dispatch_subseq > /src/readline-devel/readline/readline.c:901:8 > #288 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9 > #289 0x4d16fa in _rl_dispatch_subseq > /src/readline-devel/readline/readline.c:901:8 > #290 0x4f8f62 in rl_domove_motion_callback > /src/readline-devel/readline/vi_mode.c:1184:3 > #291 0x4f8f62 in rl_vi_change_to > /src/readline-devel/readline/vi_mode.c:1500:11 > #292 0x4d16fa in _rl_dispatch_subseq > /src/readline-devel/readline/readline.c:901:8 > #293 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9 > #294 0x4d16fa in _rl_dispatch_subseq > /src/readline-devel/readline/readline.c:901:8 > #295 0x4f8f62 in rl_domove_motion_callback > /src/readline-devel/readline/vi_mode.c:1184:3 > #296 0x4f8f62 in rl_vi_change_to > /src/readline-devel/readline/vi_mode.c:1500:11 > #297 0x4d16fa in _rl_dispatch_subseq > /src/readline-devel/readline/readline.c:901:8 > #298 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9 > #299 0x4d16fa in _rl_dispatch_subseq > /src/readline-devel/readline/readline.c:901:8 > #300 0x4f8f62 in rl_domove_motion_callback > /src/readline-devel/readline/vi_mode.c:1184:3 > #301 0x4f8f62 in rl_vi_change_to > /src/readline-devel/readline/vi_mode.c:1500:11 > #302 0x4d16fa in _rl_dispatch_subseq > /src/readline-devel/readline/readline.c:901:8 > #303 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9 > #304 0x4d16fa in _rl_dispatch_subseq > /src/readline-devel/readline/readline.c:901:8 > #305 0x4f8f62 in rl_domove_motion_callback > /src/readline-devel/readline/vi_mode.c:1184:3 > #306 0x4f8f62 in rl_vi_change_to > /src/readline-devel/readline/vi_mode.c:1500:11 > #307 0x4d16fa in _rl_dispatch_subseq > /src/readline-devel/readline/readline.c:901:8 > #308 0x4d732c in rl_vi_redo /src/readline-devel/readline/vi_mode.c:307:9 > #309 0x4d16fa in _rl_dispatch_subseq > /src/readline-devel/readline/readline.c:901:8 > > SUMMARY: AddressSanitizer: stack-overflow > (/src/readline-devel/readline/examples/rlbasic+0x498ae6) in realloc > ==1879148==ABORTING > > Valgrind Log: > valgrind --tool=memcheck ./examples/rlbasic > /dev/null < stack-exhaust-poc1 > ==1881919== Memcheck, a memory error detector > ==1881919== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al. > ==1881919== Using Valgrind-3.15.0 and LibVEX; rerun with -h for copyright info > ==1881919== Command: ./rlbasic > ==1881919== > ==1881919== Stack overflow in thread #1: can't grow stack to 0x1ffe801000 > ==1881919== > ==1881919== Process terminating with default action of signal 11 > (SIGSEGV): dumping core > ==1881919== Access not within mapped region at address 0x1FFE801FF8 > ==1881919== Stack overflow in thread #1: can't grow stack to 0x1ffe801000 > ==1881919== at 0x13C4DD: xrealloc (xmalloc.c:70) > ==1881919== If you believe this happened as a result of a stack > ==1881919== overflow in your program's main thread (unlikely but > ==1881919== possible), you can try to increase the size of the > ==1881919== main thread stack using the --main-stacksize= flag. > ==1881919== The main thread stack size used in this run was 8388608. > ==1881919== Stack overflow in thread #1: can't grow stack to 0x1ffe801000 > ==1881919== > ==1881919== Process terminating with default action of signal 11 (SIGSEGV) > ==1881919== Access not within mapped region at address 0x1FFE801FF0 > ==1881919== Stack overflow in thread #1: can't grow stack to 0x1ffe801000 > ==1881919== at 0x4831134: _vgnU_freeres (in > /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_core-amd64-linux.so) > ==1881919== If you believe this happened as a result of a stack > ==1881919== overflow in your program's main thread (unlikely but > ==1881919== possible), you can try to increase the size of the > ==1881919== main thread stack using the --main-stacksize= flag. > ==1881919== The main thread stack size used in this run was 8388608. > ==1881919== > ==1881919== HEAP SUMMARY: > ==1881919== in use at exit: 328,096 bytes in 231 blocks > ==1881919== total heap usage: 5,620 allocs, 5,389 frees, 206,448,120 > bytes allocated > ==1881919== > ==1881919== LEAK SUMMARY: > ==1881919== definitely lost: 0 bytes in 0 blocks > ==1881919== indirectly lost: 0 bytes in 0 blocks > ==1881919== possibly lost: 0 bytes in 0 blocks > ==1881919== still reachable: 328,096 bytes in 231 blocks > ==1881919== suppressed: 0 bytes in 0 blocks > ==1881919== Rerun with --leak-check=full to see details of leaked memory > ==1881919== > ==1881919== For lists of detected and suppressed errors, rerun with: -s > ==1881919== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 0 from 0) > Segmentation fault > > - ulimit value is unlimited on the machine. > > > Extra crash logs: > > ---CRASH SUMMARY--- > Filename: ./stack-exhaust-poc1 > SHA1: 6fd48596f8a3b4feffbf7067b0907268498491bf > Classification: EXPLOITABLE > Hash: d9e1794af557ab233c5c737b811074fb.34edfa84bd548bbbe15ff87f814291b8 > Command: ./rlbasic > Faulting Frame: > _rl_dispatch_subseq @ 0x00000000004caaef: in > /src/readline-devel/readline/examples/rlbasic > Disassembly: > 0x00000000004caad1: mov QWORD PTR ds:0xe70a20,rax > 0x00000000004caad9: mov rax,QWORD PTR [rbp-0x30] > 0x00000000004caadd: mov edi,DWORD PTR ds:0x5b4f00 > 0x00000000004caae4: imul edi,DWORD PTR ds:0x5b4f40 > 0x00000000004caaec: mov esi,DWORD PTR [rbp-0x8] > => 0x00000000004caaef: call rax > 0x00000000004caaf1: mov DWORD PTR [rbp-0x18],eax > 0x00000000004caaf4: mov rax,QWORD PTR ds:0xe70a20 > 0x00000000004caafc: and rax,0xffffffffffffffdf > 0x00000000004cab00: mov QWORD PTR ds:0xe70a20,rax > Stack Head (1000 entries): > _rl_dispatch_subseq @ 0x00000000004caaef: in > /src/readline-devel/readline/examples/rlbasic > _rl_dispatch @ 0x00000000004c9ca9: in > /src/readline-devel/readline/examples/rlbasic > rl_domove_motion_callback @ 0x00000000004db810: in > /src/readline-devel/readline/examples/rlbasic > rl_vi_change_to @ 0x00000000004dbce6: in > /src/readline-devel/readline/examples/rlbasic > _rl_dispatch_subseq @ 0x00000000004caaf1: in > /src/readline-devel/readline/examples/rlbasic > _rl_dispatch @ 0x00000000004c9ca9: in > /src/readline-devel/readline/examples/rlbasic > rl_vi_redo @ 0x00000000004ce86d: in > /src/readline-devel/readline/examples/rlbasic > _rl_dispatch_subseq @ 0x00000000004caaf1: in > /src/readline-devel/readline/examples/rlbasic > _rl_dispatch @ 0x00000000004c9ca9: in > /src/readline-devel/readline/examples/rlbasic > rl_domove_motion_callback @ 0x00000000004db810: in > /src/readline-devel/readline/examples/rlbasic > rl_vi_change_to @ 0x00000000004dbce6: in > /src/readline-devel/readline/examples/rlbasic > _rl_dispatch_subseq @ 0x00000000004caaf1: in > /src/readline-devel/readline/examples/rlbasic > _rl_dispatch @ 0x00000000004c9ca9: in > /src/readline-devel/readline/examples/rlbasic > rl_vi_redo @ 0x00000000004ce86d: in > /src/readline-devel/readline/examples/rlbasic > _rl_dispatch_subseq @ 0x00000000004caaf1: in > /src/readline-devel/readline/examples/rlbasic > _rl_dispatch @ 0x00000000004c9ca9: in > /src/readline-devel/readline/examples/rlbasic > Registers: > rax=0x00000000004ce240 rbx=0x00007fffff7ff280 rcx=0x000000000000234c > rdx=0x000000000000234c > rsi=0x000000000000002e rdi=0x0000000000000001 rbp=0x00007fffff7ff1a0 > rsp=0x00007fffff7fef60 > r8=0x0000000000002340 r9=0x0000000000000000 r10=0x000000000000001e > r11=0x00006250000b8c30 > r12=0x000000000041c510 r13=0x00007fffffffe570 r14=0x0000000000000000 > r15=0x0000000000000000 > rip=0x00000000004caaef efl=0x0000000000010202 cs=0x0000000000000033 > ss=0x000000000000002b > ds=0x0000000000000000 es=0x0000000000000000 fs=0x0000000000000000 > gs=0x0000000000000000 > > Please let me know for any information or for any support. > > Thanks, > Kind regards, > Neeraj Pal
