AddressSanitizer: heap-buffer-overflow lib/readline/bind.c:437 in rl_translate_keyseq

dualbus@debian:~/src/gnu/bash$ xxd inputrc : 225c 432d 2230 3030 200a "\C-"000 . # with ASAN dualbus@debian:~/src/gnu/bash$ ./bash --noprofile --norc -ic 'bind -f inputrc' = ==27315==ERROR: AddressSanitizer:

free(): invalid next size (fast): 0x00005555558cac00 ***

dualbus@debian:~/src/gnu/bash$ xxd bar : 3a22 3030 5c43 2d0a 3030 3030 3030 3030 :"00\C-. 0010: 3030 3030 3030 3030 3030 3030 3030 3030 # With system malloc (gdb) r --noprofile --norc -ic 'bind -f bar' Starting program: /home/dualbus/src/gnu/bash/bash

Memory leak in read_history_range when history file size is zero

dualbus@debian:~/src/gnu/bash$ ./bash --noprofile --norc -ic 'HISTFILE=/dev/null; history -r' = ==24289==ERROR: LeakSanitizer: detected memory leaks Direct leak of 10 byte(s) in 1 object(s) allocated from: #0 0x7efe83383d28 in

Re: free(): invalid next size (fast): 0x00005555558cac00 ***

On 4/27/17 8:13 AM, Eduardo Bustamante wrote: > dualbus@debian:~/src/gnu/bash$ xxd bar > : 3a22 3030 5c43 2d0a 3030 3030 3030 3030 :"00\C-. > 0010: 3030 3030 3030 3030 3030 3030 3030 3030 Thanks for the report. This should generate an invalid key binding

Core dump

Hi, array_to_key() { # Converts 1 2 3 -> 1,2,3, (comma at the end) printf '%d,' "$@" } multi_store() { local array_name="$1"; shift local value="$1"; shift if unset -v "$array_name"; then declare -A $array_name declare --

Re: Core dump

On 4/27/17 3:56 PM, Vladimir Marek wrote: > array_to_key() { ># Converts 1 2 3 -> 1,2,3, (comma at the end) >printf '%d,' "$@" > } > > multi_store() { >local array_name="$1"; shift >local value="$1"; shift >if unset -v "$array_name"; then >

Re: Core dump

> > array_to_key() { > ># Converts 1 2 3 -> 1,2,3, (comma at the end) > >printf '%d,' "$@" > > } > > > > multi_store() { > >local array_name="$1"; shift > >local value="$1"; shift > >if unset -v "$array_name"; then > > declare -A $array_name >

Re: AddressSanitizer: heap-buffer-overflow lib/readline/bind.c:437 in rl_translate_keyseq

On 4/27/17 8:02 AM, Eduardo Bustamante wrote: > dualbus@debian:~/src/gnu/bash$ xxd inputrc > : 225c 432d 2230 3030 200a "\C-"000 . Thanks for the report. This was an easy fix. You must be fuzzing readline's key sequence parser. -- ``The lyf so short, the craft so long

Re: AddressSanitizer: heap-buffer-overflow lib/readline/bind.c:437 in rl_translate_keyseq

On Thu, Apr 27, 2017 at 2:35 PM, Chet Ramey wrote: [...] > Thanks for the report. This was an easy fix. You must be fuzzing > readline's key sequence parser. Yes. I'm currently trying a few approaches. I got this crash from: afl-fuzz -i i1/ -o o1/ -- ./bash/bash

Re: Memory leak in read_history_range when history file size is zero

On 4/27/17 8:23 AM, Eduardo Bustamante wrote: > dualbus@debian:~/src/gnu/bash$ ./bash --noprofile --norc -ic > 'HISTFILE=/dev/null; history -r' Thanks for the report and fix. Chet -- ``The lyf so short, the craft so long to lerne.'' - Chaucer ``Ars longa, vita brevis'' -