We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Hi, I found a double free or corruption in the current master 6a5be8b, OS: ubuntu 18.04 kernel: 5.4.0-87-generic
POC: poc.zip
───────────────────────────────────────────────────────────────────────── Registers ────────────────────────────────────────────────────────────────────────── RAX: 0x0 RBX: 0x7ffff7c1ab80 (0x00007ffff7c1ab80) RCX: 0x7ffff7c6218b (<__GI_raise+203>: mov rax,QWORD PTR [rsp+0x108]) RDX: 0x0 RSI: 0x7fffffffd570 --> 0x0 RDI: 0x2 RBP: 0x7fffffffd8c0 --> 0x7ffff7e07b80 --> 0x0 RSP: 0x7fffffffd570 --> 0x0 RIP: 0x7ffff7c6218b (<__GI_raise+203>: mov rax,QWORD PTR [rsp+0x108]) R8 : 0x0 R9 : 0x7fffffffd570 --> 0x0 R10: 0x8 R11: 0x246 R12: 0x7fffffffd7e0 --> 0x0 R13: 0x10 R14: 0x7ffff7ffb000 --> 0x62756f6400001000 R15: 0x1 EFLAGS: 0x246 (carry PARITY adjust ZERO sign trap INTERRUPT direction overflow) ──────────────────────────────────────────────────────────────────────────── Code ──────────────────────────────────────────────────────────────────────────── 0x7ffff7c6217f <__GI_raise+191>: mov edi,0x2 0x7ffff7c62184 <__GI_raise+196>: mov eax,0xe 0x7ffff7c62189 <__GI_raise+201>: syscall => 0x7ffff7c6218b <__GI_raise+203>: mov rax,QWORD PTR [rsp+0x108] 0x7ffff7c62193 <__GI_raise+211>: xor rax,QWORD PTR fs:0x28 0x7ffff7c6219c <__GI_raise+220>: jne 0x7ffff7c621c4 <__GI_raise+260> 0x7ffff7c6219e <__GI_raise+222>: mov eax,r8d 0x7ffff7c621a1 <__GI_raise+225>: add rsp,0x118 [rsp+0x108] : 0x7fffffffd678 --> 0x56e8b0c29e2fc000 ─────────────────────────────────────────────────────────────────────────── Stack ──────────────────────────────────────────────────────────────────────────── 0000| 0x7fffffffd570 --> 0x0 0008| 0x7fffffffd578 --> 0xffffff01 0016| 0x7fffffffd580 --> 0x2 0024| 0x7fffffffd588 --> 0x48b8e0 --> 0x48b860 --> 0x0 0032| 0x7fffffffd590 --> 0x48b8e4 --> 0x48301000000000 0040| 0x7fffffffd598 --> 0x1 0048| 0x7fffffffd5a0 --> 0x100000002 0056| 0x7fffffffd5a8 --> 0x48b930 --> 0x0 ────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────── Legend: code, data, rodata, heap, value Stopped reason: SIGABRT __GI_raise (sig=sig@entry=0x6) at ../sysdeps/unix/sysv/linux/raise.c:50 50 ../sysdeps/unix/sysv/linux/raise.c: No such file or directory. gdb-peda$ bt #0 __GI_raise (sig=sig@entry=0x6) at ../sysdeps/unix/sysv/linux/raise.c:50 #1 0x00007ffff7c41859 in __GI_abort () at abort.c:79 #2 0x00007ffff7cac3ee in __libc_message (action=action@entry=do_abort, fmt=fmt@entry=0x7ffff7dd6285 "%s\n") at ../sysdeps/posix/libc_fatal.c:155 #3 0x00007ffff7cb447c in malloc_printerr (str=str@entry=0x7ffff7dd8670 "double free or corruption (out)") at malloc.c:5347 #4 0x00007ffff7cb6120 in _int_free (av=0x7ffff7e07b80 <main_arena>, p=0x4b3a70, have_lock=<optimized out>) at malloc.c:4314 #5 0x0000000000407f8a in sixel_encoder_output_without_macro (frame=<optimized out>, dither=0x48b600, output=<optimized out>, encoder=0x4832d0) at encoder.c:831 #6 sixel_encoder_encode_frame (encoder=0x4832d0, frame=<optimized out>, output=<optimized out>) at encoder.c:1056 #7 0x000000000041c22b in load_with_builtin (pchunk=<optimized out>, fstatic=<optimized out>, fuse_palette=0x1, reqcolors=<optimized out>, bgcolor=<optimized out>, loop_control=<optimized out>, fn_load=<optimized out>, context=<optimized out>) at loader.c:963 #8 sixel_helper_load_image_file (filename=<optimized out>, fstatic=<optimized out>, fuse_palette=0x1, reqcolors=<optimized out>, bgcolor=<optimized out>, loop_control=<optimized out>, fn_load=<optimized out>, finsecure=<optimized out>, cancel_flag=<optimized out>, context=<optimized out>, allocator=<optimized out>) at loader.c:1418 #9 0x00000000004066e5 in sixel_encoder_encode (encoder=0x4832d0, filename=0x7fffffffe662 "./out/crashes/id:000003,sig:06,src:001126,op:arg1,rep:2") at encoder.c:1743 #10 0x0000000000402f73 in main (argc=<optimized out>, argv=<optimized out>, argv@entry=0x7fffffffe318) at img2sixel.c:457 #11 0x00007ffff7c430b3 in __libc_start_main (main=0x4026a0 <main>, argc=0xb, argv=0x7fffffffe318, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fffffffe308) at ../csu/libc-start.c:308 #12 0x00000000004025de in _start () gdb-peda$
The text was updated successfully, but these errors were encountered:
CVE-2021-46700 appears to have been assigned to this issue.
Sorry, something went wrong.
No branches or pull requests
Hi, I found a double free or corruption in the current master 6a5be8b,
OS: ubuntu 18.04
kernel: 5.4.0-87-generic
POC: poc.zip
The text was updated successfully, but these errors were encountered: