radare2 Mach-O 64-bit crash #12973
Comments
|
And the file to reproduce?
… On 2 Feb 2019, at 21:49, agarciagonzalez ***@***.***> wrote:
Work environment
Questions Answers
OS/arch/bits (mandatory) macOS Mojave 10.14.3
File format of the file you reverse (mandatory) Mach-O
Architecture/bits of the file (mandatory) 64-bit executable x86_64
r2 -v full output, not truncated (mandatory) radare2 3.3.0-git 20711 @ darwin-x86-64 git.3.2.1-218-g5d698c76a
commit: 5d698c7 build: 2019-02-02__21:22:41
Expected behavior
Not crash
Actual behavior
Crash with -A
Steps to reproduce the behavior
r2 -A kernel # Mach-O macOS default kernel
`==57122==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x619000143680 at pc 0x000109bd2baf bp 0x7ffee96f9d70 sp 0x7ffee96f9d68
READ of size 1 at 0x619000143680 thread T0
#0 0x109bd2bae in fcn_recurse fcn.c:1012
#1 0x109bcdcdb in r_anal_fcn fcn.c:1648
#2 0x106bf9730 in core_anal_fcn canal.c:710
#3 0x106bf7444 in r_core_anal_fcn canal.c:1656
#4 0x106c25e42 in r_core_anal_all canal.c:3565
#5 0x106852a49 in cmd_anal_all cmd_anal.c:7587
#6 0x1066ba237 in cmd_anal cmd_anal.c:8294
#7 0x106bd0ed1 in r_cmd_call cmd_api.c:235
#8 0x1067b2896 in r_core_cmd_subst_i cmd.c:3013
#9 0x10667f3b0 in r_core_cmd_subst cmd.c:2021
#10 0x106667699 in r_core_cmd cmd.c:3747
#11 0x10662817e in r_core_cmd0 cmd.c:3912
#12 0x106507f8e in main radare2.c:1381
#13 0x7fff5f63fed8 in start (libdyld.dylib:x86_64+0x16ed8)
0x619000143680 is located 0 bytes to the right of 1024-byte region [0x619000143280,0x619000143680)
allocated by thread T0 here:
#0 0x110c14a07 in wrap_calloc (libclang_rt.asan_osx_dynamic.dylib:x86_64h+0x57a07)
#1 0x106bf8e92 in core_anal_fcn canal.c:688
#2 0x106bf7444 in r_core_anal_fcn canal.c:1656
#3 0x106c25e42 in r_core_anal_all canal.c:3565
#4 0x106852a49 in cmd_anal_all cmd_anal.c:7587
#5 0x1066ba237 in cmd_anal cmd_anal.c:8294
#6 0x106bd0ed1 in r_cmd_call cmd_api.c:235
#7 0x1067b2896 in r_core_cmd_subst_i cmd.c:3013
#8 0x10667f3b0 in r_core_cmd_subst cmd.c:2021
#9 0x106667699 in r_core_cmd cmd.c:3747
#10 0x10662817e in r_core_cmd0 cmd.c:3912
#11 0x106507f8e in main radare2.c:1381
#12 0x7fff5f63fed8 in start (libdyld.dylib:x86_64+0x16ed8)
SUMMARY: AddressSanitizer: heap-buffer-overflow fcn.c:1012 in fcn_recurse
Shadow bytes around the buggy address:
0x1c3200028680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x1c3200028690: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x1c32000286a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x1c32000286b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x1c32000286c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x1c32000286d0:[fa]fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x1c32000286e0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x1c32000286f0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x1c3200028700: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x1c3200028710: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x1c3200028720: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==57122==ABORTING
`
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or mute the thread.
|
|
Would it be possible to fix this issue ASAP please? |
|
Yes. But i have problems in real life that are more important than your technical problems. You can use vim and lldb and fix the problem before me. I will hopefully have some time to reach my laptop later today.
… On 3 Feb 2019, at 12:56, agarciagonzalez ***@***.***> wrote:
Would it be possible to fix this issue ASAP please?
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub, or mute the thread.
|
|
I am very sorry for your problems in real life. I close this issue because I do not intend to use radare2 anymore and therefore you will have more time for your real life. |
ghost
closed this as 
|
Took me less than a minute to fix that stupid bug that only happens when running in ASAN. It's completely retarded to use r2 for real usecases built with ASAN because it NEVER frees memory and its more than 3 times slower than normal executions, even more when analyzing huge files like a kernel. The bug is just a 1 byte read outside a buffer that is hold in the stack, the address is completely valid and no single operating system will make this crash at all. Don't worry for my real life problems, those cant be fixed. |
|
I just use ASAN because it also crashed while executing an "axtj" and your community suggested to send the crash stacktrace under ASAN. You are a toxic person with that kind of attitude |
|
😘 |
|
and btw you didnt mentioned anything about axtj in the bug report |
|
I have fully analzyed this binary, and tried axj, pD, vbg, axtj, callgraph, and several other related commands without any issue at all. Stressing out the developers and give up on using an opensource tool to solve an issue that is unrelated to your problem because you don't report it properly or you dont even understand the crashlog or you dont know how to use a debugger is not the way to go in any place. Anyway, thanks for reporting, i have also fixed a couple of other inconsistencies I found in 5 minutes just when checking out this binary. |
|
With that toxic attitude, it's no doubt you have problems in real life. And no, it's not fixed with your commit, you do not even understand the problem. But I do not care either, I understand why people do not want to use radare2, and it's not because bugs, it's because of that lack of humility you have. |
|
cool fix bruh |
|
I still cant reproduce, and this exact line number has been also fixed, because it is a bug recently introduced by a newbye contributor, and the line you report in there doesnt matches the code in master, can you try doing git pull?. And about my real life problems I doubt a death of a beloved one is caused by my attitude in this PR, i'm keeping this PR open waiting for feedback. Thanks |
|
@agarciagonzalez excuse me, but i have to consider your definition "toxic" as highly questionable. If you think, replying to an issue with an explanation, why a person couldn't fix a bug immediately, is toxic, I suggest you to reconsider your own views and stay away from us, if you really think this was ok. |
|
timeout |
Work environment
Expected behavior
Not crash
Actual behavior
Crash with -A
Steps to reproduce the behavior
r2 -A kernel # Mach-O macOS default kernel
The text was updated successfully, but these errors were encountered: