Segfault in libcapstone.so.4 after renaming variable in visual mode #15691
Comments
|
radare2 2.4 is too old, update and try again please |
|
Same error in: Segfault while trying to change name of "dword [var_90h]" |
|
If u know where the bug is please report in a PR not as an issue
… On 20 Dec 2019, at 21:15, DoITCreative ***@***.***> wrote:
Work environment
Questions Answers
OS/arch/bits (mandatory) ArchLinux x86_64
File format of the file you reverse (mandatory) ELF
Architecture/bits of the file (mandatory) x86/32
r2 -v full output, not truncated (mandatory) radare2 2.4.0-git 17284 @ darwin-x86-64 git.2.2.0-476-gf8cf84e06 commit: f8cf84e build: 2018-02-17__11:08:27
Expected behavior
Variable should be renamed
Actual behavior
Segfault
Steps to reproduce
aaa
s <address>
V
<space>
dv <last hex digits of variable>
<enter>
Additional Logs
I've managed to trace the bug to the file:
./libr/core/vmenus.c:4060
Error happens in libcapstone.so.4 when trying to dereference pointer, that points to the variable try_off on line 4060 in ./libr/core/vmenus.c
Stacktrace
#0 0x00007f57405ededd in ?? () from /usr/lib/libcapstone.so.4
#1 0x00007f57405ec3da in ?? () from /usr/lib/libcapstone.so.4
#2 0x00007f57405ee109 in ?? () from /usr/lib/libcapstone.so.4
#3 0x00007f5740552a86 in cs_disasm () from /usr/lib/libcapstone.so.4
#4 0x00007f5740ba4eb7 in analop (a=0x55b4ca940930, op=0x7ffd83738690, addr=404799108,
buf=0x55b4e86abde0 <error: Cannot access memory at address 0x55b4e86abde0>, len=32,
mask=<optimized out>) at ../libr/anal/p/anal_x86_cs.c:3001
#5 0x00007f5740c60965 in r_anal_op (anal=0x55b4ca940930, ***@***.***=0x7ffd83738690,
***@***.***=404799108,
data=0x55b4e86abde0 <error: Cannot access memory at address 0x55b4e86abde0>,
***@***.***=32, ***@***.***=R_ANAL_OP_MASK_ALL) at ../libr/anal/op.c:154
#6 0x00007f5740f70ad1 in r_core_visual_define (core=<optimized out>, args=0x7f57410be12c "",
distance=0) at ../libr/core/vmenus.c:4060
#7 0x00007f5740f9e9b3 in r_core_visual_graph (core=0x7f5741746340 <r>, g=<optimized out>,
_fcn=<optimized out>, is_interactive=<optimized out>) at ../libr/core/agraph.c:4545
#8 0x00007f5740f7986e in r_core_visual_cmd ***@***.***=0x7f5741746340 <r>,
***@***.***=0x7ffd83739c8e " ") at ../libr/core/visual.c:2894
#9 0x00007f5740f7a06f in r_core_visual (core=0x7f5741746340 <r>, input=<optimized out>)
at ../libr/core/visual.c:4325
#10 0x00007f5740fc7d1a in r_cmd_call (input=0x55b4cda27b50 "V", cmd=0x55b4ca98c120)
at ../libr/core/cmd_api.c:244
#11 r_cmd_call (cmd=0x55b4ca98c120, input=<optimized out>) at ../libr/core/cmd_api.c:209
#12 0x00007f5740fd3204 in r_core_cmd_subst_i ***@***.***=0x7f5741746340 <r>,
***@***.***=0x55b4cda27b50 "V", ***@***.***=0x0,
***@***.***=0x7ffd83739fd7) at ../libr/core/cmd.c:3148
#13 0x00007f5740fd4d4f in r_core_cmd_subst ***@***.***=0x7f5741746340 <r>,
cmd=<optimized out>, ***@***.***=0x55b4caa48570 "V") at ../libr/core/cmd.c:2467
#14 0x00007f5740fd5318 in r_core_cmd (core=0x7f5741746340 <r>, cstr=<optimized out>,
log=<optimized out>) at ../libr/core/cmd.c:4424
#15 0x00007f5740fbfb1c in r_core_prompt_exec ***@***.***=0x7f5741746340 <r>)
at ../libr/core/core.c:3102
#16 0x00007f5741735f4a in r_main_radare2 (argc=<optimized out>, argv=<optimized out>)
at ../libr/main/radare2.c:1463
#17 0x00007f57418b2153 in __libc_start_main () from /usr/lib/libc.so.6
#18 0x000055b4c9dc226e in _start ()
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or unsubscribe.
|
|
I do not know how to fix it, so I can't do PR for now. |
|
can you share the binary? |
|
also i have the feeling you are not buuilding r2 properly because it should use capstone from git, not the system one by default. and i cant reproduce or see the backtrace of your last build. can you build with asan using sys/asan.sh and paste the output? did you make purged to remove old system wide installations? |
|
There is no sys/asan.sh in the master branch |
|
I've build it with: ./configure |
|
try the following:
sudo make purge
git clean -xdf
sys/install.sh
… On 28 Dec 2019, at 19:07, DoITCreative ***@***.***> wrote:
I've build it with:
./configure
make
make install
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub <#15691?email_source=notifications&email_token=AAG75FTLCV37HKA6VBKGCC3Q26IU5A5CNFSM4J55F7P2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEHYPHQA#issuecomment-569439168>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAG75FWPXO5UM7U6HEG3WOTQ26IU5ANCNFSM4J55F7PQ>.
|
|
Same error. |
|
It uses capstone from git |
|
and the backtrace / crashlog from asan is? |
|
Build logs: There is no asan.sh file. |
|
I guess, that I've found where error is. Look at line 4064 at |
|
I've changed |
|
Also segfaults if incorrect address was set by user. Some checks should be implemented to catch such cases. |
|
New PR #15732 |
|
Yep, it does work, but please, do not forget about incorrect check inside "if" or we will have wrong address at try_off, it does not segfaults now, but variable to rename could not be found, because of incorrect address. |
Work environment
Expected behavior
Variable should be renamed
Actual behavior
Segfault
Steps to reproduce
Additional Logs
I've managed to trace the bug to the file:
Error happens in libcapstone.so.4 when trying to dereference pointer, that points to the address, that is stored in variable
try_offon line 4060 in./libr/core/vmenus.cStacktrace
The text was updated successfully, but these errors were encountered: