radare2 leaks when using tabs in visual panels mode #16757
Comments
|
Can you paste the output of asan?
… On 3 May 2020, at 09:30, Paweł Łukasik ***@***.***> wrote:
Work environment
Questions Answers
OS/arch/bits (mandatory) Ubuntu 18.04 64bit (WSL)
File format of the file you reverse (mandatory) ELF
Architecture/bits of the file (mandatory) x86/64
r2 -v full output, not truncated (mandatory) radare2 4.0.0 24826 @ linux-x86-64 git.4.0.0 commit: e970472 build: 2020-05-03__08:32:53
Expected behavior
r2 exits V! mode without issue
Actual behavior
r2 crashes
Steps to reproduce the behavior
start radare2: r2 /bin/ls
go to Visual panels mode: V!
add new tab: t and then again t
quit visual panels mode: q
free(): invalid size
Aborted (core dumped)
Additional Logs, screenshots, source-code, configuration dump, ...
#0 __GI_raise ***@***.***=6) at ../sysdeps/unix/sysv/linux/raise.c:51
#1 0x00007f7bb866a801 in __GI_abort () at abort.c:79
#2 0x00007f7bb86b3897 in __libc_message ***@***.***=do_abort, ***@***.***=0x7f7bb87e0b9a "%s\n") at ../sysdeps/posix/libc_fatal.c:181
#3 0x00007f7bb86ba90a in malloc_printerr ***@***.***=0x7f7bb87deda0 "free(): invalid size") at malloc.c:5350
#4 0x00007f7bb86c1e2c in _int_free (have_lock=0, p=0x55972f02e090, av=0x7f7bb8a15c40 <main_arena>) at malloc.c:4161
#5 __GI___libc_free (mem=0x55972f02e0a0) at malloc.c:3124
#6 0x00007f7bb67711a0 in __free_menu_item (item=0x55972f02fe00) at panels.c:4973
#7 0x00007f7bb6772e4d in __mht_free_kv (kv=0x55972f030488) at panels.c:5409
#8 0x00007f7bb8d4e70b in ht_pp_free (ht=0x55972efafbb0) at ht_inc.c:140
#9 0x00007f7bb6774cb0 in __panels_free (panels_root=0x55972efae030, i=0, panels=0x55972efae350) at panels.c:5974
#10 0x00007f7bb67766ba in __del_panels (core=0x7f7bb8c470c0 <r>) at panels.c:6491
#11 0x00007f7bb67764d0 in r_core_visual_panels_root (core=0x7f7bb8c470c0 <r>, panels_root=0x55972efae030) at panels.c:6444
#12 0x00007f7bb66e44d5 in r_core_visual_cmd (core=0x7f7bb8c470c0 <r>, arg=0x55972efadfa1 "!") at visual.c:2569
#13 0x00007f7bb66ea2e7 in r_core_visual (core=0x7f7bb8c470c0 <r>, input=0x55972efadfa1 "!") at visual.c:4201
#14 0x00007f7bb66be459 in cmd_visual (data=0x7f7bb8c470c0 <r>, input=0x55972efadfa1 "!") at cmd.c:1747
#15 0x00007f7bb6719bc7 in r_cmd_call (cmd=0x55972ed646b0, input=0x55972efadfa0 "V!") at cmd_api.c:244
#16 0x00007f7bb66c3c58 in r_core_cmd_subst_i (core=0x7f7bb8c470c0 <r>, cmd=0x55972efadfa0 "V!", colon=0x0, tmpseek=0x7ffcfeae94fa) at cmd.c:3589
#17 0x00007f7bb66bffdc in r_core_cmd_subst (core=0x7f7bb8c470c0 <r>, cmd=0x55972efadfa0 "V!") at cmd.c:2467
#18 0x00007f7bb66c6a6b in r_core_cmd (core=0x7f7bb8c470c0 <r>, cstr=0x55972efadf60 "V!", log=1) at cmd.c:4424
#19 0x00007f7bb6611a38 in r_core_prompt_exec (r=0x7f7bb8c470c0 <r>) at core.c:3102
#20 0x00007f7bb8a39437 in r_main_radare2 (argc=2, argv=0x7ffcfeae99e8) at radare2.c:1463
#21 0x000055972d8d3c60 in main (argc=2, argv=0x7ffcfeae99e8) at radare2.c:95
#22 0x00007f7bb864bb97 in __libc_start_main (main=0x55972d8d3c0c <main>, argc=2, argv=0x7ffcfeae99e8, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7ffcfeae99d8) at ../csu/libc-start.c:310
#23 0x000055972d8d393a in _start ()
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or unsubscribe.
|
|
================================================================= 0x60400038e598 is located 8 bytes inside of 40-byte region [0x60400038e590,0x60400038e5b8) previously allocated by thread T0 here: SUMMARY: AddressSanitizer: heap-use-after-free /home/ubuntu/radare2/libr/core/panels.c:4972 in __free_menu_item |
|
uhm are you using r2 4.0? because the lines of the errors dont match what i have in master
… On 3 May 2020, at 09:45, Pancake Nopcode ***@***.***> wrote:
Can you paste the output of asan?
> On 3 May 2020, at 09:30, Paweł Łukasik ***@***.***> wrote:
>
>
>
> Work environment
>
> Questions Answers
> OS/arch/bits (mandatory) Ubuntu 18.04 64bit (WSL)
> File format of the file you reverse (mandatory) ELF
> Architecture/bits of the file (mandatory) x86/64
> r2 -v full output, not truncated (mandatory) radare2 4.0.0 24826 @ linux-x86-64 git.4.0.0 commit: e970472 <e970472> build: 2020-05-03__08:32:53
> Expected behavior
>
> r2 exits V! mode without issue
>
> Actual behavior
>
> r2 crashes
>
> Steps to reproduce the behavior
>
> start radare2: r2 /bin/ls
> go to Visual panels mode: V!
> add new tab: t and then again t
> quit visual panels mode: q
> free(): invalid size
> Aborted (core dumped)
>
> Additional Logs, screenshots, source-code, configuration dump, ...
>
> #0 __GI_raise ***@***.***=6) at ../sysdeps/unix/sysv/linux/raise.c:51
> #1 0x00007f7bb866a801 in __GI_abort () at abort.c:79
> #2 0x00007f7bb86b3897 in __libc_message ***@***.***=do_abort, ***@***.***=0x7f7bb87e0b9a "%s\n") at ../sysdeps/posix/libc_fatal.c:181
> #3 0x00007f7bb86ba90a in malloc_printerr ***@***.***=0x7f7bb87deda0 "free(): invalid size") at malloc.c:5350
> #4 0x00007f7bb86c1e2c in _int_free (have_lock=0, p=0x55972f02e090, av=0x7f7bb8a15c40 <main_arena>) at malloc.c:4161
> #5 __GI___libc_free (mem=0x55972f02e0a0) at malloc.c:3124
> #6 0x00007f7bb67711a0 in __free_menu_item (item=0x55972f02fe00) at panels.c:4973
> #7 0x00007f7bb6772e4d in __mht_free_kv (kv=0x55972f030488) at panels.c:5409
> #8 0x00007f7bb8d4e70b in ht_pp_free (ht=0x55972efafbb0) at ht_inc.c:140
> #9 0x00007f7bb6774cb0 in __panels_free (panels_root=0x55972efae030, i=0, panels=0x55972efae350) at panels.c:5974
> #10 0x00007f7bb67766ba in __del_panels (core=0x7f7bb8c470c0 <r>) at panels.c:6491
> #11 0x00007f7bb67764d0 in r_core_visual_panels_root (core=0x7f7bb8c470c0 <r>, panels_root=0x55972efae030) at panels.c:6444
> #12 0x00007f7bb66e44d5 in r_core_visual_cmd (core=0x7f7bb8c470c0 <r>, arg=0x55972efadfa1 "!") at visual.c:2569
> #13 0x00007f7bb66ea2e7 in r_core_visual (core=0x7f7bb8c470c0 <r>, input=0x55972efadfa1 "!") at visual.c:4201
> #14 0x00007f7bb66be459 in cmd_visual (data=0x7f7bb8c470c0 <r>, input=0x55972efadfa1 "!") at cmd.c:1747
> #15 0x00007f7bb6719bc7 in r_cmd_call (cmd=0x55972ed646b0, input=0x55972efadfa0 "V!") at cmd_api.c:244
> #16 0x00007f7bb66c3c58 in r_core_cmd_subst_i (core=0x7f7bb8c470c0 <r>, cmd=0x55972efadfa0 "V!", colon=0x0, tmpseek=0x7ffcfeae94fa) at cmd.c:3589
> #17 0x00007f7bb66bffdc in r_core_cmd_subst (core=0x7f7bb8c470c0 <r>, cmd=0x55972efadfa0 "V!") at cmd.c:2467
> #18 0x00007f7bb66c6a6b in r_core_cmd (core=0x7f7bb8c470c0 <r>, cstr=0x55972efadf60 "V!", log=1) at cmd.c:4424
> #19 0x00007f7bb6611a38 in r_core_prompt_exec (r=0x7f7bb8c470c0 <r>) at core.c:3102
> #20 0x00007f7bb8a39437 in r_main_radare2 (argc=2, argv=0x7ffcfeae99e8) at radare2.c:1463
> #21 0x000055972d8d3c60 in main (argc=2, argv=0x7ffcfeae99e8) at radare2.c:95
> #22 0x00007f7bb864bb97 in __libc_start_main (main=0x55972d8d3c0c <main>, argc=2, argv=0x7ffcfeae99e8, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7ffcfeae99d8) at ../csu/libc-start.c:310
> #23 0x000055972d8d393a in _start ()
> —
> You are receiving this because you are subscribed to this thread.
> Reply to this email directly, view it on GitHub <#16757>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAG75FXV6FBH5DHBRM25UETRPUMSVANCNFSM4MYAMBTQ>.
>
|
|
@radare yes, building with I've noticed that something is in fact not right. Rebuilding my setup and will post an update. |
|
@radare sorry, it was a mistake on my side not using the latests. The latest doesn't crash in that exact spot but building with the
Should I post that output instead? |
|
in line: i have this: your backtrace doesnt looks in sync with git, and i cant reproduce the crash you posted |
|
Can you update the issue title and description ? It’s a memleak instead of a crash, right? |
pawlos
changed the title
|
@radare updated |
Work environment
Expected behavior
r2 doesn't leak memory
Actual behavior
r2 leaks
Steps to reproduce the behavior
r2 /bin/lsV!tand then againtqx3,Additional Logs, screenshots, source-code, configuration dump, ...
The text was updated successfully, but these errors were encountered: