Menu

#2312 double-free

None
closed-fixed
nobody
None
2020-11-05
2020-09-09
lxumei
No
  1. install the latest gnuplot
  2. run the command gnuplot < poc7, where poc7 is the attached file
  3. stacktrace
    #0 0x4db590 in __interceptor_free.localalias.0 
    #1 0x7ffff68db36d in fclose /build/glibc-2ORdQG/glibc-2.27/libio/iofclose.c:77
    #2 0x4da02d in __interceptor_fclose 
    #3 0x5647a3 in print_set_output 
    #4 0x7954b4 in set_print 
    #5 0x76fede in set_command 
    #6 0x55bb97 in command 
    #7 0x55b4fa in do_line 
    #8 0x559d90 in com_line 
    #9 0x6e3a5c in main 
    #10 0x7ffff687eb96 in __libc_start_main /build/glibc-2ORdQG/glibc-2.27/csu/../csu/libc-start.c:310
    #11 0x41b8a9 in _start
1 Attachments
poc7

Discussion

  • lxumei

    lxumei - 2020-09-09
    • Description has changed:

    Diff:

    --- old
+++ new
@@ -2,17 +2,19 @@
 2. run the command `gnuplot &lt; poc7`, where poc7 is the attached file
 3. stacktrace
 ```
-    #0 0x4db590 in __interceptor_free.localalias.0 (/home/lxumei/00fuzz/crashes_gnuplot/gnuplot+0x4db590)
+    #0 0x4db590 in __interceptor_free.localalias.0 
     #1 0x7ffff68db36d in fclose /build/glibc-2ORdQG/glibc-2.27/libio/iofclose.c:77
-    #2 0x4da02d in __interceptor_fclose (/home/lxumei/00fuzz/crashes_gnuplot/gnuplot+0x4da02d)
-    #3 0x5647a3 in print_set_output (/home/lxumei/00fuzz/crashes_gnuplot/gnuplot+0x5647a3)
-    #4 0x7954b4 in set_print (/home/lxumei/00fuzz/crashes_gnuplot/gnuplot+0x7954b4)
-    #5 0x76fede in set_command (/home/lxumei/00fuzz/crashes_gnuplot/gnuplot+0x76fede)
-    #6 0x55bb97 in command (/home/lxumei/00fuzz/crashes_gnuplot/gnuplot+0x55bb97)
-    #7 0x55b4fa in do_line (/home/lxumei/00fuzz/crashes_gnuplot/gnuplot+0x55b4fa)
-    #8 0x559d90 in com_line (/home/lxumei/00fuzz/crashes_gnuplot/gnuplot+0x559d90)
-    #9 0x6e3a5c in main (/home/lxumei/00fuzz/crashes_gnuplot/gnuplot+0x6e3a5c)
+    #2 0x4da02d in __interceptor_fclose 
+    #3 0x5647a3 in print_set_output 
+    #4 0x7954b4 in set_print 
+    #5 0x76fede in set_command 
+    #6 0x55bb97 in command 
+    #7 0x55b4fa in do_line 
+    #8 0x559d90 in com_line 
+    #9 0x6e3a5c in main 
     #10 0x7ffff687eb96 in __libc_start_main /build/glibc-2ORdQG/glibc-2.27/csu/../csu/libc-start.c:310
-    #11 0x41b8a9 in _start (/home/lxumei/00fuzz/crashes_gnuplot/gnuplot+0x41b8a9)
-    ```
+    #11 0x41b8a9 in _start 
+```

+ 
+
    • Group: -->
    • Priority: -->
     

  • Ethan Merritt

    Ethan Merritt - 2020-09-11
    • status: open --> closed-fixed
     

  • Ross Combs

    Ross Combs - 2020-11-05

    I realize this is already closed, but a much smaller and straightforward input that causes this is just a single line with a backtick followed by a newline.

     

Log in to post a comment.

Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.