#2430 double-free on fputc
gnuplot 5.5 (last modified in 9.18) on centos linux 7.7.1908
==4824== ERROR: AddressSanitizer: attempting double-free on 0x60360000efc0:
#0 0x7f6cd0261dd9 (/usr/lib64/libasan.so.0.0.0+0x15dd9)
#1 0x7f6ccec1c1b6 (/usr/lib64/libc-2.17.so+0x6e1b6)
0x60360000efc0 is located 0 bytes inside of 568-byte region [0x60360000efc0,0x60360000f1f8)
freed by thread T0 here:
==4824== AddressSanitizer CHECK failed: ../../../../libsanitizer/sanitizer_common/sanitizer_stackdepot.cc:182 "((id & (1u << 31))) == ((0))" (0x80000000, 0x0)
#0 0x7f6cd025eb9a (/usr/lib64/libasan.so.0.0.0+0x12b9a)
#1 0x7f6cd0265e03 (/usr/lib64/libasan.so.0.0.0+0x19e03)
#2 0x7f6cd02694d8 (/usr/lib64/libasan.so.0.0.0+0x1d4d8)
#3 0x7f6cd02513cb (/usr/lib64/libasan.so.0.0.0+0x53cb)
#4 0x7f6cd0263ab3 (/usr/lib64/libasan.so.0.0.0+0x17ab3)
#5 0x7f6cd0264283 (/usr/lib64/libasan.so.0.0.0+0x18283)
#6 0x7f6cd0254887 (/usr/lib64/libasan.so.0.0.0+0x8887)
#7 0x7f6cd0261e06 (/usr/lib64/libasan.so.0.0.0+0x15e06)
#8 0x7f6ccec1c1b6 (/usr/lib64/libc-2.17.so+0x6e1b6)
#9 0x7ecd17 (/root/uniafl_evaluation/asan_program/gnuplot+0x7ecd17)
#10 0x7a8ba4 (/root/uniafl_evaluation/asan_program/gnuplot+0x7a8ba4)
#11 0x407458 (/root/uniafl_evaluation/asan_program/gnuplot+0x407458)
#12 0x7f6ccebd0554 (/usr/lib64/libc-2.17.so+0x22554)
#13 0x4084ec (/root/uniafl_evaluation/asan_program/gnuplot+0x4084ec)
information below from valgrind:
==2095== Invalid read of size 4
==2095== at 0x617E0D1: fputc (in /usr/lib64/libc-2.17.so)
==2095== by 0x7551DD: X11_send_endianess (x11.trm:2201)
==2095== by 0x7551DD: X11_init (x11.trm:1144)
==2095== by 0x7F88C9: term_initialise (term.c:485)
==2095== by 0x7F8E7C: term_start_plot (term.c:505)
==2095== by 0x508CCC: do_3dplot (graph3d.c:752)
==2095== by 0x651E70: eval_3dplots (plot3d.c:2872)
==2095== by 0x44E1C5: splot_command (command.c:2323)
==2095== by 0x4411AB: command (command.c:659)
==2095== by 0x4411AB: do_line (command.c:429)
==2095== by 0x5CD14B: load_file (misc.c:335)
==2095== by 0x406416: main (plot.c:636)
==2095== Address 0x650c8d0 is 0 bytes inside a block of size 568 free'd
==2095== at 0x4C2B06D: free (vg_replace_malloc.c:538)
==2095== by 0x61751B6: fclose@@GLIBC_2.2.5 (in /usr/lib64/libc-2.17.so)
==2095== by 0x7F85B3: term_close_output (term.c:319)
==2095== by 0x7F85B3: term_initialise (term.c:437)
==2095== by 0x7F8E7C: term_start_plot (term.c:505)
==2095== by 0x508CCC: do_3dplot (graph3d.c:752)
==2095== by 0x651E70: eval_3dplots (plot3d.c:2872)
==2095== by 0x44E1C5: splot_command (command.c:2323)
==2095== by 0x4411AB: command (command.c:659)
==2095== by 0x4411AB: do_line (command.c:429)
==2095== by 0x5CD14B: load_file (misc.c:335)
==2095== by 0x406416: main (plot.c:636)
==2095== Block was alloc'd at
==2095== at 0x4C29F73: malloc (vg_replace_malloc.c:307)
==2095== by 0x6175BBC: __fopen_internal (in /usr/lib64/libc-2.17.so)
==2095== by 0x7F4250: term_set_output (term.c:404)
==2095== by 0x6A9758: set_output (set.c:3232)
==2095== by 0x6CBFC0: set_command (set.c:411)
==2095== by 0x4411AB: command (command.c:659)
==2095== by 0x4411AB: do_line (command.c:429)
==2095== by 0x5CD14B: load_file (misc.c:335)
==2095== by 0x406416: main (plot.c:636)
==2095== Warning: invalid file descriptor -2 in syscall close()
==2095==
==2095== HEAP SUMMARY:
==2095== in use at exit: 44,343 bytes in 293 blocks
==2095== total heap usage: 489 allocs, 197 frees, 215,497 bytes allocated
==2095==
==2095== LEAK SUMMARY:
==2095== definitely lost: 0 bytes in 0 blocks
==2095== indirectly lost: 0 bytes in 0 blocks
==2095== possibly lost: 0 bytes in 0 blocks
==2095== still reachable: 44,343 bytes in 293 blocks
==2095== suppressed: 0 bytes in 0 blocks
==2095== Rerun with --leak-check=full to see details of leaked memory
==2095==
==2095== For lists of detected and suppressed errors, rerun with: -s
==2095== ERROR SUMMARY: 20075 errors from 358 contexts (suppressed: 0 from 0)
Cannot reproduce
Clean reproducer attached.
Fixed in 6.1