Found by fuzzing `read -e' with AFL. The stacktrace reported by Address Sanitizer is followed by the base64 encoded crashing input.
==11018==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60700000ccc0 at pc 0x559bb60f1be7 bp 0x7ffc36ec8710 sp 0x7ffc36ec8708 READ of size 8 at 0x60700000ccc0 thread T0 #0 0x559bb60f1be6 in _rl_copy_to_kill_ring (/home/dualbus/src/gnu/bash-build/bash+0x23cbe6) #1 0x559bb60f1f79 in rl_kill_text (/home/dualbus/src/gnu/bash-build/bash+0x23cf79) #2 0x559bb60f31f9 in rl_unix_line_discard (/home/dualbus/src/gnu/bash-build/bash+0x23e1f9) #3 0x559bb60b130d in _rl_dispatch_subseq (/home/dualbus/src/gnu/bash-build/bash+0x1fc30d) #4 0x559bb60b0ee8 in _rl_dispatch (/home/dualbus/src/gnu/bash-build/bash+0x1fbee8) #5 0x559bb60b0727 in readline_internal_char (/home/dualbus/src/gnu/bash-build/bash+0x1fb727) #6 0x559bb60b07b9 in readline_internal_charloop (/home/dualbus/src/gnu/bash-build/bash+0x1fb7b9) #7 0x559bb60b07dd in readline_internal (/home/dualbus/src/gnu/bash-build/bash+0x1fb7dd) #8 0x559bb60afe93 in readline (/home/dualbus/src/gnu/bash-build/bash+0x1fae93) #9 0x559bb606b136 in edit_line (/home/dualbus/src/gnu/bash-build/bash+0x1b6136) #10 0x559bb6068aa4 in read_builtin (/home/dualbus/src/gnu/bash-build/bash+0x1b3aa4) #11 0x559bb5f7ec89 in execute_builtin (/home/dualbus/src/gnu/bash-build/bash+0xc9c89) #12 0x559bb5f8089f in execute_builtin_or_function (/home/dualbus/src/gnu/bash-build/bash+0xcb89f) #13 0x559bb5f7e11f in execute_simple_command (/home/dualbus/src/gnu/bash-build/bash+0xc911f) #14 0x559bb5f6bf42 in execute_command_internal (/home/dualbus/src/gnu/bash-build/bash+0xb6f42) #15 0x559bb5f7482e in execute_connection (/home/dualbus/src/gnu/bash-build/bash+0xbf82e) #16 0x559bb5f6cd17 in execute_command_internal (/home/dualbus/src/gnu/bash-build/bash+0xb7d17) #17 0x559bb60560f4 in parse_and_execute (/home/dualbus/src/gnu/bash-build/bash+0x1a10f4) #18 0x559bb5f37401 in run_one_command (/home/dualbus/src/gnu/bash-build/bash+0x82401) #19 0x559bb5f358da in main (/home/dualbus/src/gnu/bash-build/bash+0x808da) #20 0x7f50ebc9d2b0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202b0) #21 0x559bb5f34749 in _start (/home/dualbus/src/gnu/bash-build/bash+0x7f749) 0x60700000ccc0 is located 0 bytes to the right of 80-byte region [0x60700000cc70,0x60700000ccc0) allocated by thread T0 here: #0 0x7f50ec50b090 in realloc (/usr/lib/x86_64-linux-gnu/libasan.so.3+0xc2090) #1 0x559bb6044e00 in xrealloc (/home/dualbus/src/gnu/bash-build/bash+0x18fe00) #2 0x559bb60f1c4e in _rl_copy_to_kill_ring (/home/dualbus/src/gnu/bash-build/bash+0x23cc4e) #3 0x559bb60f1f79 in rl_kill_text (/home/dualbus/src/gnu/bash-build/bash+0x23cf79) #4 0x559bb60f23eb in rl_kill_line (/home/dualbus/src/gnu/bash-build/bash+0x23d3eb) #5 0x559bb60b130d in _rl_dispatch_subseq (/home/dualbus/src/gnu/bash-build/bash+0x1fc30d) #6 0x559bb60b0ee8 in _rl_dispatch (/home/dualbus/src/gnu/bash-build/bash+0x1fbee8) #7 0x559bb60b0727 in readline_internal_char (/home/dualbus/src/gnu/bash-build/bash+0x1fb727) #8 0x559bb60b07b9 in readline_internal_charloop (/home/dualbus/src/gnu/bash-build/bash+0x1fb7b9) #9 0x559bb60b07dd in readline_internal (/home/dualbus/src/gnu/bash-build/bash+0x1fb7dd) #10 0x559bb60afe93 in readline (/home/dualbus/src/gnu/bash-build/bash+0x1fae93) #11 0x559bb606b136 in edit_line (/home/dualbus/src/gnu/bash-build/bash+0x1b6136) #12 0x559bb6068aa4 in read_builtin (/home/dualbus/src/gnu/bash-build/bash+0x1b3aa4) #13 0x559bb5f7ec89 in execute_builtin (/home/dualbus/src/gnu/bash-build/bash+0xc9c89) #14 0x559bb5f8089f in execute_builtin_or_function (/home/dualbus/src/gnu/bash-build/bash+0xcb89f) #15 0x559bb5f7e11f in execute_simple_command (/home/dualbus/src/gnu/bash-build/bash+0xc911f) #16 0x559bb5f6bf42 in execute_command_internal (/home/dualbus/src/gnu/bash-build/bash+0xb6f42) #17 0x559bb5f7482e in execute_connection (/home/dualbus/src/gnu/bash-build/bash+0xbf82e) #18 0x559bb5f6cd17 in execute_command_internal (/home/dualbus/src/gnu/bash-build/bash+0xb7d17) #19 0x559bb60560f4 in parse_and_execute (/home/dualbus/src/gnu/bash-build/bash+0x1a10f4) #20 0x559bb5f37401 in run_one_command (/home/dualbus/src/gnu/bash-build/bash+0x82401) #21 0x559bb5f358da in main (/home/dualbus/src/gnu/bash-build/bash+0x808da) #22 0x7f50ebc9d2b0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202b0) SUMMARY: AddressSanitizer: heap-buffer-overflow (/home/dualbus/src/gnu/bash-build/bash+0x23cbe6) in _rl_copy_to_kill_ring Shadow bytes around the buggy address: 0x0c0e7fff9940: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c0e7fff9950: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c0e7fff9960: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c0e7fff9970: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c0e7fff9980: fa fa fa fa fa fa fa fa fa fa fa fa fa fa 00 00 =>0x0c0e7fff9990: 00 00 00 00 00 00 00 00[fa]fa fa fa fd fd fd fd 0x0c0e7fff99a0: fd fd fd fd fd fa fa fa fa fa fd fd fd fd fd fd 0x0c0e7fff99b0: fd fd fd fd fa fa fa fa 00 00 00 00 00 00 00 00 0x0c0e7fff99c0: 02 fa fa fa fa fa 00 00 00 00 00 00 00 00 00 06 0x0c0e7fff99d0: fa fa fa fa fd fd fd fd fd fd fd fd fd fd fa fa 0x0c0e7fff99e0: fa fa 00 00 00 00 00 00 00 00 00 fa fa fa fa fa Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Heap right redzone: fb Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack partial redzone: f4 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb ==11018==ABORTING INPUT AAIbLbUAAlsQGDIYFRkYGBn//4DdHxgYGAAYGGQAAICAgICAgICAgICAgICAgICAgICAgICAgICA GBj6FxgZGBgjGAAYGGjw8PAgAAAA8Gjw8PDwjisrK448PDw9C0BdC0A+BP///38BARgoFRUVmBAQ EC8BEAsQEBUVFRUVFPQUGC8IEDgbOBMYKDiTkxAQFRUFFRUVFRUVFPQUGC8IEDgbOBMYKDgbOBMU RRgAAAYBJyJhHQIAGzgTGCh/GzgTGGUYAAAGGCf3AD8AGzgkGEX3ABAAAAAQGEUYZAAGABDbAIAA ABjEAj9ADjs= ==11019==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60700000ccc0 at pc 0x55d397c1bbe7 bp 0x7ffe1d93d800 sp 0x7ffe1d93d7f8 READ of size 8 at 0x60700000ccc0 thread T0 #0 0x55d397c1bbe6 in _rl_copy_to_kill_ring (/home/dualbus/src/gnu/bash-build/bash+0x23cbe6) #1 0x55d397c1bf79 in rl_kill_text (/home/dualbus/src/gnu/bash-build/bash+0x23cf79) #2 0x55d397c1c3eb in rl_kill_line (/home/dualbus/src/gnu/bash-build/bash+0x23d3eb) #3 0x55d397bdb30d in _rl_dispatch_subseq (/home/dualbus/src/gnu/bash-build/bash+0x1fc30d) #4 0x55d397bdaee8 in _rl_dispatch (/home/dualbus/src/gnu/bash-build/bash+0x1fbee8) #5 0x55d397bda727 in readline_internal_char (/home/dualbus/src/gnu/bash-build/bash+0x1fb727) #6 0x55d397bda7b9 in readline_internal_charloop (/home/dualbus/src/gnu/bash-build/bash+0x1fb7b9) #7 0x55d397bda7dd in readline_internal (/home/dualbus/src/gnu/bash-build/bash+0x1fb7dd) #8 0x55d397bd9e93 in readline (/home/dualbus/src/gnu/bash-build/bash+0x1fae93) #9 0x55d397b95136 in edit_line (/home/dualbus/src/gnu/bash-build/bash+0x1b6136) #10 0x55d397b92aa4 in read_builtin (/home/dualbus/src/gnu/bash-build/bash+0x1b3aa4) #11 0x55d397aa8c89 in execute_builtin (/home/dualbus/src/gnu/bash-build/bash+0xc9c89) #12 0x55d397aaa89f in execute_builtin_or_function (/home/dualbus/src/gnu/bash-build/bash+0xcb89f) #13 0x55d397aa811f in execute_simple_command (/home/dualbus/src/gnu/bash-build/bash+0xc911f) #14 0x55d397a95f42 in execute_command_internal (/home/dualbus/src/gnu/bash-build/bash+0xb6f42) #15 0x55d397a9e82e in execute_connection (/home/dualbus/src/gnu/bash-build/bash+0xbf82e) #16 0x55d397a96d17 in execute_command_internal (/home/dualbus/src/gnu/bash-build/bash+0xb7d17) #17 0x55d397b800f4 in parse_and_execute (/home/dualbus/src/gnu/bash-build/bash+0x1a10f4) #18 0x55d397a61401 in run_one_command (/home/dualbus/src/gnu/bash-build/bash+0x82401) #19 0x55d397a5f8da in main (/home/dualbus/src/gnu/bash-build/bash+0x808da) #20 0x7f27342a32b0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202b0) #21 0x55d397a5e749 in _start (/home/dualbus/src/gnu/bash-build/bash+0x7f749) 0x60700000ccc0 is located 0 bytes to the right of 80-byte region [0x60700000cc70,0x60700000ccc0) allocated by thread T0 here: #0 0x7f2734b11090 in realloc (/usr/lib/x86_64-linux-gnu/libasan.so.3+0xc2090) #1 0x55d397b6ee00 in xrealloc (/home/dualbus/src/gnu/bash-build/bash+0x18fe00) #2 0x55d397c1bc4e in _rl_copy_to_kill_ring (/home/dualbus/src/gnu/bash-build/bash+0x23cc4e) #3 0x55d397c1bf79 in rl_kill_text (/home/dualbus/src/gnu/bash-build/bash+0x23cf79) #4 0x55d397c1d1f9 in rl_unix_line_discard (/home/dualbus/src/gnu/bash-build/bash+0x23e1f9) #5 0x55d397bdb30d in _rl_dispatch_subseq (/home/dualbus/src/gnu/bash-build/bash+0x1fc30d) #6 0x55d397bdaee8 in _rl_dispatch (/home/dualbus/src/gnu/bash-build/bash+0x1fbee8) #7 0x55d397bda727 in readline_internal_char (/home/dualbus/src/gnu/bash-build/bash+0x1fb727) #8 0x55d397bda7b9 in readline_internal_charloop (/home/dualbus/src/gnu/bash-build/bash+0x1fb7b9) #9 0x55d397bda7dd in readline_internal (/home/dualbus/src/gnu/bash-build/bash+0x1fb7dd) #10 0x55d397bd9e93 in readline (/home/dualbus/src/gnu/bash-build/bash+0x1fae93) #11 0x55d397b95136 in edit_line (/home/dualbus/src/gnu/bash-build/bash+0x1b6136) #12 0x55d397b92aa4 in read_builtin (/home/dualbus/src/gnu/bash-build/bash+0x1b3aa4) #13 0x55d397aa8c89 in execute_builtin (/home/dualbus/src/gnu/bash-build/bash+0xc9c89) #14 0x55d397aaa89f in execute_builtin_or_function (/home/dualbus/src/gnu/bash-build/bash+0xcb89f) #15 0x55d397aa811f in execute_simple_command (/home/dualbus/src/gnu/bash-build/bash+0xc911f) #16 0x55d397a95f42 in execute_command_internal (/home/dualbus/src/gnu/bash-build/bash+0xb6f42) #17 0x55d397a9e82e in execute_connection (/home/dualbus/src/gnu/bash-build/bash+0xbf82e) #18 0x55d397a96d17 in execute_command_internal (/home/dualbus/src/gnu/bash-build/bash+0xb7d17) #19 0x55d397b800f4 in parse_and_execute (/home/dualbus/src/gnu/bash-build/bash+0x1a10f4) #20 0x55d397a61401 in run_one_command (/home/dualbus/src/gnu/bash-build/bash+0x82401) #21 0x55d397a5f8da in main (/home/dualbus/src/gnu/bash-build/bash+0x808da) #22 0x7f27342a32b0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202b0) SUMMARY: AddressSanitizer: heap-buffer-overflow (/home/dualbus/src/gnu/bash-build/bash+0x23cbe6) in _rl_copy_to_kill_ring Shadow bytes around the buggy address: 0x0c0e7fff9940: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c0e7fff9950: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c0e7fff9960: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c0e7fff9970: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c0e7fff9980: fa fa fa fa fa fa fa fa fa fa fa fa fa fa 00 00 =>0x0c0e7fff9990: 00 00 00 00 00 00 00 00[fa]fa fa fa fd fd fd fd 0x0c0e7fff99a0: fd fd fd fd fd fa fa fa fa fa fd fd fd fd fd fd 0x0c0e7fff99b0: fd fd fd fd fa fa fa fa 00 00 00 00 00 00 00 00 0x0c0e7fff99c0: 02 fa fa fa fa fa 00 00 00 00 00 00 00 00 00 06 0x0c0e7fff99d0: fa fa fa fa fd fd fd fd fd fd fd fd fd fd fa fa 0x0c0e7fff99e0: fa fa 00 00 00 00 00 00 00 00 00 fa fa fa fa fa Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Heap right redzone: fb Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack partial redzone: f4 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb ==11019==ABORTING INPUT AAIbLbUAAlsQGDIYFRkYGBn//4DdHxgYGAAYGGQAAICAgICAgICAgICAgICAgICAgICAgICAgICA GBj6FxgZGBgjGAAYGGjw8PDwjh4S8Gjw8PDwjisrK448PDw9C0BdC0A+BP///38BARgoFRUVmBAQ EC8BEAsQEBUVFRUVFPQUGC8IEDgbOBMYKDiTkxAQFRUFFRUVFRUVFPQUGC8IEDgbOBMYKDgfOBMU RRgAAAYBJyJhHQIAGzgTGCh/GzgTCmUYAAAGGCf3AD8AGzgTGEX3ABAAAAAQGEUYZAAGABDbAIAA ABjEAj9ADjs= ==11020==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60700000cc50 at pc 0x556a2aae1be7 bp 0x7ffc9f2602d0 sp 0x7ffc9f2602c8 READ of size 8 at 0x60700000cc50 thread T0 #0 0x556a2aae1be6 in _rl_copy_to_kill_ring (/home/dualbus/src/gnu/bash-build/bash+0x23cbe6) #1 0x556a2aae1f79 in rl_kill_text (/home/dualbus/src/gnu/bash-build/bash+0x23cf79) #2 0x556a2aae31f9 in rl_unix_line_discard (/home/dualbus/src/gnu/bash-build/bash+0x23e1f9) #3 0x556a2aaa130d in _rl_dispatch_subseq (/home/dualbus/src/gnu/bash-build/bash+0x1fc30d) #4 0x556a2aaa0ee8 in _rl_dispatch (/home/dualbus/src/gnu/bash-build/bash+0x1fbee8) #5 0x556a2aaa0727 in readline_internal_char (/home/dualbus/src/gnu/bash-build/bash+0x1fb727) #6 0x556a2aaa07b9 in readline_internal_charloop (/home/dualbus/src/gnu/bash-build/bash+0x1fb7b9) #7 0x556a2aaa07dd in readline_internal (/home/dualbus/src/gnu/bash-build/bash+0x1fb7dd) #8 0x556a2aa9fe93 in readline (/home/dualbus/src/gnu/bash-build/bash+0x1fae93) #9 0x556a2aa5b136 in edit_line (/home/dualbus/src/gnu/bash-build/bash+0x1b6136) #10 0x556a2aa58aa4 in read_builtin (/home/dualbus/src/gnu/bash-build/bash+0x1b3aa4) #11 0x556a2a96ec89 in execute_builtin (/home/dualbus/src/gnu/bash-build/bash+0xc9c89) #12 0x556a2a97089f in execute_builtin_or_function (/home/dualbus/src/gnu/bash-build/bash+0xcb89f) #13 0x556a2a96e11f in execute_simple_command (/home/dualbus/src/gnu/bash-build/bash+0xc911f) #14 0x556a2a95bf42 in execute_command_internal (/home/dualbus/src/gnu/bash-build/bash+0xb6f42) #15 0x556a2a96482e in execute_connection (/home/dualbus/src/gnu/bash-build/bash+0xbf82e) #16 0x556a2a95cd17 in execute_command_internal (/home/dualbus/src/gnu/bash-build/bash+0xb7d17) #17 0x556a2aa460f4 in parse_and_execute (/home/dualbus/src/gnu/bash-build/bash+0x1a10f4) #18 0x556a2a927401 in run_one_command (/home/dualbus/src/gnu/bash-build/bash+0x82401) #19 0x556a2a9258da in main (/home/dualbus/src/gnu/bash-build/bash+0x808da) #20 0x7f4fef4b92b0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202b0) #21 0x556a2a924749 in _start (/home/dualbus/src/gnu/bash-build/bash+0x7f749) 0x60700000cc50 is located 0 bytes to the right of 80-byte region [0x60700000cc00,0x60700000cc50) allocated by thread T0 here: #0 0x7f4fefd27090 in realloc (/usr/lib/x86_64-linux-gnu/libasan.so.3+0xc2090) #1 0x556a2aa34e00 in xrealloc (/home/dualbus/src/gnu/bash-build/bash+0x18fe00) #2 0x556a2aae1c4e in _rl_copy_to_kill_ring (/home/dualbus/src/gnu/bash-build/bash+0x23cc4e) #3 0x556a2aae1f79 in rl_kill_text (/home/dualbus/src/gnu/bash-build/bash+0x23cf79) #4 0x556a2aae31f9 in rl_unix_line_discard (/home/dualbus/src/gnu/bash-build/bash+0x23e1f9) #5 0x556a2aaa130d in _rl_dispatch_subseq (/home/dualbus/src/gnu/bash-build/bash+0x1fc30d) #6 0x556a2aaa0ee8 in _rl_dispatch (/home/dualbus/src/gnu/bash-build/bash+0x1fbee8) #7 0x556a2aaa0727 in readline_internal_char (/home/dualbus/src/gnu/bash-build/bash+0x1fb727) #8 0x556a2aaa07b9 in readline_internal_charloop (/home/dualbus/src/gnu/bash-build/bash+0x1fb7b9) #9 0x556a2aaa07dd in readline_internal (/home/dualbus/src/gnu/bash-build/bash+0x1fb7dd) #10 0x556a2aa9fe93 in readline (/home/dualbus/src/gnu/bash-build/bash+0x1fae93) #11 0x556a2aa5b136 in edit_line (/home/dualbus/src/gnu/bash-build/bash+0x1b6136) #12 0x556a2aa58aa4 in read_builtin (/home/dualbus/src/gnu/bash-build/bash+0x1b3aa4) #13 0x556a2a96ec89 in execute_builtin (/home/dualbus/src/gnu/bash-build/bash+0xc9c89) #14 0x556a2a97089f in execute_builtin_or_function (/home/dualbus/src/gnu/bash-build/bash+0xcb89f) #15 0x556a2a96e11f in execute_simple_command (/home/dualbus/src/gnu/bash-build/bash+0xc911f) #16 0x556a2a95bf42 in execute_command_internal (/home/dualbus/src/gnu/bash-build/bash+0xb6f42) #17 0x556a2a96482e in execute_connection (/home/dualbus/src/gnu/bash-build/bash+0xbf82e) #18 0x556a2a95cd17 in execute_command_internal (/home/dualbus/src/gnu/bash-build/bash+0xb7d17) #19 0x556a2aa460f4 in parse_and_execute (/home/dualbus/src/gnu/bash-build/bash+0x1a10f4) #20 0x556a2a927401 in run_one_command (/home/dualbus/src/gnu/bash-build/bash+0x82401) #21 0x556a2a9258da in main (/home/dualbus/src/gnu/bash-build/bash+0x808da) #22 0x7f4fef4b92b0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202b0) SUMMARY: AddressSanitizer: heap-buffer-overflow (/home/dualbus/src/gnu/bash-build/bash+0x23cbe6) in _rl_copy_to_kill_ring Shadow bytes around the buggy address: 0x0c0e7fff9930: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c0e7fff9940: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c0e7fff9950: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c0e7fff9960: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c0e7fff9970: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa =>0x0c0e7fff9980: 00 00 00 00 00 00 00 00 00 00[fa]fa fa fa fd fd 0x0c0e7fff9990: fd fd fd fd fd fd fd fa fa fa fa fa fd fd fd fd 0x0c0e7fff99a0: fd fd fd fd fd fa fa fa fa fa fd fd fd fd fd fd 0x0c0e7fff99b0: fd fd fd fd fa fa fa fa 00 00 00 00 00 00 00 00 0x0c0e7fff99c0: 02 fa fa fa fa fa 00 00 00 00 00 00 00 00 00 06 0x0c0e7fff99d0: fa fa fa fa fd fd fd fd fd fd fd fd fd fd fa fa Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Heap right redzone: fb Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack partial redzone: f4 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb ==11020==ABORTING INPUT AAIbLbUAAlsQGDIYFRkYGBn//4DdHxgYGAAYGGQAAICAgICAgICAgICAgICAgICAgICAgICAgICA GBj6FxgZGBhFGAAYGGjw8PDwjh4S8Gjw8PABGCgVFRWYEBAQLwEQEBAQFRUVFRUU9BgoFRUVmBAQ EC8BEAsQEBUVFRUVFPQUGC8IEDgbOBMYKDiTk/sQFRUFFRUVFRUVFPQUGC8IEDgbOBMYKDgbOBMU RRgAAAYBJyJhHQIAGzgTGCh/GzgTGGUYAAAGGCf3AD8AGzgTGEX3ABAAAAAQGEUYZAAGABDbAIAA ABjEAj9ADjs= ==15290==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60700000ccc0 at pc 0x55bf58a71be7 bp 0x7fff2f94b4c0 sp 0x7fff2f94b4b8 READ of size 8 at 0x60700000ccc0 thread T0 #0 0x55bf58a71be6 in _rl_copy_to_kill_ring (/home/dualbus/src/gnu/bash-build/bash+0x23cbe6) #1 0x55bf58a71f79 in rl_kill_text (/home/dualbus/src/gnu/bash-build/bash+0x23cf79) #2 0x55bf58a731f9 in rl_unix_line_discard (/home/dualbus/src/gnu/bash-build/bash+0x23e1f9) #3 0x55bf58a3130d in _rl_dispatch_subseq (/home/dualbus/src/gnu/bash-build/bash+0x1fc30d) #4 0x55bf58a30ee8 in _rl_dispatch (/home/dualbus/src/gnu/bash-build/bash+0x1fbee8) #5 0x55bf58a30727 in readline_internal_char (/home/dualbus/src/gnu/bash-build/bash+0x1fb727) #6 0x55bf58a307b9 in readline_internal_charloop (/home/dualbus/src/gnu/bash-build/bash+0x1fb7b9) #7 0x55bf58a307dd in readline_internal (/home/dualbus/src/gnu/bash-build/bash+0x1fb7dd) #8 0x55bf58a2fe93 in readline (/home/dualbus/src/gnu/bash-build/bash+0x1fae93) #9 0x55bf589eb136 in edit_line (/home/dualbus/src/gnu/bash-build/bash+0x1b6136) #10 0x55bf589e8aa4 in read_builtin (/home/dualbus/src/gnu/bash-build/bash+0x1b3aa4) #11 0x55bf588fec89 in execute_builtin (/home/dualbus/src/gnu/bash-build/bash+0xc9c89) #12 0x55bf5890089f in execute_builtin_or_function (/home/dualbus/src/gnu/bash-build/bash+0xcb89f) #13 0x55bf588fe11f in execute_simple_command (/home/dualbus/src/gnu/bash-build/bash+0xc911f) #14 0x55bf588ebf42 in execute_command_internal (/home/dualbus/src/gnu/bash-build/bash+0xb6f42) #15 0x55bf588f482e in execute_connection (/home/dualbus/src/gnu/bash-build/bash+0xbf82e) #16 0x55bf588ecd17 in execute_command_internal (/home/dualbus/src/gnu/bash-build/bash+0xb7d17) #17 0x55bf589d60f4 in parse_and_execute (/home/dualbus/src/gnu/bash-build/bash+0x1a10f4) #18 0x55bf588b7401 in run_one_command (/home/dualbus/src/gnu/bash-build/bash+0x82401) #19 0x55bf588b58da in main (/home/dualbus/src/gnu/bash-build/bash+0x808da) #20 0x7fd3c37bd2b0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202b0) #21 0x55bf588b4749 in _start (/home/dualbus/src/gnu/bash-build/bash+0x7f749) 0x60700000ccc0 is located 0 bytes to the right of 80-byte region [0x60700000cc70,0x60700000ccc0) allocated by thread T0 here: #0 0x7fd3c402b090 in realloc (/usr/lib/x86_64-linux-gnu/libasan.so.3+0xc2090) #1 0x55bf589c4e00 in xrealloc (/home/dualbus/src/gnu/bash-build/bash+0x18fe00) #2 0x55bf58a71c4e in _rl_copy_to_kill_ring (/home/dualbus/src/gnu/bash-build/bash+0x23cc4e) #3 0x55bf58a71f79 in rl_kill_text (/home/dualbus/src/gnu/bash-build/bash+0x23cf79) #4 0x55bf58a731f9 in rl_unix_line_discard (/home/dualbus/src/gnu/bash-build/bash+0x23e1f9) #5 0x55bf58a3130d in _rl_dispatch_subseq (/home/dualbus/src/gnu/bash-build/bash+0x1fc30d) #6 0x55bf58a30ee8 in _rl_dispatch (/home/dualbus/src/gnu/bash-build/bash+0x1fbee8) #7 0x55bf58a30727 in readline_internal_char (/home/dualbus/src/gnu/bash-build/bash+0x1fb727) #8 0x55bf58a307b9 in readline_internal_charloop (/home/dualbus/src/gnu/bash-build/bash+0x1fb7b9) #9 0x55bf58a307dd in readline_internal (/home/dualbus/src/gnu/bash-build/bash+0x1fb7dd) #10 0x55bf58a2fe93 in readline (/home/dualbus/src/gnu/bash-build/bash+0x1fae93) #11 0x55bf589eb136 in edit_line (/home/dualbus/src/gnu/bash-build/bash+0x1b6136) #12 0x55bf589e8aa4 in read_builtin (/home/dualbus/src/gnu/bash-build/bash+0x1b3aa4) #13 0x55bf588fec89 in execute_builtin (/home/dualbus/src/gnu/bash-build/bash+0xc9c89) #14 0x55bf5890089f in execute_builtin_or_function (/home/dualbus/src/gnu/bash-build/bash+0xcb89f) #15 0x55bf588fe11f in execute_simple_command (/home/dualbus/src/gnu/bash-build/bash+0xc911f) #16 0x55bf588ebf42 in execute_command_internal (/home/dualbus/src/gnu/bash-build/bash+0xb6f42) #17 0x55bf588f482e in execute_connection (/home/dualbus/src/gnu/bash-build/bash+0xbf82e) #18 0x55bf588ecd17 in execute_command_internal (/home/dualbus/src/gnu/bash-build/bash+0xb7d17) #19 0x55bf589d60f4 in parse_and_execute (/home/dualbus/src/gnu/bash-build/bash+0x1a10f4) #20 0x55bf588b7401 in run_one_command (/home/dualbus/src/gnu/bash-build/bash+0x82401) #21 0x55bf588b58da in main (/home/dualbus/src/gnu/bash-build/bash+0x808da) #22 0x7fd3c37bd2b0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202b0) SUMMARY: AddressSanitizer: heap-buffer-overflow (/home/dualbus/src/gnu/bash-build/bash+0x23cbe6) in _rl_copy_to_kill_ring Shadow bytes around the buggy address: 0x0c0e7fff9940: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c0e7fff9950: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c0e7fff9960: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c0e7fff9970: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c0e7fff9980: fa fa fa fa fa fa fa fa fa fa fa fa fa fa 00 00 =>0x0c0e7fff9990: 00 00 00 00 00 00 00 00[fa]fa fa fa fd fd fd fd 0x0c0e7fff99a0: fd fd fd fd fd fa fa fa fa fa 00 00 00 00 00 00 0x0c0e7fff99b0: 00 00 00 03 fa fa fa fa 00 00 00 00 00 00 00 00 0x0c0e7fff99c0: 02 fa fa fa fa fa 00 00 00 00 00 00 00 00 00 06 0x0c0e7fff99d0: fa fa fa fa fd fd fd fd fd fd fd fd fd fd fa fa 0x0c0e7fff99e0: fa fa 00 00 00 00 00 00 00 00 00 fa fa fa fa fa Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Heap right redzone: fb Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack partial redzone: f4 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb ==15290==ABORTING INPUT AAIbLbUAAlsQGDIYFxwYGBkYGJgYGBgYGAAYGBgwGAAAAEAYGBggAAAEANIY+xcYGRgYGBgYIAAA BEA+BCbMBEABARgoFRUVFRAQ////gAsQEDMQEBAQEBAVCBA4Gzj+GH84GzgTGCYQEBUVBRUV4RUV FRUVFPkVCBA4GzgTGCg4GzgTGBgoOBs4ExgmEBAVFQUVFeEVFRUVFRT5FRUVFRT5FQgQOBs4Exgo OBs4ExgYKDgbGAAABgEnKGEdAgAbOBMVFeEVFRUVFRT5FQgQOBs4ExgoOBs4ExgmABs4ExgoOBs4 ExhlGAAFBhgn9wAmYR0CABs4ExgoOBs4ExgQEAsQEDMQGzgTGEX3ABAAANwQIEUYZAAGABDbAAAC ABjEAj9ADjs= ==15291==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60700000cd30 at pc 0x563cebd3dbe7 bp 0x7ffe4f50b390 sp 0x7ffe4f50b388 READ of size 8 at 0x60700000cd30 thread T0 #0 0x563cebd3dbe6 in _rl_copy_to_kill_ring (/home/dualbus/src/gnu/bash-build/bash+0x23cbe6) #1 0x563cebd3df79 in rl_kill_text (/home/dualbus/src/gnu/bash-build/bash+0x23cf79) #2 0x563cebd3f1f9 in rl_unix_line_discard (/home/dualbus/src/gnu/bash-build/bash+0x23e1f9) #3 0x563cebcfd30d in _rl_dispatch_subseq (/home/dualbus/src/gnu/bash-build/bash+0x1fc30d) #4 0x563cebcfcee8 in _rl_dispatch (/home/dualbus/src/gnu/bash-build/bash+0x1fbee8) #5 0x563cebcfc727 in readline_internal_char (/home/dualbus/src/gnu/bash-build/bash+0x1fb727) #6 0x563cebcfc7b9 in readline_internal_charloop (/home/dualbus/src/gnu/bash-build/bash+0x1fb7b9) #7 0x563cebcfc7dd in readline_internal (/home/dualbus/src/gnu/bash-build/bash+0x1fb7dd) #8 0x563cebcfbe93 in readline (/home/dualbus/src/gnu/bash-build/bash+0x1fae93) #9 0x563cebcb7136 in edit_line (/home/dualbus/src/gnu/bash-build/bash+0x1b6136) #10 0x563cebcb4aa4 in read_builtin (/home/dualbus/src/gnu/bash-build/bash+0x1b3aa4) #11 0x563cebbcac89 in execute_builtin (/home/dualbus/src/gnu/bash-build/bash+0xc9c89) #12 0x563cebbcc89f in execute_builtin_or_function (/home/dualbus/src/gnu/bash-build/bash+0xcb89f) #13 0x563cebbca11f in execute_simple_command (/home/dualbus/src/gnu/bash-build/bash+0xc911f) #14 0x563cebbb7f42 in execute_command_internal (/home/dualbus/src/gnu/bash-build/bash+0xb6f42) #15 0x563cebbc082e in execute_connection (/home/dualbus/src/gnu/bash-build/bash+0xbf82e) #16 0x563cebbb8d17 in execute_command_internal (/home/dualbus/src/gnu/bash-build/bash+0xb7d17) #17 0x563cebca20f4 in parse_and_execute (/home/dualbus/src/gnu/bash-build/bash+0x1a10f4) #18 0x563cebb83401 in run_one_command (/home/dualbus/src/gnu/bash-build/bash+0x82401) #19 0x563cebb818da in main (/home/dualbus/src/gnu/bash-build/bash+0x808da) #20 0x7f2089e212b0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202b0) #21 0x563cebb80749 in _start (/home/dualbus/src/gnu/bash-build/bash+0x7f749) 0x60700000cd30 is located 0 bytes to the right of 80-byte region [0x60700000cce0,0x60700000cd30) allocated by thread T0 here: #0 0x7f208a68f090 in realloc (/usr/lib/x86_64-linux-gnu/libasan.so.3+0xc2090) #1 0x563cebc90e00 in xrealloc (/home/dualbus/src/gnu/bash-build/bash+0x18fe00) #2 0x563cebd3dc4e in _rl_copy_to_kill_ring (/home/dualbus/src/gnu/bash-build/bash+0x23cc4e) #3 0x563cebd3df79 in rl_kill_text (/home/dualbus/src/gnu/bash-build/bash+0x23cf79) #4 0x563cebd3f1f9 in rl_unix_line_discard (/home/dualbus/src/gnu/bash-build/bash+0x23e1f9) #5 0x563cebcfd30d in _rl_dispatch_subseq (/home/dualbus/src/gnu/bash-build/bash+0x1fc30d) #6 0x563cebcfcee8 in _rl_dispatch (/home/dualbus/src/gnu/bash-build/bash+0x1fbee8) #7 0x563cebcfc727 in readline_internal_char (/home/dualbus/src/gnu/bash-build/bash+0x1fb727) #8 0x563cebcfc7b9 in readline_internal_charloop (/home/dualbus/src/gnu/bash-build/bash+0x1fb7b9) #9 0x563cebcfc7dd in readline_internal (/home/dualbus/src/gnu/bash-build/bash+0x1fb7dd) #10 0x563cebcfbe93 in readline (/home/dualbus/src/gnu/bash-build/bash+0x1fae93) #11 0x563cebcb7136 in edit_line (/home/dualbus/src/gnu/bash-build/bash+0x1b6136) #12 0x563cebcb4aa4 in read_builtin (/home/dualbus/src/gnu/bash-build/bash+0x1b3aa4) #13 0x563cebbcac89 in execute_builtin (/home/dualbus/src/gnu/bash-build/bash+0xc9c89) #14 0x563cebbcc89f in execute_builtin_or_function (/home/dualbus/src/gnu/bash-build/bash+0xcb89f) #15 0x563cebbca11f in execute_simple_command (/home/dualbus/src/gnu/bash-build/bash+0xc911f) #16 0x563cebbb7f42 in execute_command_internal (/home/dualbus/src/gnu/bash-build/bash+0xb6f42) #17 0x563cebbc082e in execute_connection (/home/dualbus/src/gnu/bash-build/bash+0xbf82e) #18 0x563cebbb8d17 in execute_command_internal (/home/dualbus/src/gnu/bash-build/bash+0xb7d17) #19 0x563cebca20f4 in parse_and_execute (/home/dualbus/src/gnu/bash-build/bash+0x1a10f4) #20 0x563cebb83401 in run_one_command (/home/dualbus/src/gnu/bash-build/bash+0x82401) #21 0x563cebb818da in main (/home/dualbus/src/gnu/bash-build/bash+0x808da) #22 0x7f2089e212b0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202b0) SUMMARY: AddressSanitizer: heap-buffer-overflow (/home/dualbus/src/gnu/bash-build/bash+0x23cbe6) in _rl_copy_to_kill_ring Shadow bytes around the buggy address: 0x0c0e7fff9950: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c0e7fff9960: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c0e7fff9970: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c0e7fff9980: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c0e7fff9990: fa fa fa fa fa fa fa fa fa fa fa fa 00 00 00 00 =>0x0c0e7fff99a0: 00 00 00 00 00 00[fa]fa fa fa fd fd fd fd fd fd 0x0c0e7fff99b0: fd fd fd fa fa fa fa fa 00 00 00 00 00 00 00 00 0x0c0e7fff99c0: 02 fa fa fa fa fa 00 00 00 00 00 00 00 00 00 06 0x0c0e7fff99d0: fa fa fa fa fd fd fd fd fd fd fd fd fd fd fa fa 0x0c0e7fff99e0: fa fa 00 00 00 00 00 00 00 00 00 fa fa fa fa fa 0x0c0e7fff99f0: 00 00 00 00 00 00 00 00 00 fa fa fa fa fa 00 00 Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Heap right redzone: fb Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack partial redzone: f4 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb ==15291==ABORTING INPUT AAIbLbUAAlsQGDIYFxwYGBkYGJgYGBgYGAAYGBgwGAAAAEAYGBggAAAEANIY+xcYGRgYGBgYIAAA BEA+BEDMBEABARgoFRUVFRAQ////gAsQEDMQEBAQEBAVCBA4Gzj+GEU4GzgTGCYQEBUVBRUV4RUV FRUVFPkVCBA4/wAAAEE4GzgTGBgoOBs4ExgmEBAVFQUVFeEVFRUVFRT5FRUVFRT5FQgQOBs4Exgo OBs4ExgYKDgbGAAABgEnKGEdAgAbOBMVFeEVFRUVFRQ1NTU1NTU1NTU1NfkVCBA4GzgTGCg4GzgT GCYAGzgTGCg4GzgTGGUYAAAGGCf3ACZhHQIAGzgTGCg4GzgTGBAQCxAQMxAbOPf39/f39/f39/f3 9/f39/f39/f39wAAGMQCP0AOOw== ==15292==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60700000ccc0 at pc 0x5581a900ebe7 bp 0x7ffe212a21a0 sp 0x7ffe212a2198 READ of size 8 at 0x60700000ccc0 thread T0 #0 0x5581a900ebe6 in _rl_copy_to_kill_ring (/home/dualbus/src/gnu/bash-build/bash+0x23cbe6) #1 0x5581a900ef79 in rl_kill_text (/home/dualbus/src/gnu/bash-build/bash+0x23cf79) #2 0x5581a90101f9 in rl_unix_line_discard (/home/dualbus/src/gnu/bash-build/bash+0x23e1f9) #3 0x5581a8fce30d in _rl_dispatch_subseq (/home/dualbus/src/gnu/bash-build/bash+0x1fc30d) #4 0x5581a8fcdee8 in _rl_dispatch (/home/dualbus/src/gnu/bash-build/bash+0x1fbee8) #5 0x5581a8fcd727 in readline_internal_char (/home/dualbus/src/gnu/bash-build/bash+0x1fb727) #6 0x5581a8fcd7b9 in readline_internal_charloop (/home/dualbus/src/gnu/bash-build/bash+0x1fb7b9) #7 0x5581a8fcd7dd in readline_internal (/home/dualbus/src/gnu/bash-build/bash+0x1fb7dd) #8 0x5581a8fcce93 in readline (/home/dualbus/src/gnu/bash-build/bash+0x1fae93) #9 0x5581a8f88136 in edit_line (/home/dualbus/src/gnu/bash-build/bash+0x1b6136) #10 0x5581a8f85aa4 in read_builtin (/home/dualbus/src/gnu/bash-build/bash+0x1b3aa4) #11 0x5581a8e9bc89 in execute_builtin (/home/dualbus/src/gnu/bash-build/bash+0xc9c89) #12 0x5581a8e9d89f in execute_builtin_or_function (/home/dualbus/src/gnu/bash-build/bash+0xcb89f) #13 0x5581a8e9b11f in execute_simple_command (/home/dualbus/src/gnu/bash-build/bash+0xc911f) #14 0x5581a8e88f42 in execute_command_internal (/home/dualbus/src/gnu/bash-build/bash+0xb6f42) #15 0x5581a8e9182e in execute_connection (/home/dualbus/src/gnu/bash-build/bash+0xbf82e) #16 0x5581a8e89d17 in execute_command_internal (/home/dualbus/src/gnu/bash-build/bash+0xb7d17) #17 0x5581a8f730f4 in parse_and_execute (/home/dualbus/src/gnu/bash-build/bash+0x1a10f4) #18 0x5581a8e54401 in run_one_command (/home/dualbus/src/gnu/bash-build/bash+0x82401) #19 0x5581a8e528da in main (/home/dualbus/src/gnu/bash-build/bash+0x808da) #20 0x7f40896ae2b0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202b0) #21 0x5581a8e51749 in _start (/home/dualbus/src/gnu/bash-build/bash+0x7f749) 0x60700000ccc0 is located 0 bytes to the right of 80-byte region [0x60700000cc70,0x60700000ccc0) allocated by thread T0 here: #0 0x7f4089f1c090 in realloc (/usr/lib/x86_64-linux-gnu/libasan.so.3+0xc2090) #1 0x5581a8f61e00 in xrealloc (/home/dualbus/src/gnu/bash-build/bash+0x18fe00) #2 0x5581a900ec4e in _rl_copy_to_kill_ring (/home/dualbus/src/gnu/bash-build/bash+0x23cc4e) #3 0x5581a900ef79 in rl_kill_text (/home/dualbus/src/gnu/bash-build/bash+0x23cf79) #4 0x5581a90101f9 in rl_unix_line_discard (/home/dualbus/src/gnu/bash-build/bash+0x23e1f9) #5 0x5581a8fce30d in _rl_dispatch_subseq (/home/dualbus/src/gnu/bash-build/bash+0x1fc30d) #6 0x5581a8fcdee8 in _rl_dispatch (/home/dualbus/src/gnu/bash-build/bash+0x1fbee8) #7 0x5581a8fcd727 in readline_internal_char (/home/dualbus/src/gnu/bash-build/bash+0x1fb727) #8 0x5581a8fcd7b9 in readline_internal_charloop (/home/dualbus/src/gnu/bash-build/bash+0x1fb7b9) #9 0x5581a8fcd7dd in readline_internal (/home/dualbus/src/gnu/bash-build/bash+0x1fb7dd) #10 0x5581a8fcce93 in readline (/home/dualbus/src/gnu/bash-build/bash+0x1fae93) #11 0x5581a8f88136 in edit_line (/home/dualbus/src/gnu/bash-build/bash+0x1b6136) #12 0x5581a8f85aa4 in read_builtin (/home/dualbus/src/gnu/bash-build/bash+0x1b3aa4) #13 0x5581a8e9bc89 in execute_builtin (/home/dualbus/src/gnu/bash-build/bash+0xc9c89) #14 0x5581a8e9d89f in execute_builtin_or_function (/home/dualbus/src/gnu/bash-build/bash+0xcb89f) #15 0x5581a8e9b11f in execute_simple_command (/home/dualbus/src/gnu/bash-build/bash+0xc911f) #16 0x5581a8e88f42 in execute_command_internal (/home/dualbus/src/gnu/bash-build/bash+0xb6f42) #17 0x5581a8e9182e in execute_connection (/home/dualbus/src/gnu/bash-build/bash+0xbf82e) #18 0x5581a8e89d17 in execute_command_internal (/home/dualbus/src/gnu/bash-build/bash+0xb7d17) #19 0x5581a8f730f4 in parse_and_execute (/home/dualbus/src/gnu/bash-build/bash+0x1a10f4) #20 0x5581a8e54401 in run_one_command (/home/dualbus/src/gnu/bash-build/bash+0x82401) #21 0x5581a8e528da in main (/home/dualbus/src/gnu/bash-build/bash+0x808da) #22 0x7f40896ae2b0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202b0) SUMMARY: AddressSanitizer: heap-buffer-overflow (/home/dualbus/src/gnu/bash-build/bash+0x23cbe6) in _rl_copy_to_kill_ring Shadow bytes around the buggy address: 0x0c0e7fff9940: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c0e7fff9950: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c0e7fff9960: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c0e7fff9970: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c0e7fff9980: fa fa fa fa fa fa fa fa fa fa fa fa fa fa 00 00 =>0x0c0e7fff9990: 00 00 00 00 00 00 00 00[fa]fa fa fa fd fd fd fd 0x0c0e7fff99a0: fd fd fd fd fd fa fa fa fa fa 00 00 00 00 00 00 0x0c0e7fff99b0: 00 00 00 03 fa fa fa fa 00 00 00 00 00 00 00 00 0x0c0e7fff99c0: 02 fa fa fa fa fa 00 00 00 00 00 00 00 00 00 06 0x0c0e7fff99d0: fa fa fa fa fd fd fd fd fd fd fd fd fd fd fa fa 0x0c0e7fff99e0: fa fa 00 00 00 00 00 00 00 00 00 fa fa fa fa fa Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Heap right redzone: fb Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack partial redzone: f4 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb ==15292==ABORTING INPUT AAIbLbUAAlsQGDIYFxwYGBkYGJgYGBgYGAAYGBgwGAAAAEAYGBggAAAEANIY+xcYGRgYGBgYIAAA BEA+BEDMBEABARgoFRUVFRAQ////gAsQEDMQEBAQEBAVCBA4Gzj+GEU4Gzg4GzgTGBgoOBs4Exgl 7xAVFQUVFeEVFRUVFRT5FRWAFRT5FQgQOBs4ExgoOBs4ExgYKDgbGAAABgEnKGEdAgAbOBMVFeEV FRUVFRT5FQgQOBs4ExgoOBs4ExgmABs4ExgoOBs4ExhlGAAABhgn9wAmYSkCABs4ExgoOBs4ExgQ EAsQEDMQGzgTGEX3ABAAANwQIEUYZAAGABDbABAAABjEAj9ADjs= ==15293==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60700000ccc0 at pc 0x557cf29f6be7 bp 0x7ffd788ea1e0 sp 0x7ffd788ea1d8 READ of size 8 at 0x60700000ccc0 thread T0 #0 0x557cf29f6be6 in _rl_copy_to_kill_ring (/home/dualbus/src/gnu/bash-build/bash+0x23cbe6) #1 0x557cf29f6f79 in rl_kill_text (/home/dualbus/src/gnu/bash-build/bash+0x23cf79) #2 0x557cf29f81f9 in rl_unix_line_discard (/home/dualbus/src/gnu/bash-build/bash+0x23e1f9) #3 0x557cf29b630d in _rl_dispatch_subseq (/home/dualbus/src/gnu/bash-build/bash+0x1fc30d) #4 0x557cf29b5ee8 in _rl_dispatch (/home/dualbus/src/gnu/bash-build/bash+0x1fbee8) #5 0x557cf29b5727 in readline_internal_char (/home/dualbus/src/gnu/bash-build/bash+0x1fb727) #6 0x557cf29b57b9 in readline_internal_charloop (/home/dualbus/src/gnu/bash-build/bash+0x1fb7b9) #7 0x557cf29b57dd in readline_internal (/home/dualbus/src/gnu/bash-build/bash+0x1fb7dd) #8 0x557cf29b4e93 in readline (/home/dualbus/src/gnu/bash-build/bash+0x1fae93) #9 0x557cf2970136 in edit_line (/home/dualbus/src/gnu/bash-build/bash+0x1b6136) #10 0x557cf296daa4 in read_builtin (/home/dualbus/src/gnu/bash-build/bash+0x1b3aa4) #11 0x557cf2883c89 in execute_builtin (/home/dualbus/src/gnu/bash-build/bash+0xc9c89) #12 0x557cf288589f in execute_builtin_or_function (/home/dualbus/src/gnu/bash-build/bash+0xcb89f) #13 0x557cf288311f in execute_simple_command (/home/dualbus/src/gnu/bash-build/bash+0xc911f) #14 0x557cf2870f42 in execute_command_internal (/home/dualbus/src/gnu/bash-build/bash+0xb6f42) #15 0x557cf287982e in execute_connection (/home/dualbus/src/gnu/bash-build/bash+0xbf82e) #16 0x557cf2871d17 in execute_command_internal (/home/dualbus/src/gnu/bash-build/bash+0xb7d17) #17 0x557cf295b0f4 in parse_and_execute (/home/dualbus/src/gnu/bash-build/bash+0x1a10f4) #18 0x557cf283c401 in run_one_command (/home/dualbus/src/gnu/bash-build/bash+0x82401) #19 0x557cf283a8da in main (/home/dualbus/src/gnu/bash-build/bash+0x808da) #20 0x7f01c74ce2b0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202b0) #21 0x557cf2839749 in _start (/home/dualbus/src/gnu/bash-build/bash+0x7f749) 0x60700000ccc0 is located 0 bytes to the right of 80-byte region [0x60700000cc70,0x60700000ccc0) allocated by thread T0 here: #0 0x7f01c7d3c090 in realloc (/usr/lib/x86_64-linux-gnu/libasan.so.3+0xc2090) #1 0x557cf2949e00 in xrealloc (/home/dualbus/src/gnu/bash-build/bash+0x18fe00) #2 0x557cf29f6c4e in _rl_copy_to_kill_ring (/home/dualbus/src/gnu/bash-build/bash+0x23cc4e) #3 0x557cf29f6f79 in rl_kill_text (/home/dualbus/src/gnu/bash-build/bash+0x23cf79) #4 0x557cf29f81f9 in rl_unix_line_discard (/home/dualbus/src/gnu/bash-build/bash+0x23e1f9) #5 0x557cf29b630d in _rl_dispatch_subseq (/home/dualbus/src/gnu/bash-build/bash+0x1fc30d) #6 0x557cf29b5ee8 in _rl_dispatch (/home/dualbus/src/gnu/bash-build/bash+0x1fbee8) #7 0x557cf29b5727 in readline_internal_char (/home/dualbus/src/gnu/bash-build/bash+0x1fb727) #8 0x557cf29b57b9 in readline_internal_charloop (/home/dualbus/src/gnu/bash-build/bash+0x1fb7b9) #9 0x557cf29b57dd in readline_internal (/home/dualbus/src/gnu/bash-build/bash+0x1fb7dd) #10 0x557cf29b4e93 in readline (/home/dualbus/src/gnu/bash-build/bash+0x1fae93) #11 0x557cf2970136 in edit_line (/home/dualbus/src/gnu/bash-build/bash+0x1b6136) #12 0x557cf296daa4 in read_builtin (/home/dualbus/src/gnu/bash-build/bash+0x1b3aa4) #13 0x557cf2883c89 in execute_builtin (/home/dualbus/src/gnu/bash-build/bash+0xc9c89) #14 0x557cf288589f in execute_builtin_or_function (/home/dualbus/src/gnu/bash-build/bash+0xcb89f) #15 0x557cf288311f in execute_simple_command (/home/dualbus/src/gnu/bash-build/bash+0xc911f) #16 0x557cf2870f42 in execute_command_internal (/home/dualbus/src/gnu/bash-build/bash+0xb6f42) #17 0x557cf287982e in execute_connection (/home/dualbus/src/gnu/bash-build/bash+0xbf82e) #18 0x557cf2871d17 in execute_command_internal (/home/dualbus/src/gnu/bash-build/bash+0xb7d17) #19 0x557cf295b0f4 in parse_and_execute (/home/dualbus/src/gnu/bash-build/bash+0x1a10f4) #20 0x557cf283c401 in run_one_command (/home/dualbus/src/gnu/bash-build/bash+0x82401) #21 0x557cf283a8da in main (/home/dualbus/src/gnu/bash-build/bash+0x808da) #22 0x7f01c74ce2b0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202b0) SUMMARY: AddressSanitizer: heap-buffer-overflow (/home/dualbus/src/gnu/bash-build/bash+0x23cbe6) in _rl_copy_to_kill_ring Shadow bytes around the buggy address: 0x0c0e7fff9940: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c0e7fff9950: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c0e7fff9960: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c0e7fff9970: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c0e7fff9980: fa fa fa fa fa fa fa fa fa fa fa fa fa fa 00 00 =>0x0c0e7fff9990: 00 00 00 00 00 00 00 00[fa]fa fa fa fd fd fd fd 0x0c0e7fff99a0: fd fd fd fd fd fa fa fa fa fa 00 00 00 00 00 00 0x0c0e7fff99b0: 00 00 00 03 fa fa fa fa 00 00 00 00 00 00 00 00 0x0c0e7fff99c0: 02 fa fa fa fa fa 00 00 00 00 00 00 00 00 00 06 0x0c0e7fff99d0: fa fa fa fa fd fd fd fd fd fd fd fd fd fd fa fa 0x0c0e7fff99e0: fa fa 00 00 00 00 00 00 00 00 00 fa fa fa fa fa Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Heap right redzone: fb Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack partial redzone: f4 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb ==15293==ABORTING INPUT AAIbLbUAAlsQGDIYFxwYGBkTGEX3ABAAANwYGBgwGAAAAEAYGBggAAAEANIY+xcYGRgYGBgYIAAA BEAjBEDMBEABARgoFRUVFRAQ////gAsQEDMQEBAQEBAVCBA4Gzj+GEU4GzgTGCYQEBUdBRUV4RUV FRUVFPkVCBA4GzgTGCg4GzgTGBgoOBs4ExgmEBAVFQUVFeEVFRUVFRT5FRUVFRRkFQgQOBs4Exgo OBs4ExgYKDgbGAAABgEnKGEdAgAbOBMVFeEVFRUVFRT5FQgQOBs4ExgoOBs4ExgmABs4ExgoOBs4 ExhlGAAABhgn9wAmYR0CABs4ExgoOBs4ExgQEAsQEDMQGzgTGEX3ABAAANwQIEUYZAAGABDbABAA ABjEAj9ADjs= -- Eduardo Bustamante https://dualbus.me/