Hi, I ran into a rax2 bug: $ rax2 Bxaaaaa 00000000000010101010101010101010b *** glibc detected *** rax2: free(): invalid next size (fast): 0x08594008 *** ======= Backtrace: ========= /lib/libc.so.6(+0x6b661)[0xb76d5661] /lib/libc.so.6(+0x6cf7b)[0xb76d6f7b] /lib/libc.so.6(cfree+0x6d)[0xb76da11d] rax2[0x8048b0c] ======= Memory map: ======== 08048000-0804a000 r-xp 00000000 08:21 161 /usr/bin/rax2 0804a000-0804b000 rw-p 00001000 08:21 161 /usr/bin/rax2 08594000-085b5000 rw-p 00000000 00:00 0 [heap] b74c7000-b74e2000 r-xp 00000000 08:21 26904673 /usr/lib/libgcc_s.so.1 b74e2000-b74e3000 rw-p 0001a000 08:21 26904673 /usr/lib/libgcc_s.so.1 b7500000-b7521000 rw-p 00000000 00:00 0 b7521000-b7600000 ---p 00000000 00:00 0 b760c000-b760d000 rw-p 00000000 00:00 0 b760d000-b7663000 r-xp 00000000 08:21 25336804 /usr/lib/libgmp.so.10.0.1 b7663000-b766a000 rw-p 00055000 08:21 25336804 /usr/lib/libgmp.so.10.0.1 b766a000-b77af000 r-xp 00000000 08:21 8391784 /lib/libc-2.13.so b77af000-b77b0000 ---p 00145000 08:21 8391784 /lib/libc-2.13.so b77b0000-b77b2000 r--p 00145000 08:21 8391784 /lib/libc-2.13.so b77b2000-b77b3000 rw-p 00147000 08:21 8391784 /lib/libc-2.13.so b77b3000-b77b6000 rw-p 00000000 00:00 0 b77b6000-b77c2000 r-xp 00000000 08:21 25227905 /usr/lib/libr_util.so.0.6.9 b77c2000-b77c3000 rw-p 0000c000 08:21 25227905 /usr/lib/libr_util.so.0.6.9 b77df000-b77e1000 rw-p 00000000 00:00 0 b77e1000-b77e2000 r-xp 00000000 00:00 0 [vdso] b77e2000-b77fe000 r-xp 00000000 08:21 8391797 /lib/ld-2.13.so b77fe000-b77ff000 r--p 0001b000 08:21 8391797 /lib/ld-2.13.so b77ff000-b7800000 rw-p 0001c000 08:21 8391797 /lib/ld-2.13.so bfa23000-bfa44000 rw-p 00000000 00:00 0 [stack] Aborted
Works for any Bxf00, where f00 = 3 chars on x86 and 5 chars on x86_64. The free() in question is in rax2.c at line 32.
signature.asc
Description: PGP signature
_______________________________________________ radare mailing list [email protected] http://lists.nopcode.org/listinfo.cgi/radare-nopcode.org
