Súbít #586912: radare2 radiff2 5.9.9 and master branch Memory corruptionbayani

Kura	radare2 radiff2 5.9.9 and master branch Memory corruption
Gaskiya	Summary Double-Free in radiff2 Environment radare2 version: 5.9.9 and master branch Commit: git.5.9.9 Build options: gpl release -O1 cs:5 cl:2 make Operating System: Ubuntu 22.04 x86_64 Architecture: x86_64 Steps to reproduce export CFLAGS="-g -O0 -fno-inline -fno-lto -fsanitize=address" export CXXFLAGS="-g -O0 -fno-inline -fno-lto -fsanitize=address" ./configure --without-qjs make -j64 & make install radiff2 -a x86_64 -AA -b 1 -B 0x100 -C -D -g 10,20 -j -p -q -r -T POC1 POC2 ================================================================= ==356195==ERROR: AddressSanitizer: attempting double-free on 0x62d000046400 in thread T1: #0 0x7f9458b57537 in __interceptor_free ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:127 #1 0x7f9458732232 in cons_stack_load /root/this-program/radare2-dfe3eea/libr/cons/cons.c:132 #2 0x7f9458732118 in r_cons_pop /root/this-program/radare2-dfe3eea/libr/cons/cons.c:937 WARN: Relocs has not been applied. Please use -e bin.relocs.apply=true or -e bin.cache=true next time #3 0x7f9457e3ce83 in r_core_cmd_str /root/this-program/radare2-dfe3eea/libr/core/cmd.c:6722 #4 0x7f9457fffc90 in update_cmdpdc_options /root/this-program/radare2-dfe3eea/libr/core/cconfig.c:626 #5 0x7f9457ff1bff in r_core_config_init /root/this-program/radare2-dfe3eea/libr/core/cconfig.c:4093 #6 0x7f9457deb028 in r_core_init /root/this-program/radare2-dfe3eea/libr/core/core.c:2754 #7 0x7f9457dea1d8 in r_core_new /root/this-program/radare2-dfe3eea/libr/core/core.c:386 #8 0x7f9455358d06 in opencore /root/this-program/radare2-dfe3eea/libr/main/radiff2.c:78 #9 0x7f9455358cac in thready_core /root/this-program/radare2-dfe3eea/libr/main/radiff2.c:1313 #10 0x7f945841d038 in _r_th_launcher /root/this-program/radare2-dfe3eea/libr/util/thread.c:53 #11 0x7f9455182ac2 in start_thread nptl/pthread_create.c:442 #12 0x7f945521484f (/lib/x86_64-linux-gnu/libc.so.6+0x12684f) 0x62d000046400 is located 0 bytes inside of 32773-byte region [0x62d000046400,0x62d00004e405) freed by thread T2 here: #0 0x7f9458b57537 in __interceptor_free ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:127 #1 0x7f9458732232 in cons_stack_load /root/this-program/radare2-dfe3eea/libr/cons/cons.c:132 previously allocated by thread T1 here: #0 0x7f9458b57a57 in __interceptor_calloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:154 #1 0x7f945873621c in palloc /root/this-program/radare2-dfe3eea/libr/cons/cons.c:762 Thread T1 created by T0 here: INFO: Analyze all flags starting with sym. and entry0 (aa) INFO: Analyze imports (af@@@i) INFO: Analyze entrypoint (af@ entry0) INFO: Analyze symbols (af@@@s) INFO: Analyze all functions arguments/locals (afva@@@f) INFO: Analyze function calls (aac) #0 0x7f9458afb685 in __interceptor_pthread_create ../../../../src/libsanitizer/asan/asan_interceptors.cpp:216 #1 0x7f945841cea9 in r_th_new /root/this-program/radare2-dfe3eea/libr/util/thread.c:259 Thread T2 created by T0 here: #0 0x7f9458afb685 in __interceptor_pthread_create ../../../../src/libsanitizer/asan/asan_interceptors.cpp:216 #1 0x7f945841cea9 in r_th_new /root/this-program/radare2-dfe3eea/libr/util/thread.c:259 SUMMARY: AddressSanitizer: double-free ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:127 in __interceptor_free ==356195==ABORTING POC https://drive.google.com/file/d/1XsoyD7lMC-9a9Cxhld8sdEE-0PF3lxvB/view?usp=sharing Credit Xiaoguo Li (CUPL) Xudong Cao (UCAS)
Manga	⚠️ https://github.com/radareorg/radare2/issues/24232
Màdùmga	rootsec (UID 85929)
Furta	05/29/2025 18:56 (9 Wurɗi 전)
Gargajiya	06/04/2025 14:11 (6 days later)
Halitta	Shingilam
VulDB gite	311131 [Radare2 5.9.9 radiff2 /libr/cons/cons.c cons_stack_load -T Pufferüberlauf]
Nganji	20

◂ Gurɗo Gumti Gada ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!