0011 CRASH detected in lj_alloc_free due to a fault at or near 0x0000000000000000 leading to SIGSEGV

Question

0011 CRASH detected in lj_alloc_free due to a fault at or near 0x0000000000000000 leading to SIGSEGV

pwnhacker0x18 opened this issue 2 months ago · comments

                     1352: void lj_alloc_free(msp = (void *)0x7ffff7e53010, ptr = (void *)<optimized out>) {

                       ||||:

                       ||||: /* Local reference: tchunkptr tp = 0x7ffff7e715f0; */

                       ||||: /* Local reference: mchunkptr p = 0x7ffff7e715f0; */

                       ||||: /* Local reference: mstate fm = 0x7ffff7e53010; */

                       ||||: /* Local reference: size_t psize = 1632; */

                       1413:     } else {

                       1414:       tchunkptr tp = (tchunkptr)p;

                       1415:       insert_large_chunk(fm, tp, psize);

                       ||||:

                       ----: }

                       at lj_alloc.c:1415

poc.txt

Peter Cawley · Answer 1 · Fri May 10 2024 04:32:07 GMT+0800 (China Standard Time)

The poc.txt does not reproduce for me (using git head, 5790d25).

Sergey Kaplun · Answer 2 · Fri May 10 2024 04:47:40 GMT+0800 (China Standard Time)

Looks like a duplicate of #1152. The issue is not reproduced on defe61a ("Rework stack overflow handling.") and leads to the crash right before.