update cve/vim/2022/CVE-2022-3591/README.md.
Signed-off-by: Mz_zM <by2039115@buaa.edu.cn>
This commit is contained in:
Mz_zM
Re3et
parent
5577a473f4
commit
ca13dbe154
|
|
@ -0,0 +1,372 @@
|
|||
**描述**
|
||||
Use After Free in function qf_get_curlist at quickfix.c:1932
|
||||
|
||||
**vim 版本**
|
||||
|
||||
```
|
||||
git log
|
||||
commit bf72e0c67f26ea7c8fd941fdd1533c24c7b6cb43 (grafted, HEAD -> master, tag: v9.0.0792, origin/master, origin/HEAD)
|
||||
```
|
||||
|
||||
**POC**
|
||||
|
||||
|
||||
```
|
||||
./vim -u NONE -i NONE -n -m -X -Z -e -s -S /home/fuzz/test/poc14_huaf.dat -c :qa!
|
||||
=================================================================
|
||||
==147326==ERROR: AddressSanitizer: heap-use-after-free on address 0x61b00005be88 at pc 0x55f4ac3e895f bp 0x7ffe39fa57b0 sp 0x7ffe39fa57a0
|
||||
READ of size 4 at 0x61b00005be88 thread T0
|
||||
#0 0x55f4ac3e895e in qf_get_curlist /home/fuzz/vim/src/quickfix.c:1932
|
||||
#1 0x55f4ac3f4422 in qf_win_pos_update /home/fuzz/vim/src/quickfix.c:4446
|
||||
#2 0x55f4ac3f4f99 in qf_update_buffer /home/fuzz/vim/src/quickfix.c:4609
|
||||
#3 0x55f4ac3f1e4a in qf_age /home/fuzz/vim/src/quickfix.c:3902
|
||||
#4 0x55f4ac17bec2 in do_one_cmd /home/fuzz/vim/src/ex_docmd.c:2578
|
||||
#5 0x55f4ac17302d in do_cmdline /home/fuzz/vim/src/ex_docmd.c:990
|
||||
#6 0x55f4ac60adaa in do_ucmd /home/fuzz/vim/src/usercmd.c:1912
|
||||
#7 0x55f4ac17be2c in do_one_cmd /home/fuzz/vim/src/ex_docmd.c:2571
|
||||
#8 0x55f4ac17302d in do_cmdline /home/fuzz/vim/src/ex_docmd.c:990
|
||||
#9 0x55f4ac49d19f in do_source_ext /home/fuzz/vim/src/scriptfile.c:1667
|
||||
#10 0x55f4ac49acce in cmd_source /home/fuzz/vim/src/scriptfile.c:1146
|
||||
#11 0x55f4ac49aef7 in ex_source /home/fuzz/vim/src/scriptfile.c:1189
|
||||
#12 0x55f4ac17bec2 in do_one_cmd /home/fuzz/vim/src/ex_docmd.c:2578
|
||||
#13 0x55f4ac17302d in do_cmdline /home/fuzz/vim/src/ex_docmd.c:990
|
||||
#14 0x55f4ac49d19f in do_source_ext /home/fuzz/vim/src/scriptfile.c:1667
|
||||
#15 0x55f4ac49acce in cmd_source /home/fuzz/vim/src/scriptfile.c:1146
|
||||
#16 0x55f4ac49aef7 in ex_source /home/fuzz/vim/src/scriptfile.c:1189
|
||||
#17 0x55f4ac17bec2 in do_one_cmd /home/fuzz/vim/src/ex_docmd.c:2578
|
||||
#18 0x55f4ac17302d in do_cmdline /home/fuzz/vim/src/ex_docmd.c:990
|
||||
#19 0x55f4ac49d19f in do_source_ext /home/fuzz/vim/src/scriptfile.c:1667
|
||||
#20 0x55f4ac49acce in cmd_source /home/fuzz/vim/src/scriptfile.c:1146
|
||||
#21 0x55f4ac49aef7 in ex_source /home/fuzz/vim/src/scriptfile.c:1189
|
||||
#22 0x55f4ac17bec2 in do_one_cmd /home/fuzz/vim/src/ex_docmd.c:2578
|
||||
#23 0x55f4ac17302d in do_cmdline /home/fuzz/vim/src/ex_docmd.c:990
|
||||
#24 0x55f4ac49d19f in do_source_ext /home/fuzz/vim/src/scriptfile.c:1667
|
||||
#25 0x55f4ac49acce in cmd_source /home/fuzz/vim/src/scriptfile.c:1146
|
||||
#26 0x55f4ac49aef7 in ex_source /home/fuzz/vim/src/scriptfile.c:1189
|
||||
#27 0x55f4ac17bec2 in do_one_cmd /home/fuzz/vim/src/ex_docmd.c:2578
|
||||
#28 0x55f4ac17302d in do_cmdline /home/fuzz/vim/src/ex_docmd.c:990
|
||||
#29 0x55f4ac49d19f in do_source_ext /home/fuzz/vim/src/scriptfile.c:1667
|
||||
#30 0x55f4ac49acce in cmd_source /home/fuzz/vim/src/scriptfile.c:1146
|
||||
#31 0x55f4ac49aef7 in ex_source /home/fuzz/vim/src/scriptfile.c:1189
|
||||
#32 0x55f4ac17bec2 in do_one_cmd /home/fuzz/vim/src/ex_docmd.c:2578
|
||||
#33 0x55f4ac17302d in do_cmdline /home/fuzz/vim/src/ex_docmd.c:990
|
||||
#34 0x55f4ac49d19f in do_source_ext /home/fuzz/vim/src/scriptfile.c:1667
|
||||
#35 0x55f4ac49acce in cmd_source /home/fuzz/vim/src/scriptfile.c:1146
|
||||
#36 0x55f4ac49aef7 in ex_source /home/fuzz/vim/src/scriptfile.c:1189
|
||||
#37 0x55f4ac17bec2 in do_one_cmd /home/fuzz/vim/src/ex_docmd.c:2578
|
||||
#38 0x55f4ac17302d in do_cmdline /home/fuzz/vim/src/ex_docmd.c:990
|
||||
#39 0x55f4ac49d19f in do_source_ext /home/fuzz/vim/src/scriptfile.c:1667
|
||||
#40 0x55f4ac49acce in cmd_source /home/fuzz/vim/src/scriptfile.c:1146
|
||||
#41 0x55f4ac49aef7 in ex_source /home/fuzz/vim/src/scriptfile.c:1189
|
||||
#42 0x55f4ac17bec2 in do_one_cmd /home/fuzz/vim/src/ex_docmd.c:2578
|
||||
#43 0x55f4ac17302d in do_cmdline /home/fuzz/vim/src/ex_docmd.c:990
|
||||
#44 0x55f4ac49d19f in do_source_ext /home/fuzz/vim/src/scriptfile.c:1667
|
||||
#45 0x55f4ac49acce in cmd_source /home/fuzz/vim/src/scriptfile.c:1146
|
||||
#46 0x55f4ac49aef7 in ex_source /home/fuzz/vim/src/scriptfile.c:1189
|
||||
#47 0x55f4ac17bec2 in do_one_cmd /home/fuzz/vim/src/ex_docmd.c:2578
|
||||
#48 0x55f4ac17302d in do_cmdline /home/fuzz/vim/src/ex_docmd.c:990
|
||||
#49 0x55f4ac49d19f in do_source_ext /home/fuzz/vim/src/scriptfile.c:1667
|
||||
#50 0x55f4ac49acce in cmd_source /home/fuzz/vim/src/scriptfile.c:1146
|
||||
#51 0x55f4ac49aef7 in ex_source /home/fuzz/vim/src/scriptfile.c:1189
|
||||
#52 0x55f4ac17bec2 in do_one_cmd /home/fuzz/vim/src/ex_docmd.c:2578
|
||||
#53 0x55f4ac17302d in do_cmdline /home/fuzz/vim/src/ex_docmd.c:990
|
||||
#54 0x55f4ac49d19f in do_source_ext /home/fuzz/vim/src/scriptfile.c:1667
|
||||
#55 0x55f4ac49acce in cmd_source /home/fuzz/vim/src/scriptfile.c:1146
|
||||
#56 0x55f4ac49aef7 in ex_source /home/fuzz/vim/src/scriptfile.c:1189
|
||||
#57 0x55f4ac17bec2 in do_one_cmd /home/fuzz/vim/src/ex_docmd.c:2578
|
||||
#58 0x55f4ac17302d in do_cmdline /home/fuzz/vim/src/ex_docmd.c:990
|
||||
#59 0x55f4ac49d19f in do_source_ext /home/fuzz/vim/src/scriptfile.c:1667
|
||||
#60 0x55f4ac49acce in cmd_source /home/fuzz/vim/src/scriptfile.c:1146
|
||||
#61 0x55f4ac49aef7 in ex_source /home/fuzz/vim/src/scriptfile.c:1189
|
||||
#62 0x55f4ac17bec2 in do_one_cmd /home/fuzz/vim/src/ex_docmd.c:2578
|
||||
#63 0x55f4ac17302d in do_cmdline /home/fuzz/vim/src/ex_docmd.c:990
|
||||
#64 0x55f4ac49d19f in do_source_ext /home/fuzz/vim/src/scriptfile.c:1667
|
||||
#65 0x55f4ac49acce in cmd_source /home/fuzz/vim/src/scriptfile.c:1146
|
||||
#66 0x55f4ac49aef7 in ex_source /home/fuzz/vim/src/scriptfile.c:1189
|
||||
#67 0x55f4ac17bec2 in do_one_cmd /home/fuzz/vim/src/ex_docmd.c:2578
|
||||
#68 0x55f4ac17302d in do_cmdline /home/fuzz/vim/src/ex_docmd.c:990
|
||||
#69 0x55f4ac49d19f in do_source_ext /home/fuzz/vim/src/scriptfile.c:1667
|
||||
#70 0x55f4ac49acce in cmd_source /home/fuzz/vim/src/scriptfile.c:1146
|
||||
#71 0x55f4ac49aef7 in ex_source /home/fuzz/vim/src/scriptfile.c:1189
|
||||
#72 0x55f4ac17bec2 in do_one_cmd /home/fuzz/vim/src/ex_docmd.c:2578
|
||||
#73 0x55f4ac17302d in do_cmdline /home/fuzz/vim/src/ex_docmd.c:990
|
||||
#74 0x55f4ac49d19f in do_source_ext /home/fuzz/vim/src/scriptfile.c:1667
|
||||
#75 0x55f4ac49acce in cmd_source /home/fuzz/vim/src/scriptfile.c:1146
|
||||
#76 0x55f4ac49aef7 in ex_source /home/fuzz/vim/src/scriptfile.c:1189
|
||||
#77 0x55f4ac17bec2 in do_one_cmd /home/fuzz/vim/src/ex_docmd.c:2578
|
||||
#78 0x55f4ac17302d in do_cmdline /home/fuzz/vim/src/ex_docmd.c:990
|
||||
#79 0x55f4ac49d19f in do_source_ext /home/fuzz/vim/src/scriptfile.c:1667
|
||||
#80 0x55f4ac49acce in cmd_source /home/fuzz/vim/src/scriptfile.c:1146
|
||||
#81 0x55f4ac49aef7 in ex_source /home/fuzz/vim/src/scriptfile.c:1189
|
||||
#82 0x55f4ac17bec2 in do_one_cmd /home/fuzz/vim/src/ex_docmd.c:2578
|
||||
#83 0x55f4ac17302d in do_cmdline /home/fuzz/vim/src/ex_docmd.c:990
|
||||
#84 0x55f4ac49d19f in do_source_ext /home/fuzz/vim/src/scriptfile.c:1667
|
||||
#85 0x55f4ac49acce in cmd_source /home/fuzz/vim/src/scriptfile.c:1146
|
||||
#86 0x55f4ac49aef7 in ex_source /home/fuzz/vim/src/scriptfile.c:1189
|
||||
#87 0x55f4ac17bec2 in do_one_cmd /home/fuzz/vim/src/ex_docmd.c:2578
|
||||
#88 0x55f4ac17302d in do_cmdline /home/fuzz/vim/src/ex_docmd.c:990
|
||||
#89 0x55f4ac49d19f in do_source_ext /home/fuzz/vim/src/scriptfile.c:1667
|
||||
#90 0x55f4ac49acce in cmd_source /home/fuzz/vim/src/scriptfile.c:1146
|
||||
#91 0x55f4ac49aef7 in ex_source /home/fuzz/vim/src/scriptfile.c:1189
|
||||
#92 0x55f4ac17bec2 in do_one_cmd /home/fuzz/vim/src/ex_docmd.c:2578
|
||||
#93 0x55f4ac17302d in do_cmdline /home/fuzz/vim/src/ex_docmd.c:990
|
||||
#94 0x55f4ac49d19f in do_source_ext /home/fuzz/vim/src/scriptfile.c:1667
|
||||
#95 0x55f4ac49acce in cmd_source /home/fuzz/vim/src/scriptfile.c:1146
|
||||
#96 0x55f4ac49aef7 in ex_source /home/fuzz/vim/src/scriptfile.c:1189
|
||||
#97 0x55f4ac17bec2 in do_one_cmd /home/fuzz/vim/src/ex_docmd.c:2578
|
||||
#98 0x55f4ac17302d in do_cmdline /home/fuzz/vim/src/ex_docmd.c:990
|
||||
#99 0x55f4ac49d19f in do_source_ext /home/fuzz/vim/src/scriptfile.c:1667
|
||||
#100 0x55f4ac49acce in cmd_source /home/fuzz/vim/src/scriptfile.c:1146
|
||||
#101 0x55f4ac49aef7 in ex_source /home/fuzz/vim/src/scriptfile.c:1189
|
||||
#102 0x55f4ac17bec2 in do_one_cmd /home/fuzz/vim/src/ex_docmd.c:2578
|
||||
#103 0x55f4ac17302d in do_cmdline /home/fuzz/vim/src/ex_docmd.c:990
|
||||
#104 0x55f4ac49d19f in do_source_ext /home/fuzz/vim/src/scriptfile.c:1667
|
||||
#105 0x55f4ac49acce in cmd_source /home/fuzz/vim/src/scriptfile.c:1146
|
||||
#106 0x55f4ac49aef7 in ex_source /home/fuzz/vim/src/scriptfile.c:1189
|
||||
#107 0x55f4ac17bec2 in do_one_cmd /home/fuzz/vim/src/ex_docmd.c:2578
|
||||
#108 0x55f4ac17302d in do_cmdline /home/fuzz/vim/src/ex_docmd.c:990
|
||||
#109 0x55f4ac49d19f in do_source_ext /home/fuzz/vim/src/scriptfile.c:1667
|
||||
#110 0x55f4ac49acce in cmd_source /home/fuzz/vim/src/scriptfile.c:1146
|
||||
#111 0x55f4ac49aef7 in ex_source /home/fuzz/vim/src/scriptfile.c:1189
|
||||
#112 0x55f4ac17bec2 in do_one_cmd /home/fuzz/vim/src/ex_docmd.c:2578
|
||||
#113 0x55f4ac17302d in do_cmdline /home/fuzz/vim/src/ex_docmd.c:990
|
||||
#114 0x55f4ac49d19f in do_source_ext /home/fuzz/vim/src/scriptfile.c:1667
|
||||
#115 0x55f4ac49acce in cmd_source /home/fuzz/vim/src/scriptfile.c:1146
|
||||
#116 0x55f4ac49aef7 in ex_source /home/fuzz/vim/src/scriptfile.c:1189
|
||||
#117 0x55f4ac17bec2 in do_one_cmd /home/fuzz/vim/src/ex_docmd.c:2578
|
||||
#118 0x55f4ac17302d in do_cmdline /home/fuzz/vim/src/ex_docmd.c:990
|
||||
#119 0x55f4ac49d19f in do_source_ext /home/fuzz/vim/src/scriptfile.c:1667
|
||||
#120 0x55f4ac49acce in cmd_source /home/fuzz/vim/src/scriptfile.c:1146
|
||||
#121 0x55f4ac49aef7 in ex_source /home/fuzz/vim/src/scriptfile.c:1189
|
||||
#122 0x55f4ac17bec2 in do_one_cmd /home/fuzz/vim/src/ex_docmd.c:2578
|
||||
#123 0x55f4ac17302d in do_cmdline /home/fuzz/vim/src/ex_docmd.c:990
|
||||
#124 0x55f4ac49d19f in do_source_ext /home/fuzz/vim/src/scriptfile.c:1667
|
||||
#125 0x55f4ac49acce in cmd_source /home/fuzz/vim/src/scriptfile.c:1146
|
||||
#126 0x55f4ac49aef7 in ex_source /home/fuzz/vim/src/scriptfile.c:1189
|
||||
#127 0x55f4ac17bec2 in do_one_cmd /home/fuzz/vim/src/ex_docmd.c:2578
|
||||
#128 0x55f4ac17302d in do_cmdline /home/fuzz/vim/src/ex_docmd.c:990
|
||||
#129 0x55f4ac49d19f in do_source_ext /home/fuzz/vim/src/scriptfile.c:1667
|
||||
#130 0x55f4ac49acce in cmd_source /home/fuzz/vim/src/scriptfile.c:1146
|
||||
#131 0x55f4ac49aef7 in ex_source /home/fuzz/vim/src/scriptfile.c:1189
|
||||
#132 0x55f4ac17bec2 in do_one_cmd /home/fuzz/vim/src/ex_docmd.c:2578
|
||||
#133 0x55f4ac17302d in do_cmdline /home/fuzz/vim/src/ex_docmd.c:990
|
||||
#134 0x55f4ac49d19f in do_source_ext /home/fuzz/vim/src/scriptfile.c:1667
|
||||
#135 0x55f4ac49acce in cmd_source /home/fuzz/vim/src/scriptfile.c:1146
|
||||
#136 0x55f4ac49aef7 in ex_source /home/fuzz/vim/src/scriptfile.c:1189
|
||||
#137 0x55f4ac17bec2 in do_one_cmd /home/fuzz/vim/src/ex_docmd.c:2578
|
||||
#138 0x55f4ac17302d in do_cmdline /home/fuzz/vim/src/ex_docmd.c:990
|
||||
#139 0x55f4ac49d19f in do_source_ext /home/fuzz/vim/src/scriptfile.c:1667
|
||||
#140 0x55f4ac49acce in cmd_source /home/fuzz/vim/src/scriptfile.c:1146
|
||||
#141 0x55f4ac49aef7 in ex_source /home/fuzz/vim/src/scriptfile.c:1189
|
||||
#142 0x55f4ac17bec2 in do_one_cmd /home/fuzz/vim/src/ex_docmd.c:2578
|
||||
#143 0x55f4ac17302d in do_cmdline /home/fuzz/vim/src/ex_docmd.c:990
|
||||
#144 0x55f4ac49d19f in do_source_ext /home/fuzz/vim/src/scriptfile.c:1667
|
||||
#145 0x55f4ac49acce in cmd_source /home/fuzz/vim/src/scriptfile.c:1146
|
||||
#146 0x55f4ac49aef7 in ex_source /home/fuzz/vim/src/scriptfile.c:1189
|
||||
#147 0x55f4ac17bec2 in do_one_cmd /home/fuzz/vim/src/ex_docmd.c:2578
|
||||
#148 0x55f4ac17302d in do_cmdline /home/fuzz/vim/src/ex_docmd.c:990
|
||||
#149 0x55f4ac49d19f in do_source_ext /home/fuzz/vim/src/scriptfile.c:1667
|
||||
#150 0x55f4ac49acce in cmd_source /home/fuzz/vim/src/scriptfile.c:1146
|
||||
#151 0x55f4ac49aef7 in ex_source /home/fuzz/vim/src/scriptfile.c:1189
|
||||
#152 0x55f4ac17bec2 in do_one_cmd /home/fuzz/vim/src/ex_docmd.c:2578
|
||||
#153 0x55f4ac17302d in do_cmdline /home/fuzz/vim/src/ex_docmd.c:990
|
||||
#154 0x55f4ac49d19f in do_source_ext /home/fuzz/vim/src/scriptfile.c:1667
|
||||
#155 0x55f4ac49acce in cmd_source /home/fuzz/vim/src/scriptfile.c:1146
|
||||
#156 0x55f4ac49aef7 in ex_source /home/fuzz/vim/src/scriptfile.c:1189
|
||||
#157 0x55f4ac17bec2 in do_one_cmd /home/fuzz/vim/src/ex_docmd.c:2578
|
||||
#158 0x55f4ac17302d in do_cmdline /home/fuzz/vim/src/ex_docmd.c:990
|
||||
#159 0x55f4ac49d19f in do_source_ext /home/fuzz/vim/src/scriptfile.c:1667
|
||||
#160 0x55f4ac49acce in cmd_source /home/fuzz/vim/src/scriptfile.c:1146
|
||||
#161 0x55f4ac49aef7 in ex_source /home/fuzz/vim/src/scriptfile.c:1189
|
||||
#162 0x55f4ac17bec2 in do_one_cmd /home/fuzz/vim/src/ex_docmd.c:2578
|
||||
#163 0x55f4ac17302d in do_cmdline /home/fuzz/vim/src/ex_docmd.c:990
|
||||
#164 0x55f4ac49d19f in do_source_ext /home/fuzz/vim/src/scriptfile.c:1667
|
||||
#165 0x55f4ac49acce in cmd_source /home/fuzz/vim/src/scriptfile.c:1146
|
||||
#166 0x55f4ac49aef7 in ex_source /home/fuzz/vim/src/scriptfile.c:1189
|
||||
#167 0x55f4ac17bec2 in do_one_cmd /home/fuzz/vim/src/ex_docmd.c:2578
|
||||
#168 0x55f4ac17302d in do_cmdline /home/fuzz/vim/src/ex_docmd.c:990
|
||||
#169 0x55f4ac49d19f in do_source_ext /home/fuzz/vim/src/scriptfile.c:1667
|
||||
#170 0x55f4ac49acce in cmd_source /home/fuzz/vim/src/scriptfile.c:1146
|
||||
#171 0x55f4ac49aef7 in ex_source /home/fuzz/vim/src/scriptfile.c:1189
|
||||
#172 0x55f4ac17bec2 in do_one_cmd /home/fuzz/vim/src/ex_docmd.c:2578
|
||||
#173 0x55f4ac17302d in do_cmdline /home/fuzz/vim/src/ex_docmd.c:990
|
||||
#174 0x55f4ac49d19f in do_source_ext /home/fuzz/vim/src/scriptfile.c:1667
|
||||
#175 0x55f4ac49acce in cmd_source /home/fuzz/vim/src/scriptfile.c:1146
|
||||
#176 0x55f4ac49aef7 in ex_source /home/fuzz/vim/src/scriptfile.c:1189
|
||||
#177 0x55f4ac17bec2 in do_one_cmd /home/fuzz/vim/src/ex_docmd.c:2578
|
||||
#178 0x55f4ac17302d in do_cmdline /home/fuzz/vim/src/ex_docmd.c:990
|
||||
#179 0x55f4ac49d19f in do_source_ext /home/fuzz/vim/src/scriptfile.c:1667
|
||||
#180 0x55f4ac49acce in cmd_source /home/fuzz/vim/src/scriptfile.c:1146
|
||||
#181 0x55f4ac49aef7 in ex_source /home/fuzz/vim/src/scriptfile.c:1189
|
||||
#182 0x55f4ac17bec2 in do_one_cmd /home/fuzz/vim/src/ex_docmd.c:2578
|
||||
#183 0x55f4ac17302d in do_cmdline /home/fuzz/vim/src/ex_docmd.c:990
|
||||
#184 0x55f4ac49d19f in do_source_ext /home/fuzz/vim/src/scriptfile.c:1667
|
||||
#185 0x55f4ac49acce in cmd_source /home/fuzz/vim/src/scriptfile.c:1146
|
||||
#186 0x55f4ac49aef7 in ex_source /home/fuzz/vim/src/scriptfile.c:1189
|
||||
#187 0x55f4ac17bec2 in do_one_cmd /home/fuzz/vim/src/ex_docmd.c:2578
|
||||
#188 0x55f4ac17302d in do_cmdline /home/fuzz/vim/src/ex_docmd.c:990
|
||||
#189 0x55f4ac49d19f in do_source_ext /home/fuzz/vim/src/scriptfile.c:1667
|
||||
#190 0x55f4ac49acce in cmd_source /home/fuzz/vim/src/scriptfile.c:1146
|
||||
#191 0x55f4ac49aef7 in ex_source /home/fuzz/vim/src/scriptfile.c:1189
|
||||
#192 0x55f4ac17bec2 in do_one_cmd /home/fuzz/vim/src/ex_docmd.c:2578
|
||||
#193 0x55f4ac17302d in do_cmdline /home/fuzz/vim/src/ex_docmd.c:990
|
||||
#194 0x55f4ac49d19f in do_source_ext /home/fuzz/vim/src/scriptfile.c:1667
|
||||
#195 0x55f4ac49acce in cmd_source /home/fuzz/vim/src/scriptfile.c:1146
|
||||
#196 0x55f4ac49aef7 in ex_source /home/fuzz/vim/src/scriptfile.c:1189
|
||||
#197 0x55f4ac17bec2 in do_one_cmd /home/fuzz/vim/src/ex_docmd.c:2578
|
||||
#198 0x55f4ac17302d in do_cmdline /home/fuzz/vim/src/ex_docmd.c:990
|
||||
#199 0x55f4ac49d19f in do_source_ext /home/fuzz/vim/src/scriptfile.c:1667
|
||||
#200 0x55f4ac49acce in cmd_source /home/fuzz/vim/src/scriptfile.c:1146
|
||||
#201 0x55f4ac49aef7 in ex_source /home/fuzz/vim/src/scriptfile.c:1189
|
||||
#202 0x55f4ac17bec2 in do_one_cmd /home/fuzz/vim/src/ex_docmd.c:2578
|
||||
#203 0x55f4ac17302d in do_cmdline /home/fuzz/vim/src/ex_docmd.c:990
|
||||
#204 0x55f4ac49d19f in do_source_ext /home/fuzz/vim/src/scriptfile.c:1667
|
||||
#205 0x55f4ac49acce in cmd_source /home/fuzz/vim/src/scriptfile.c:1146
|
||||
#206 0x55f4ac49aef7 in ex_source /home/fuzz/vim/src/scriptfile.c:1189
|
||||
#207 0x55f4ac17bec2 in do_one_cmd /home/fuzz/vim/src/ex_docmd.c:2578
|
||||
#208 0x55f4ac17302d in do_cmdline /home/fuzz/vim/src/ex_docmd.c:990
|
||||
#209 0x55f4ac49d19f in do_source_ext /home/fuzz/vim/src/scriptfile.c:1667
|
||||
#210 0x55f4ac49acce in cmd_source /home/fuzz/vim/src/scriptfile.c:1146
|
||||
#211 0x55f4ac49aef7 in ex_source /home/fuzz/vim/src/scriptfile.c:1189
|
||||
#212 0x55f4ac17bec2 in do_one_cmd /home/fuzz/vim/src/ex_docmd.c:2578
|
||||
#213 0x55f4ac17302d in do_cmdline /home/fuzz/vim/src/ex_docmd.c:990
|
||||
#214 0x55f4ac49d19f in do_source_ext /home/fuzz/vim/src/scriptfile.c:1667
|
||||
#215 0x55f4ac49acce in cmd_source /home/fuzz/vim/src/scriptfile.c:1146
|
||||
#216 0x55f4ac49aef7 in ex_source /home/fuzz/vim/src/scriptfile.c:1189
|
||||
#217 0x55f4ac17bec2 in do_one_cmd /home/fuzz/vim/src/ex_docmd.c:2578
|
||||
#218 0x55f4ac17302d in do_cmdline /home/fuzz/vim/src/ex_docmd.c:990
|
||||
#219 0x55f4ac49d19f in do_source_ext /home/fuzz/vim/src/scriptfile.c:1667
|
||||
#220 0x55f4ac49acce in cmd_source /home/fuzz/vim/src/scriptfile.c:1146
|
||||
#221 0x55f4ac49aef7 in ex_source /home/fuzz/vim/src/scriptfile.c:1189
|
||||
#222 0x55f4ac17bec2 in do_one_cmd /home/fuzz/vim/src/ex_docmd.c:2578
|
||||
#223 0x55f4ac17302d in do_cmdline /home/fuzz/vim/src/ex_docmd.c:990
|
||||
#224 0x55f4ac49d19f in do_source_ext /home/fuzz/vim/src/scriptfile.c:1667
|
||||
#225 0x55f4ac49acce in cmd_source /home/fuzz/vim/src/scriptfile.c:1146
|
||||
#226 0x55f4ac49aef7 in ex_source /home/fuzz/vim/src/scriptfile.c:1189
|
||||
#227 0x55f4ac17bec2 in do_one_cmd /home/fuzz/vim/src/ex_docmd.c:2578
|
||||
#228 0x55f4ac17302d in do_cmdline /home/fuzz/vim/src/ex_docmd.c:990
|
||||
#229 0x55f4ac49d19f in do_source_ext /home/fuzz/vim/src/scriptfile.c:1667
|
||||
#230 0x55f4ac49acce in cmd_source /home/fuzz/vim/src/scriptfile.c:1146
|
||||
#231 0x55f4ac49aef7 in ex_source /home/fuzz/vim/src/scriptfile.c:1189
|
||||
#232 0x55f4ac17bec2 in do_one_cmd /home/fuzz/vim/src/ex_docmd.c:2578
|
||||
#233 0x55f4ac17302d in do_cmdline /home/fuzz/vim/src/ex_docmd.c:990
|
||||
#234 0x55f4ac49d19f in do_source_ext /home/fuzz/vim/src/scriptfile.c:1667
|
||||
#235 0x55f4ac49acce in cmd_source /home/fuzz/vim/src/scriptfile.c:1146
|
||||
#236 0x55f4ac49aef7 in ex_source /home/fuzz/vim/src/scriptfile.c:1189
|
||||
#237 0x55f4ac17bec2 in do_one_cmd /home/fuzz/vim/src/ex_docmd.c:2578
|
||||
#238 0x55f4ac17302d in do_cmdline /home/fuzz/vim/src/ex_docmd.c:990
|
||||
#239 0x55f4ac49d19f in do_source_ext /home/fuzz/vim/src/scriptfile.c:1667
|
||||
#240 0x55f4ac49acce in cmd_source /home/fuzz/vim/src/scriptfile.c:1146
|
||||
#241 0x55f4ac49aef7 in ex_source /home/fuzz/vim/src/scriptfile.c:1189
|
||||
#242 0x55f4ac17bec2 in do_one_cmd /home/fuzz/vim/src/ex_docmd.c:2578
|
||||
#243 0x55f4ac17302d in do_cmdline /home/fuzz/vim/src/ex_docmd.c:990
|
||||
#244 0x55f4ac49d19f in do_source_ext /home/fuzz/vim/src/scriptfile.c:1667
|
||||
#245 0x55f4ac49acce in cmd_source /home/fuzz/vim/src/scriptfile.c:1146
|
||||
#246 0x55f4ac49aef7 in ex_source /home/fuzz/vim/src/scriptfile.c:1189
|
||||
#247 0x55f4ac17bec2 in do_one_cmd /home/fuzz/vim/src/ex_docmd.c:2578
|
||||
#248 0x55f4ac17302d in do_cmdline /home/fuzz/vim/src/ex_docmd.c:990
|
||||
#249 0x55f4ac49d19f in do_source_ext /home/fuzz/vim/src/scriptfile.c:1667
|
||||
#250 0x55f4ac49acce in cmd_source /home/fuzz/vim/src/scriptfile.c:1146
|
||||
|
||||
0x61b00005be88 is located 8 bytes inside of 1464-byte region [0x61b00005be80,0x61b00005c438)
|
||||
freed by thread T0 here:
|
||||
#0 0x7f862ee4340f in __interceptor_free ../../../../src/libsanitizer/asan/asan_malloc_linux.cc:122
|
||||
#1 0x55f4abfed596 in vim_free /home/fuzz/vim/src/alloc.c:615
|
||||
#2 0x55f4ac3e91ab in ll_free_all /home/fuzz/vim/src/quickfix.c:2049
|
||||
#3 0x55f4ac4023ee in qf_free_stack /home/fuzz/vim/src/quickfix.c:7714
|
||||
#4 0x55f4ac4024b6 in set_errorlist /home/fuzz/vim/src/quickfix.c:7750
|
||||
#5 0x55f4ac40612e in set_qf_ll_list /home/fuzz/vim/src/quickfix.c:8560
|
||||
#6 0x55f4ac4062a9 in f_setloclist /home/fuzz/vim/src/quickfix.c:8589
|
||||
#7 0x55f4ac111208 in call_internal_func /home/fuzz/vim/src/evalfunc.c:3049
|
||||
#8 0x55f4ac621a2d in call_func /home/fuzz/vim/src/userfunc.c:3681
|
||||
#9 0x55f4ac6181b9 in get_func_tv /home/fuzz/vim/src/userfunc.c:1841
|
||||
#10 0x55f4ac62dd32 in ex_call_inner /home/fuzz/vim/src/userfunc.c:5647
|
||||
#11 0x55f4ac62fb45 in ex_call /home/fuzz/vim/src/userfunc.c:5971
|
||||
#12 0x55f4ac17bec2 in do_one_cmd /home/fuzz/vim/src/ex_docmd.c:2578
|
||||
#13 0x55f4ac17302d in do_cmdline /home/fuzz/vim/src/ex_docmd.c:990
|
||||
#14 0x55f4ac001c18 in apply_autocmds_group /home/fuzz/vim/src/autocmd.c:2232
|
||||
#15 0x55f4ac000401 in apply_autocmds /home/fuzz/vim/src/autocmd.c:1710
|
||||
#16 0x55f4ac3a3fce in did_set_string_option /home/fuzz/vim/src/optionstr.c:2540
|
||||
#17 0x55f4ac399413 in set_string_option /home/fuzz/vim/src/optionstr.c:538
|
||||
#18 0x55f4ac38203f in set_option_value /home/fuzz/vim/src/option.c:4378
|
||||
#19 0x55f4ac382284 in set_option_value_give_err /home/fuzz/vim/src/option.c:4423
|
||||
#20 0x55f4ac3f61df in qf_fill_buffer /home/fuzz/vim/src/quickfix.c:4855
|
||||
#21 0x55f4ac3f4f31 in qf_update_buffer /home/fuzz/vim/src/quickfix.c:4604
|
||||
#22 0x55f4ac3f1e4a in qf_age /home/fuzz/vim/src/quickfix.c:3902
|
||||
#23 0x55f4ac17bec2 in do_one_cmd /home/fuzz/vim/src/ex_docmd.c:2578
|
||||
#24 0x55f4ac17302d in do_cmdline /home/fuzz/vim/src/ex_docmd.c:990
|
||||
#25 0x55f4ac60adaa in do_ucmd /home/fuzz/vim/src/usercmd.c:1912
|
||||
#26 0x55f4ac17be2c in do_one_cmd /home/fuzz/vim/src/ex_docmd.c:2571
|
||||
#27 0x55f4ac17302d in do_cmdline /home/fuzz/vim/src/ex_docmd.c:990
|
||||
#28 0x55f4ac49d19f in do_source_ext /home/fuzz/vim/src/scriptfile.c:1667
|
||||
#29 0x55f4ac49acce in cmd_source /home/fuzz/vim/src/scriptfile.c:1146
|
||||
|
||||
previously allocated by thread T0 here:
|
||||
#0 0x7f862ee43808 in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cc:144
|
||||
#1 0x55f4abfed2aa in lalloc /home/fuzz/vim/src/alloc.c:246
|
||||
#2 0x55f4abfed140 in alloc_clear /home/fuzz/vim/src/alloc.c:177
|
||||
#3 0x55f4abfed1e1 in alloc_clear_id /home/fuzz/vim/src/alloc.c:193
|
||||
#4 0x55f4ac3e9cec in qf_alloc_stack /home/fuzz/vim/src/quickfix.c:2233
|
||||
#5 0x55f4ac40231d in qf_free_stack /home/fuzz/vim/src/quickfix.c:7707
|
||||
#6 0x55f4ac4024b6 in set_errorlist /home/fuzz/vim/src/quickfix.c:7750
|
||||
#7 0x55f4ac40612e in set_qf_ll_list /home/fuzz/vim/src/quickfix.c:8560
|
||||
#8 0x55f4ac4062a9 in f_setloclist /home/fuzz/vim/src/quickfix.c:8589
|
||||
#9 0x55f4ac111208 in call_internal_func /home/fuzz/vim/src/evalfunc.c:3049
|
||||
#10 0x55f4ac621a2d in call_func /home/fuzz/vim/src/userfunc.c:3681
|
||||
#11 0x55f4ac6181b9 in get_func_tv /home/fuzz/vim/src/userfunc.c:1841
|
||||
#12 0x55f4ac62dd32 in ex_call_inner /home/fuzz/vim/src/userfunc.c:5647
|
||||
#13 0x55f4ac62fb45 in ex_call /home/fuzz/vim/src/userfunc.c:5971
|
||||
#14 0x55f4ac17bec2 in do_one_cmd /home/fuzz/vim/src/ex_docmd.c:2578
|
||||
#15 0x55f4ac17302d in do_cmdline /home/fuzz/vim/src/ex_docmd.c:990
|
||||
#16 0x55f4ac001c18 in apply_autocmds_group /home/fuzz/vim/src/autocmd.c:2232
|
||||
#17 0x55f4ac000401 in apply_autocmds /home/fuzz/vim/src/autocmd.c:1710
|
||||
#18 0x55f4ac3a3fce in did_set_string_option /home/fuzz/vim/src/optionstr.c:2540
|
||||
#19 0x55f4ac399413 in set_string_option /home/fuzz/vim/src/optionstr.c:538
|
||||
#20 0x55f4ac38203f in set_option_value /home/fuzz/vim/src/option.c:4378
|
||||
#21 0x55f4ac382284 in set_option_value_give_err /home/fuzz/vim/src/option.c:4423
|
||||
#22 0x55f4ac3f61df in qf_fill_buffer /home/fuzz/vim/src/quickfix.c:4855
|
||||
#23 0x55f4ac3f3eea in ex_copen /home/fuzz/vim/src/quickfix.c:4372
|
||||
#24 0x55f4ac17bec2 in do_one_cmd /home/fuzz/vim/src/ex_docmd.c:2578
|
||||
#25 0x55f4ac17302d in do_cmdline /home/fuzz/vim/src/ex_docmd.c:990
|
||||
#26 0x55f4ac49d19f in do_source_ext /home/fuzz/vim/src/scriptfile.c:1667
|
||||
#27 0x55f4ac49acce in cmd_source /home/fuzz/vim/src/scriptfile.c:1146
|
||||
#28 0x55f4ac49aef7 in ex_source /home/fuzz/vim/src/scriptfile.c:1189
|
||||
#29 0x55f4ac17bec2 in do_one_cmd /home/fuzz/vim/src/ex_docmd.c:2578
|
||||
|
||||
SUMMARY: AddressSanitizer: heap-use-after-free /home/fuzz/vim/src/quickfix.c:1932 in qf_get_curlist
|
||||
Shadow bytes around the buggy address:
|
||||
0x0c3680003780: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
|
||||
0x0c3680003790: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
|
||||
0x0c36800037a0: fd fd fd fd fd fd fd fa fa fa fa fa fa fa fa fa
|
||||
0x0c36800037b0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
|
||||
0x0c36800037c0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
|
||||
=>0x0c36800037d0: fd[fd]fd fd fd fd fd fd fd fd fd fd fd fd fd fd
|
||||
0x0c36800037e0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
|
||||
0x0c36800037f0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
|
||||
0x0c3680003800: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
|
||||
0x0c3680003810: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
|
||||
0x0c3680003820: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
|
||||
Shadow byte legend (one shadow byte represents 8 application bytes):
|
||||
Addressable: 00
|
||||
Partially addressable: 01 02 03 04 05 06 07
|
||||
Heap left redzone: fa
|
||||
Freed heap region: fd
|
||||
Stack left redzone: f1
|
||||
Stack mid redzone: f2
|
||||
Stack right redzone: f3
|
||||
Stack after return: f5
|
||||
Stack use after scope: f8
|
||||
Global redzone: f9
|
||||
Global init order: f6
|
||||
Poisoned by user: f7
|
||||
Container overflow: fc
|
||||
Array cookie: ac
|
||||
Intra object redzone: bb
|
||||
ASan internal: fe
|
||||
Left alloca redzone: ca
|
||||
Right alloca redzone: cb
|
||||
Shadow gap: cc
|
||||
==147326==ABORTING
|
||||
```
|
||||
**影响**
|
||||
Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.
|
||||
Loading…
Reference in New Issue