Untitled
unknown
plain_text
a year ago
4.0 kB
3
Indexable
alsakz@scripts-d77458-001:/tmp$ secexpr -e 'FileMove("xxx", StrRepeat("A", 10000))'
Setting IsDeveloperSession to True for non-procmon secexpr process
Evaluating...
FatalSignal 11 (Segmentation fault) while accessing address 0x0000000000000000
at /sw/ficc/liberty-20240722/linux64_g63.dll/libkool_ade.so(FileMove+0xc4)[0x7fcfa1f3f284]
Thread's registers:
RAX 0000000000000000 RBX 4141414141414141 RCX 0000000000000000 RDX 0000000000000009
RSI 00007fcfa28f2ca9 RDI 00000000ffffffff RBP 4141414141414141 RSP 00007fff8ec88cc8
R8 00007fcfa28f0500 R9 00007fcfa28f2ca8 R10 00007fcfa28f0561 R11 0000000000000000
R12 4141414141414141 R13 4141414141414141 R14 4141414141414141 R15 4141414141414141
Thread's call stack:
--- process status ---
Name: secexpr
Umask: 0002
State: R (running)
Tgid: 417148
Ngid: 0
Pid: 417148
PPid: 391243
TracerPid: 0
Uid: 800497818 800497818 800497818 800497818
Gid: 800497818 800497818 800497818 800497818
FDSize: 256
Groups: 800497818
NStgid: 417148
NSpid: 417148
NSpgid: 417148
NSsid: 391243
VmPeak: 1000172 kB
VmSize: 1000172 kB
VmLck: 0 kB
VmPin: 0 kB
VmHWM: 249492 kB
VmRSS: 249492 kB
RssAnon: 179740 kB
RssFile: 69752 kB
RssShmem: 0 kB
VmData: 198288 kB
VmStk: 188 kB
VmExe: 8 kB
VmLib: 220876 kB
VmPTE: 1460 kB
VmSwap: 0 kB
HugetlbPages: 0 kB
CoreDumping: 0
THP_enabled: 1
Threads: 3
SigQ: 0/63147
SigPnd: 0000000000000000
ShdPnd: 0000000000000000
SigBlk: 0000000000000400
SigIgn: 0000000000000000
SigCgt: 00000001800074cc
CapInh: 0000000000000000
CapPrm: 0000000000000000
CapEff: 0000000000000000
CapBnd: 000001ffffffffff
CapAmb: 0000000000000000
NoNewPrivs: 0
Seccomp: 0
Speculation_Store_Bypass: vulnerable
Cpus_allowed: 3
Cpus_allowed_list: 0-1
Mems_allowed: 00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000001
Mems_allowed_list: 0
voluntary_ctxt_switches: 356
nonvoluntary_ctxt_switches: 34
--- end process status ---
--- Slang call stack ---
Segmentation fault (core dumped)
undefined8 FileMove(char *param_1,char *param_2,int param_3)
{
int iVar1;
undefined8 uVar2;
char *pcVar3;
bool bVar4;
stat64 local_10c8;
char local_1038 [4104];
iVar1 = __xstat64(1,param_2,&local_10c8);
bVar4 = iVar1 == 0;
if ((bVar4) && ((local_10c8.st_mode & 0xf000) == 0x4000)) {
pcVar3 = strrchr(param_1,0x2f);
if ((pcVar3 != (char *)0x0) || (pcVar3 = strrchr(param_1,0x5c), pcVar3 != (char *)0x0)) {
sprintf(local_1038,"%s%s",param_2,pcVar3);
iVar1 = __xstat64(1,local_1038,&local_10c8);
bVar4 = iVar1 == 0;
goto LAB_0014e22d;
}
strcpy(local_1038,param_2);
if (param_3 == 0) goto LAB_0014e2d8;
LAB_0014e308:
iVar1 = remove(param_2);
if (iVar1 == 0) goto LAB_0014e23e;
iVar1 = FileCopy(param_1,local_1038);
}
else {
strcpy(local_1038,param_2);
LAB_0014e22d:
if (param_3 == 0) {
if (bVar4) {
LAB_0014e2d8:
uVar2 = Err(0x12d,"FileMove( %s, %s ): destination file already exists",param_1,param_2);
return uVar2;
}
}
else if (bVar4) goto LAB_0014e308;
LAB_0014e23e:
iVar1 = link(param_1,param_2);
if (iVar1 == 0) goto LAB_0014e260;
iVar1 = FileCopy(param_1,local_1038);
}
if (iVar1 != 0) {
uVar2 = ErrMore("FileMove");
return uVar2;
}
LAB_0014e260:
iVar1 = remove(param_1);
uVar2 = 1;
if (iVar1 != 0) {
uVar2 = Err(0x12d,"FileMove( %s, %s ): could not delete source file",param_1,param_2);
}
return uVar2;
}
Editor is loading...
Leave a Comment