Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Someone posted a crash report: https://gist.github.com/steipete/a759b56dc1b5d94ba5b3c03ddd0...

Looks like a heap corruption, leading to a failure when allocating memory later on:

    Application Specific Information:
    abort() called
    *** error for object 0x604000673e00: Invalid pointer dequeued from free list
    
    Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
    0   libsystem_kernel.dylib        	0x00007fff73a30e3e __pthread_kill + 10
    1   libsystem_pthread.dylib       	0x00007fff73b6f150 pthread_kill + 333
    2   libsystem_c.dylib             	0x00007fff7398d312 abort + 127
    3   libsystem_malloc.dylib        	0x00007fff73a9bdbf nanozone_error + 502
    4   libsystem_malloc.dylib        	0x00007fff73a8fdac _nano_malloc_check_clear + 410
    5   libsystem_malloc.dylib        	0x00007fff73a901d7 nano_calloc + 72
    6   libsystem_malloc.dylib        	0x00007fff73a8acc0 malloc_zone_calloc + 87
    7   libsystem_malloc.dylib        	0x00007fff73a8b5d6 calloc + 30
Probably caused by an out of bounds write on some heap buffer. If this bug is also present on OS X, it would be interesting to see where it crashes with some of the malloc debugging flags enabled (https://developer.apple.com/library/content/documentation/Pe...), hopefully to get a crash a bit closer to the root cause.


This char string will crash safari on my up to date Mac.


Could you run Safari under lldb, setting environment variable DYLD_INSERT_LIBRARIES=/usr/lib/libgmalloc.dylib?

Should look something like this:

    $ lldb /Applications/Safari.app/Contents/MacOS/Safari
    (lldb) env DYLD_INSERT_LIBRARIES=/usr/lib/libgmalloc.dylib
    (lldb) process launch
Assuming this is a heap buffer overflow, this should cause it to crash at the point of memory corruption, as it hits an adjacent guard page.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: