root@remnux:/home/remnux/Desktop/n-day/libarchive_int_overflow/libarchive-2.8.3# LD_LIBRARY_PATH=./.libs valgrind --tool=memcheck ./INTEGER_OVERFLOW ==14550== Memcheck, a memory error detector ==14550== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al. ==14550== Using Valgrind-3.15.0 and LibVEX; rerun with -h for copyright info ==14550== Command: ./INTEGER_OVERFLOW ==14550== [+] Call main function... [+] Start RAR PARSER... [+] Archive Memory : --------------- [+] Size buffer : 47 (hex=2F) ------------------------------------ [+] Triggering Final Free (This should be the Double Free)... [+] Triggering Final Free... ==14550== Invalid read of size 8 ==14550== at 0x486F524: archive_read_finish (archive_virtual.c:63) ==14550== by 0x109526: func_1 (in /home/remnux/Desktop/n-day/libarchive_int_overflow/libarchive-2.8.3/INTEGER_OVERFLOW) ==14550== by 0x109587: main (in /home/remnux/Desktop/n-day/libarchive_int_overflow/libarchive-2.8.3/INTEGER_OVERFLOW) ==14550== Address 0x6fab138 is 8 bytes inside a block of size 1,120 free'd ==14550== at 0x483CA3F: free (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so) ==14550== by 0x4857F5C: _archive_read_finish (archive_read.c:806) ==14550== by 0x10950E: func_1 (in /home/remnux/Desktop/n-day/libarchive_int_overflow/libarchive-2.8.3/INTEGER_OVERFLOW) ==14550== by 0x109587: main (in /home/remnux/Desktop/n-day/libarchive_int_overflow/libarchive-2.8.3/INTEGER_OVERFLOW) ==14550== Block was alloc'd at ==14550== at 0x483DD99: calloc (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so) ==14550== by 0x48580F4: archive_read_new (archive_read.c:86) ==14550== by 0x1093BE: func_1 (in /home/remnux/Desktop/n-day/libarchive_int_overflow/libarchive-2.8.3/INTEGER_OVERFLOW) ==14550== by 0x109587: main (in /home/remnux/Desktop/n-day/libarchive_int_overflow/libarchive-2.8.3/INTEGER_OVERFLOW) ==14550== ==14550== Invalid read of size 4 ==14550== at 0x48549D9: __archive_check_magic (archive_check_magic.c:114) ==14550== by 0x4857EF9: _archive_read_finish (archive_read.c:789) ==14550== by 0x109526: func_1 (in /home/remnux/Desktop/n-day/libarchive_int_overflow/libarchive-2.8.3/INTEGER_OVERFLOW) ==14550== by 0x109587: main (in /home/remnux/Desktop/n-day/libarchive_int_overflow/libarchive-2.8.3/INTEGER_OVERFLOW) ==14550== Address 0x6fab130 is 0 bytes inside a block of size 1,120 free'd ==14550== at 0x483CA3F: free (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so) ==14550== by 0x4857F5C: _archive_read_finish (archive_read.c:806) ==14550== by 0x10950E: func_1 (in /home/remnux/Desktop/n-day/libarchive_int_overflow/libarchive-2.8.3/INTEGER_OVERFLOW) ==14550== by 0x109587: main (in /home/remnux/Desktop/n-day/libarchive_int_overflow/libarchive-2.8.3/INTEGER_OVERFLOW) ==14550== Block was alloc'd at ==14550== at 0x483DD99: calloc (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so) ==14550== by 0x48580F4: archive_read_new (archive_read.c:86) ==14550== by 0x1093BE: func_1 (in /home/remnux/Desktop/n-day/libarchive_int_overflow/libarchive-2.8.3/INTEGER_OVERFLOW) ==14550== by 0x109587: main (in /home/remnux/Desktop/n-day/libarchive_int_overflow/libarchive-2.8.3/INTEGER_OVERFLOW) ==14550== ==14550== Invalid read of size 4 ==14550== at 0x4857EFA: _archive_read_finish (archive_read.c:791) ==14550== by 0x109526: func_1 (in /home/remnux/Desktop/n-day/libarchive_int_overflow/libarchive-2.8.3/INTEGER_OVERFLOW) ==14550== by 0x109587: main (in /home/remnux/Desktop/n-day/libarchive_int_overflow/libarchive-2.8.3/INTEGER_OVERFLOW) ==14550== Address 0x6fab134 is 4 bytes inside a block of size 1,120 free'd ==14550== at 0x483CA3F: free (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so) ==14550== by 0x4857F5C: _archive_read_finish (archive_read.c:806) ==14550== by 0x10950E: func_1 (in /home/remnux/Desktop/n-day/libarchive_int_overflow/libarchive-2.8.3/INTEGER_OVERFLOW) ==14550== by 0x109587: main (in /home/remnux/Desktop/n-day/libarchive_int_overflow/libarchive-2.8.3/INTEGER_OVERFLOW) ==14550== Block was alloc'd at ==14550== at 0x483DD99: calloc (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so) ==14550== by 0x48580F4: archive_read_new (archive_read.c:86) ==14550== by 0x1093BE: func_1 (in /home/remnux/Desktop/n-day/libarchive_int_overflow/libarchive-2.8.3/INTEGER_OVERFLOW) ==14550== by 0x109587: main (in /home/remnux/Desktop/n-day/libarchive_int_overflow/libarchive-2.8.3/INTEGER_OVERFLOW) ==14550== ==14550== Invalid read of size 8 ==14550== at 0x4857F20: _archive_read_finish (archive_read.c:798) ==14550== by 0x109526: func_1 (in /home/remnux/Desktop/n-day/libarchive_int_overflow/libarchive-2.8.3/INTEGER_OVERFLOW) ==14550== by 0x109587: main (in /home/remnux/Desktop/n-day/libarchive_int_overflow/libarchive-2.8.3/INTEGER_OVERFLOW) ==14550== Address 0x6fab370 is 576 bytes inside a block of size 1,120 free'd ==14550== at 0x483CA3F: free (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so) ==14550== by 0x4857F5C: _archive_read_finish (archive_read.c:806) ==14550== by 0x10950E: func_1 (in /home/remnux/Desktop/n-day/libarchive_int_overflow/libarchive-2.8.3/INTEGER_OVERFLOW) ==14550== by 0x109587: main (in /home/remnux/Desktop/n-day/libarchive_int_overflow/libarchive-2.8.3/INTEGER_OVERFLOW) ==14550== Block was alloc'd at ==14550== at 0x483DD99: calloc (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so) ==14550== by 0x48580F4: archive_read_new (archive_read.c:86) ==14550== by 0x1093BE: func_1 (in /home/remnux/Desktop/n-day/libarchive_int_overflow/libarchive-2.8.3/INTEGER_OVERFLOW) ==14550== by 0x109587: main (in /home/remnux/Desktop/n-day/libarchive_int_overflow/libarchive-2.8.3/INTEGER_OVERFLOW) ==14550== ==14550== Invalid write of size 8 ==14550== at 0x4857F24: _archive_read_finish (archive_read.c:797) ==14550== by 0x109526: func_1 (in /home/remnux/Desktop/n-day/libarchive_int_overflow/libarchive-2.8.3/INTEGER_OVERFLOW) ==14550== by 0x109587: main (in /home/remnux/Desktop/n-day/libarchive_int_overflow/libarchive-2.8.3/INTEGER_OVERFLOW) ==14550== Address 0x6fab578 is 1,096 bytes inside a block of size 1,120 free'd ==14550== at 0x483CA3F: free (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so) ==14550== by 0x4857F5C: _archive_read_finish (archive_read.c:806) ==14550== by 0x10950E: func_1 (in /home/remnux/Desktop/n-day/libarchive_int_overflow/libarchive-2.8.3/INTEGER_OVERFLOW) ==14550== by 0x109587: main (in /home/remnux/Desktop/n-day/libarchive_int_overflow/libarchive-2.8.3/INTEGER_OVERFLOW) ==14550== Block was alloc'd at ==14550== at 0x483DD99: calloc (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so) ==14550== by 0x48580F4: archive_read_new (archive_read.c:86) ==14550== by 0x1093BE: func_1 (in /home/remnux/Desktop/n-day/libarchive_int_overflow/libarchive-2.8.3/INTEGER_OVERFLOW) ==14550== by 0x109587: main (in /home/remnux/Desktop/n-day/libarchive_int_overflow/libarchive-2.8.3/INTEGER_OVERFLOW) ==14550== ==14550== Invalid read of size 8 ==14550== at 0x485DE5D: archive_read_format_ar_cleanup (archive_read_support_format_ar.c:129) ==14550== by 0x4857F34: _archive_read_finish (archive_read.c:799) ==14550== by 0x109526: func_1 (in /home/remnux/Desktop/n-day/libarchive_int_overflow/libarchive-2.8.3/INTEGER_OVERFLOW) ==14550== by 0x109587: main (in /home/remnux/Desktop/n-day/libarchive_int_overflow/libarchive-2.8.3/INTEGER_OVERFLOW) ==14550== Address 0x6fab578 is 1,096 bytes inside a block of size 1,120 free'd ==14550== at 0x483CA3F: free (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so) ==14550== by 0x4857F5C: _archive_read_finish (archive_read.c:806) ==14550== by 0x10950E: func_1 (in /home/remnux/Desktop/n-day/libarchive_int_overflow/libarchive-2.8.3/INTEGER_OVERFLOW) ==14550== by 0x109587: main (in /home/remnux/Desktop/n-day/libarchive_int_overflow/libarchive-2.8.3/INTEGER_OVERFLOW) ==14550== Block was alloc'd at ==14550== at 0x483DD99: calloc (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so) ==14550== by 0x48580F4: archive_read_new (archive_read.c:86) ==14550== by 0x1093BE: func_1 (in /home/remnux/Desktop/n-day/libarchive_int_overflow/libarchive-2.8.3/INTEGER_OVERFLOW) ==14550== by 0x109587: main (in /home/remnux/Desktop/n-day/libarchive_int_overflow/libarchive-2.8.3/INTEGER_OVERFLOW) ==14550== ==14550== Invalid read of size 8 ==14550== at 0x485DE64: archive_read_format_ar_cleanup (archive_read_support_format_ar.c:129) ==14550== by 0x4857F34: _archive_read_finish (archive_read.c:799) ==14550== by 0x109526: func_1 (in /home/remnux/Desktop/n-day/libarchive_int_overflow/libarchive-2.8.3/INTEGER_OVERFLOW) ==14550== by 0x109587: main (in /home/remnux/Desktop/n-day/libarchive_int_overflow/libarchive-2.8.3/INTEGER_OVERFLOW) ==14550== Address 0x6fab338 is 520 bytes inside a block of size 1,120 free'd ==14550== at 0x483CA3F: free (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so) ==14550== by 0x4857F5C: _archive_read_finish (archive_read.c:806) ==14550== by 0x10950E: func_1 (in /home/remnux/Desktop/n-day/libarchive_int_overflow/libarchive-2.8.3/INTEGER_OVERFLOW) ==14550== by 0x109587: main (in /home/remnux/Desktop/n-day/libarchive_int_overflow/libarchive-2.8.3/INTEGER_OVERFLOW) ==14550== Block was alloc'd at ==14550== at 0x483DD99: calloc (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so) ==14550== by 0x48580F4: archive_read_new (archive_read.c:86) ==14550== by 0x1093BE: func_1 (in /home/remnux/Desktop/n-day/libarchive_int_overflow/libarchive-2.8.3/INTEGER_OVERFLOW) ==14550== by 0x109587: main (in /home/remnux/Desktop/n-day/libarchive_int_overflow/libarchive-2.8.3/INTEGER_OVERFLOW) ==14550== ==14550== Invalid read of size 8 ==14550== at 0x485DE67: archive_read_format_ar_cleanup (archive_read_support_format_ar.c:130) ==14550== by 0x4857F34: _archive_read_finish (archive_read.c:799) ==14550== by 0x109526: func_1 (in /home/remnux/Desktop/n-day/libarchive_int_overflow/libarchive-2.8.3/INTEGER_OVERFLOW) ==14550== by 0x109587: main (in /home/remnux/Desktop/n-day/libarchive_int_overflow/libarchive-2.8.3/INTEGER_OVERFLOW) ==14550== Address 0x18 is not stack'd, malloc'd or (recently) free'd ==14550== ==14550== ==14550== Process terminating with default action of signal 11 (SIGSEGV) ==14550== Access not within mapped region at address 0x18 ==14550== at 0x485DE67: archive_read_format_ar_cleanup (archive_read_support_format_ar.c:130) ==14550== by 0x4857F34: _archive_read_finish (archive_read.c:799) ==14550== by 0x109526: func_1 (in /home/remnux/Desktop/n-day/libarchive_int_overflow/libarchive-2.8.3/INTEGER_OVERFLOW) ==14550== by 0x109587: main (in /home/remnux/Desktop/n-day/libarchive_int_overflow/libarchive-2.8.3/INTEGER_OVERFLOW) ==14550== If you believe this happened as a result of a stack ==14550== overflow in your program's main thread (unlikely but ==14550== possible), you can try to increase the size of the ==14550== main thread stack using the --main-stacksize= flag. ==14550== The main thread stack size used in this run was 8388608. ==14550== ==14550== HEAP SUMMARY: ==14550== in use at exit: 47 bytes in 1 blocks ==14550== total heap usage: 16 allocs, 15 frees, 160,231 bytes allocated ==14550== ==14550== LEAK SUMMARY: ==14550== definitely lost: 0 bytes in 0 blocks ==14550== indirectly lost: 0 bytes in 0 blocks ==14550== possibly lost: 0 bytes in 0 blocks ==14550== still reachable: 47 bytes in 1 blocks ==14550== suppressed: 0 bytes in 0 blocks ==14550== Rerun with --leak-check=full to see details of leaked memory ==14550== ==14550== For lists of detected and suppressed errors, rerun with: -s ==14550== ERROR SUMMARY: 8 errors from 8 contexts (suppressed: 0 from 0) Segmentation fault (core dumped)