Found by fuzzing `read -e' with AFL. The stacktrace reported by Address Sanitizer is followed by the base64 encoded crashing input.
==1098==ERROR: AddressSanitizer: global-buffer-overflow on address 0x55e61a6b4c5c at pc 0x55e61a3426ca bp 0x7fff1820a300 sp 0x7fff1820a2f8 READ of size 4 at 0x55e61a6b4c5c thread T0 #0 0x55e61a3426c9 in bash_dequote_filename (/home/dualbus/src/gnu/bash-build/bash+0x17a6c9) #1 0x55e61a3e0a08 in rl_filename_completion_function (/home/dualbus/src/gnu/bash-build/bash+0x218a08) #2 0x55e61a3df702 in rl_completion_matches (/home/dualbus/src/gnu/bash-build/bash+0x217702) #3 0x55e61a3daaab in gen_completion_matches (/home/dualbus/src/gnu/bash-build/bash+0x212aab) #4 0x55e61a3dea63 in rl_complete_internal (/home/dualbus/src/gnu/bash-build/bash+0x216a63) #5 0x55e61a3d81e0 in rl_complete (/home/dualbus/src/gnu/bash-build/bash+0x2101e0) #6 0x55e61a3c430d in _rl_dispatch_subseq (/home/dualbus/src/gnu/bash-build/bash+0x1fc30d) #7 0x55e61a3c3ee8 in _rl_dispatch (/home/dualbus/src/gnu/bash-build/bash+0x1fbee8) #8 0x55e61a3c3727 in readline_internal_char (/home/dualbus/src/gnu/bash-build/bash+0x1fb727) #9 0x55e61a3c37b9 in readline_internal_charloop (/home/dualbus/src/gnu/bash-build/bash+0x1fb7b9) #10 0x55e61a3c37dd in readline_internal (/home/dualbus/src/gnu/bash-build/bash+0x1fb7dd) #11 0x55e61a3c2e93 in readline (/home/dualbus/src/gnu/bash-build/bash+0x1fae93) #12 0x55e61a37e136 in edit_line (/home/dualbus/src/gnu/bash-build/bash+0x1b6136) #13 0x55e61a37baa4 in read_builtin (/home/dualbus/src/gnu/bash-build/bash+0x1b3aa4) #14 0x55e61a291c89 in execute_builtin (/home/dualbus/src/gnu/bash-build/bash+0xc9c89) #15 0x55e61a29389f in execute_builtin_or_function (/home/dualbus/src/gnu/bash-build/bash+0xcb89f) #16 0x55e61a29111f in execute_simple_command (/home/dualbus/src/gnu/bash-build/bash+0xc911f) #17 0x55e61a27ef42 in execute_command_internal (/home/dualbus/src/gnu/bash-build/bash+0xb6f42) #18 0x55e61a28782e in execute_connection (/home/dualbus/src/gnu/bash-build/bash+0xbf82e) #19 0x55e61a27fd17 in execute_command_internal (/home/dualbus/src/gnu/bash-build/bash+0xb7d17) #20 0x55e61a3690f4 in parse_and_execute (/home/dualbus/src/gnu/bash-build/bash+0x1a10f4) #21 0x55e61a24a401 in run_one_command (/home/dualbus/src/gnu/bash-build/bash+0x82401) #22 0x55e61a2488da in main (/home/dualbus/src/gnu/bash-build/bash+0x808da) #23 0x7fdab89d22b0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202b0) #24 0x55e61a247749 in _start (/home/dualbus/src/gnu/bash-build/bash+0x7f749) 0x55e61a6b4c5c is located 56 bytes to the right of global variable 'sh_syntabsiz' defined in 'syntax.c:11:5' (0x55e61a6b4c20) of size 4 0x55e61a6b4c5c is located 4 bytes to the left of global variable 'sh_syntaxtab' defined in 'syntax.c:12:5' (0x55e61a6b4c60) of size 1024 SUMMARY: AddressSanitizer: global-buffer-overflow (/home/dualbus/src/gnu/bash-build/bash+0x17a6c9) in bash_dequote_filename Shadow bytes around the buggy address: 0x0abd434ce930: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0abd434ce940: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0abd434ce950: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0abd434ce960: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0abd434ce970: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 =>0x0abd434ce980: 00 00 00 00 04 f9 f9 f9 f9 f9 f9[f9]00 00 00 00 0x0abd434ce990: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0abd434ce9a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0abd434ce9b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0abd434ce9c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0abd434ce9d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Heap right redzone: fb Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack partial redzone: f4 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb ==1098==ABORTING INPUT ACEAJDRXGgGm9ltZJwkAGhQBXID////nPlaAPz4/Kj8/Pz8AgAPoKg4YKgUECaEJAAAAZAkJCQkJ CfoACQk2CQlfAAAACQACAK9cCQlj/wEbSYChFJQbUyQoeRsKU1O/GxtTJDX//97gLxSWZAAAACoA /xQiBRsbIBsKG2QfEAAAlf3/4xsZVAQg6of9AABTJCf//xYnAPoZFb0AAID//xmA6xgAGQgICAgJ GRkZGL09f/8AGf//vb29CAwH+wgIGxAIjwkIKoAMvb2Hvb0ICBoIDBn7CAgICIC9vb0ICJj0CB8A AgAI/w8fCAj+yUB/kA== ==15163==ERROR: AddressSanitizer: global-buffer-overflow on address 0x5651610c8c5c at pc 0x565160d566ca bp 0x7ffd2a68cf50 sp 0x7ffd2a68cf48 READ of size 4 at 0x5651610c8c5c thread T0 #0 0x565160d566c9 in bash_dequote_filename (/home/dualbus/src/gnu/bash-build/bash+0x17a6c9) #1 0x565160df4c30 in rl_filename_completion_function (/home/dualbus/src/gnu/bash-build/bash+0x218c30) #2 0x565160df3702 in rl_completion_matches (/home/dualbus/src/gnu/bash-build/bash+0x217702) #3 0x565160deeaab in gen_completion_matches (/home/dualbus/src/gnu/bash-build/bash+0x212aab) #4 0x565160df2a63 in rl_complete_internal (/home/dualbus/src/gnu/bash-build/bash+0x216a63) #5 0x565160dec1e0 in rl_complete (/home/dualbus/src/gnu/bash-build/bash+0x2101e0) #6 0x565160dd830d in _rl_dispatch_subseq (/home/dualbus/src/gnu/bash-build/bash+0x1fc30d) #7 0x565160dd8f47 in _rl_subseq_result (/home/dualbus/src/gnu/bash-build/bash+0x1fcf47) #8 0x565160dd8b07 in _rl_dispatch_subseq (/home/dualbus/src/gnu/bash-build/bash+0x1fcb07) #9 0x565160dd8aef in _rl_dispatch_subseq (/home/dualbus/src/gnu/bash-build/bash+0x1fcaef) #10 0x565160dd7ee8 in _rl_dispatch (/home/dualbus/src/gnu/bash-build/bash+0x1fbee8) #11 0x565160dd7727 in readline_internal_char (/home/dualbus/src/gnu/bash-build/bash+0x1fb727) #12 0x565160dd77b9 in readline_internal_charloop (/home/dualbus/src/gnu/bash-build/bash+0x1fb7b9) #13 0x565160dd77dd in readline_internal (/home/dualbus/src/gnu/bash-build/bash+0x1fb7dd) #14 0x565160dd6e93 in readline (/home/dualbus/src/gnu/bash-build/bash+0x1fae93) #15 0x565160d92136 in edit_line (/home/dualbus/src/gnu/bash-build/bash+0x1b6136) #16 0x565160d8faa4 in read_builtin (/home/dualbus/src/gnu/bash-build/bash+0x1b3aa4) #17 0x565160ca5c89 in execute_builtin (/home/dualbus/src/gnu/bash-build/bash+0xc9c89) #18 0x565160ca789f in execute_builtin_or_function (/home/dualbus/src/gnu/bash-build/bash+0xcb89f) #19 0x565160ca511f in execute_simple_command (/home/dualbus/src/gnu/bash-build/bash+0xc911f) #20 0x565160c92f42 in execute_command_internal (/home/dualbus/src/gnu/bash-build/bash+0xb6f42) #21 0x565160c9b82e in execute_connection (/home/dualbus/src/gnu/bash-build/bash+0xbf82e) #22 0x565160c93d17 in execute_command_internal (/home/dualbus/src/gnu/bash-build/bash+0xb7d17) #23 0x565160d7d0f4 in parse_and_execute (/home/dualbus/src/gnu/bash-build/bash+0x1a10f4) #24 0x565160c5e401 in run_one_command (/home/dualbus/src/gnu/bash-build/bash+0x82401) #25 0x565160c5c8da in main (/home/dualbus/src/gnu/bash-build/bash+0x808da) #26 0x7f4308d562b0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202b0) #27 0x565160c5b749 in _start (/home/dualbus/src/gnu/bash-build/bash+0x7f749) 0x5651610c8c5c is located 56 bytes to the right of global variable 'sh_syntabsiz' defined in 'syntax.c:11:5' (0x5651610c8c20) of size 4 0x5651610c8c5c is located 4 bytes to the left of global variable 'sh_syntaxtab' defined in 'syntax.c:12:5' (0x5651610c8c60) of size 1024 SUMMARY: AddressSanitizer: global-buffer-overflow (/home/dualbus/src/gnu/bash-build/bash+0x17a6c9) in bash_dequote_filename Shadow bytes around the buggy address: 0x0acaac211130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0acaac211140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0acaac211150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0acaac211160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0acaac211170: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 =>0x0acaac211180: 00 00 00 00 04 f9 f9 f9 f9 f9 f9[f9]00 00 00 00 0x0acaac211190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0acaac2111a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0acaac2111b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0acaac2111c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0acaac2111d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Heap right redzone: fb Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack partial redzone: f4 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb ==15163==ABORTING INPUT //0bLbUAAlsQGDIYFRwYGBkYGJgYGPDwXFxcXCQkKCT/fyIbG2FcAP+AC/Hw8FxcXFwkJCgk/38i GxthXJhcXFxcXMzMderMkQAAACIAXFxcXFwkJCYk/38iGxthXJhcXFxc3wDsFxQVFBQAj6sAXFxc XHwkJCgkIhsbgDUZGRkBGRmOjo6OGxsbGxsbGxsbIBkZGQEZGY6Pjo5/IhsbYVwA/4AL8fDwGxsb GxsbGxsbIBsbGxsbABsbGxQbGxsbGwAbGxsUBBsFGxsbFAQUEg== ==22733==ERROR: AddressSanitizer: global-buffer-overflow on address 0x55ae41d95c5c at pc 0x55ae41a236ca bp 0x7ffc393df460 sp 0x7ffc393df458 READ of size 4 at 0x55ae41d95c5c thread T0 #0 0x55ae41a236c9 in bash_dequote_filename (/home/dualbus/src/gnu/bash-build/bash+0x17a6c9) #1 0x55ae41ac1c30 in rl_filename_completion_function (/home/dualbus/src/gnu/bash-build/bash+0x218c30) #2 0x55ae41ac0702 in rl_completion_matches (/home/dualbus/src/gnu/bash-build/bash+0x217702) #3 0x55ae41abbaab in gen_completion_matches (/home/dualbus/src/gnu/bash-build/bash+0x212aab) #4 0x55ae41abfa63 in rl_complete_internal (/home/dualbus/src/gnu/bash-build/bash+0x216a63) #5 0x55ae41ab91e0 in rl_complete (/home/dualbus/src/gnu/bash-build/bash+0x2101e0) #6 0x55ae41aa530d in _rl_dispatch_subseq (/home/dualbus/src/gnu/bash-build/bash+0x1fc30d) #7 0x55ae41aa4ee8 in _rl_dispatch (/home/dualbus/src/gnu/bash-build/bash+0x1fbee8) #8 0x55ae41aa4727 in readline_internal_char (/home/dualbus/src/gnu/bash-build/bash+0x1fb727) #9 0x55ae41aa47b9 in readline_internal_charloop (/home/dualbus/src/gnu/bash-build/bash+0x1fb7b9) #10 0x55ae41aa47dd in readline_internal (/home/dualbus/src/gnu/bash-build/bash+0x1fb7dd) #11 0x55ae41aa3e93 in readline (/home/dualbus/src/gnu/bash-build/bash+0x1fae93) #12 0x55ae41a5f136 in edit_line (/home/dualbus/src/gnu/bash-build/bash+0x1b6136) #13 0x55ae41a5caa4 in read_builtin (/home/dualbus/src/gnu/bash-build/bash+0x1b3aa4) #14 0x55ae41972c89 in execute_builtin (/home/dualbus/src/gnu/bash-build/bash+0xc9c89) #15 0x55ae4197489f in execute_builtin_or_function (/home/dualbus/src/gnu/bash-build/bash+0xcb89f) #16 0x55ae4197211f in execute_simple_command (/home/dualbus/src/gnu/bash-build/bash+0xc911f) #17 0x55ae4195ff42 in execute_command_internal (/home/dualbus/src/gnu/bash-build/bash+0xb6f42) #18 0x55ae4196882e in execute_connection (/home/dualbus/src/gnu/bash-build/bash+0xbf82e) #19 0x55ae41960d17 in execute_command_internal (/home/dualbus/src/gnu/bash-build/bash+0xb7d17) #20 0x55ae41a4a0f4 in parse_and_execute (/home/dualbus/src/gnu/bash-build/bash+0x1a10f4) #21 0x55ae4192b401 in run_one_command (/home/dualbus/src/gnu/bash-build/bash+0x82401) #22 0x55ae419298da in main (/home/dualbus/src/gnu/bash-build/bash+0x808da) #23 0x7fee1119d2b0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202b0) #24 0x55ae41928749 in _start (/home/dualbus/src/gnu/bash-build/bash+0x7f749) 0x55ae41d95c5c is located 56 bytes to the right of global variable 'sh_syntabsiz' defined in 'syntax.c:11:5' (0x55ae41d95c20) of size 4 0x55ae41d95c5c is located 4 bytes to the left of global variable 'sh_syntaxtab' defined in 'syntax.c:12:5' (0x55ae41d95c60) of size 1024 SUMMARY: AddressSanitizer: global-buffer-overflow (/home/dualbus/src/gnu/bash-build/bash+0x17a6c9) in bash_dequote_filename Shadow bytes around the buggy address: 0x0ab6483aab30: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0ab6483aab40: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0ab6483aab50: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0ab6483aab60: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0ab6483aab70: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 =>0x0ab6483aab80: 00 00 00 00 04 f9 f9 f9 f9 f9 f9[f9]00 00 00 00 0x0ab6483aab90: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0ab6483aaba0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0ab6483aabb0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0ab6483aabc0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0ab6483aabd0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Heap right redzone: fb Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack partial redzone: f4 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb ==22733==ABORTING INPUT G+ABawIA+gAYKgUC/w4YKgUiPNHR0dHRGxgqBf9/AFwA/3+i6SR7JF4WKHmxsVQEzTVBXjFBQV1B KUFVfRb6QBQAAWh/QAAAAAH9fgv9JCg8TUth7u7uGWFNPk1NTU1NZB39TSQJqw5AIRkuGRYZGRkG Qx/8jjwZEAA8/yoZGRkuHTYZEBkZGRkGQx/8jjwkPI6k+xlW0QAcyAQ/AAMVGVY8KBIoPCgoKCgo KCgqKCj1KCgoPB0eHh4YF/UoAGQBnGAtJhkQf4AeIAD+0x4eGRSAGwU= ==23291==ERROR: AddressSanitizer: global-buffer-overflow on address 0x55dc526e9c5c at pc 0x55dc523776ca bp 0x7ffd94ca3770 sp 0x7ffd94ca3768 READ of size 4 at 0x55dc526e9c5c thread T0 #0 0x55dc523776c9 in bash_dequote_filename (/home/dualbus/src/gnu/bash-build/bash+0x17a6c9) #1 0x55dc52415c30 in rl_filename_completion_function (/home/dualbus/src/gnu/bash-build/bash+0x218c30) #2 0x55dc52414702 in rl_completion_matches (/home/dualbus/src/gnu/bash-build/bash+0x217702) #3 0x55dc5240faab in gen_completion_matches (/home/dualbus/src/gnu/bash-build/bash+0x212aab) #4 0x55dc52413a63 in rl_complete_internal (/home/dualbus/src/gnu/bash-build/bash+0x216a63) #5 0x55dc5240d1e0 in rl_complete (/home/dualbus/src/gnu/bash-build/bash+0x2101e0) #6 0x55dc523f930d in _rl_dispatch_subseq (/home/dualbus/src/gnu/bash-build/bash+0x1fc30d) #7 0x55dc523f9f47 in _rl_subseq_result (/home/dualbus/src/gnu/bash-build/bash+0x1fcf47) #8 0x55dc523f9b07 in _rl_dispatch_subseq (/home/dualbus/src/gnu/bash-build/bash+0x1fcb07) #9 0x55dc523f9aef in _rl_dispatch_subseq (/home/dualbus/src/gnu/bash-build/bash+0x1fcaef) #10 0x55dc523f8ee8 in _rl_dispatch (/home/dualbus/src/gnu/bash-build/bash+0x1fbee8) #11 0x55dc523f8727 in readline_internal_char (/home/dualbus/src/gnu/bash-build/bash+0x1fb727) #12 0x55dc523f87b9 in readline_internal_charloop (/home/dualbus/src/gnu/bash-build/bash+0x1fb7b9) #13 0x55dc523f87dd in readline_internal (/home/dualbus/src/gnu/bash-build/bash+0x1fb7dd) #14 0x55dc523f7e93 in readline (/home/dualbus/src/gnu/bash-build/bash+0x1fae93) #15 0x55dc523b3136 in edit_line (/home/dualbus/src/gnu/bash-build/bash+0x1b6136) #16 0x55dc523b0aa4 in read_builtin (/home/dualbus/src/gnu/bash-build/bash+0x1b3aa4) #17 0x55dc522c6c89 in execute_builtin (/home/dualbus/src/gnu/bash-build/bash+0xc9c89) #18 0x55dc522c889f in execute_builtin_or_function (/home/dualbus/src/gnu/bash-build/bash+0xcb89f) #19 0x55dc522c611f in execute_simple_command (/home/dualbus/src/gnu/bash-build/bash+0xc911f) #20 0x55dc522b3f42 in execute_command_internal (/home/dualbus/src/gnu/bash-build/bash+0xb6f42) #21 0x55dc522bc82e in execute_connection (/home/dualbus/src/gnu/bash-build/bash+0xbf82e) #22 0x55dc522b4d17 in execute_command_internal (/home/dualbus/src/gnu/bash-build/bash+0xb7d17) #23 0x55dc5239e0f4 in parse_and_execute (/home/dualbus/src/gnu/bash-build/bash+0x1a10f4) #24 0x55dc5227f401 in run_one_command (/home/dualbus/src/gnu/bash-build/bash+0x82401) #25 0x55dc5227d8da in main (/home/dualbus/src/gnu/bash-build/bash+0x808da) #26 0x7fc98b7912b0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202b0) #27 0x55dc5227c749 in _start (/home/dualbus/src/gnu/bash-build/bash+0x7f749) 0x55dc526e9c5c is located 56 bytes to the right of global variable 'sh_syntabsiz' defined in 'syntax.c:11:5' (0x55dc526e9c20) of size 4 0x55dc526e9c5c is located 4 bytes to the left of global variable 'sh_syntaxtab' defined in 'syntax.c:12:5' (0x55dc526e9c60) of size 1024 SUMMARY: AddressSanitizer: global-buffer-overflow (/home/dualbus/src/gnu/bash-build/bash+0x17a6c9) in bash_dequote_filename Shadow bytes around the buggy address: 0x0abc0a4d5330: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0abc0a4d5340: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0abc0a4d5350: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0abc0a4d5360: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0abc0a4d5370: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 =>0x0abc0a4d5380: 00 00 00 00 04 f9 f9 f9 f9 f9 f9[f9]00 00 00 00 0x0abc0a4d5390: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0abc0a4d53a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0abc0a4d53b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0abc0a4d53c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0abc0a4d53d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Heap right redzone: fb Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack partial redzone: f4 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb ==23291==ABORTING INPUT BtAQV1sAAAABIAQqBQMQPXAFAgAAASAEQAUDEABdPQABFC1JAAABXFuYAABAXFsAf/8BIAQiBQMU DhgqBSpfoxAO+CoFEicbqKiVuwAQ/xQbG1MkG3kF/3sQEBBQEBAQEBAQEBAhECwQEBADFQIbfyQt lhQbG1NnZ3l5cnl5eXl5eXl5eXl5iHl5eXl5QFVW/BvnoAAhBDMZGRkZAACAABkBSygofx4eHhgZ nAAAPQtAJi4ZLQEmAht/JC2WFBsbU2cZBkMAQCg5GAABSygofx4eAAEAAAAAPQtCJhknAAAQ/xQb G1MkG3kF/3sQEBAQEGQeAAACAB4eGesZGQFLKBgAASgoKH8eHh4YGZwAAD0LQCYZEBpknAAAPQtA JhkQGmQeOQD8wQB5GRSmHjkA/MGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYEAeRkUphsF ==27624==ERROR: AddressSanitizer: global-buffer-overflow on address 0x55e20518ac5c at pc 0x55e204e186ca bp 0x7fff45327ba0 sp 0x7fff45327b98 READ of size 4 at 0x55e20518ac5c thread T0 #0 0x55e204e186c9 in bash_dequote_filename (/home/dualbus/src/gnu/bash-build/bash+0x17a6c9) #1 0x55e204eb6a08 in rl_filename_completion_function (/home/dualbus/src/gnu/bash-build/bash+0x218a08) #2 0x55e204eb5702 in rl_completion_matches (/home/dualbus/src/gnu/bash-build/bash+0x217702) #3 0x55e204eb0aab in gen_completion_matches (/home/dualbus/src/gnu/bash-build/bash+0x212aab) #4 0x55e204eb4a63 in rl_complete_internal (/home/dualbus/src/gnu/bash-build/bash+0x216a63) #5 0x55e204eae1e0 in rl_complete (/home/dualbus/src/gnu/bash-build/bash+0x2101e0) #6 0x55e204e9a30d in _rl_dispatch_subseq (/home/dualbus/src/gnu/bash-build/bash+0x1fc30d) #7 0x55e204e99ee8 in _rl_dispatch (/home/dualbus/src/gnu/bash-build/bash+0x1fbee8) #8 0x55e204e99727 in readline_internal_char (/home/dualbus/src/gnu/bash-build/bash+0x1fb727) #9 0x55e204e997b9 in readline_internal_charloop (/home/dualbus/src/gnu/bash-build/bash+0x1fb7b9) #10 0x55e204e997dd in readline_internal (/home/dualbus/src/gnu/bash-build/bash+0x1fb7dd) #11 0x55e204e98e93 in readline (/home/dualbus/src/gnu/bash-build/bash+0x1fae93) #12 0x55e204e54136 in edit_line (/home/dualbus/src/gnu/bash-build/bash+0x1b6136) #13 0x55e204e51aa4 in read_builtin (/home/dualbus/src/gnu/bash-build/bash+0x1b3aa4) #14 0x55e204d67c89 in execute_builtin (/home/dualbus/src/gnu/bash-build/bash+0xc9c89) #15 0x55e204d6989f in execute_builtin_or_function (/home/dualbus/src/gnu/bash-build/bash+0xcb89f) #16 0x55e204d6711f in execute_simple_command (/home/dualbus/src/gnu/bash-build/bash+0xc911f) #17 0x55e204d54f42 in execute_command_internal (/home/dualbus/src/gnu/bash-build/bash+0xb6f42) #18 0x55e204d5d82e in execute_connection (/home/dualbus/src/gnu/bash-build/bash+0xbf82e) #19 0x55e204d55d17 in execute_command_internal (/home/dualbus/src/gnu/bash-build/bash+0xb7d17) #20 0x55e204e3f0f4 in parse_and_execute (/home/dualbus/src/gnu/bash-build/bash+0x1a10f4) #21 0x55e204d20401 in run_one_command (/home/dualbus/src/gnu/bash-build/bash+0x82401) #22 0x55e204d1e8da in main (/home/dualbus/src/gnu/bash-build/bash+0x808da) #23 0x7f21e44ed2b0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202b0) #24 0x55e204d1d749 in _start (/home/dualbus/src/gnu/bash-build/bash+0x7f749) 0x55e20518ac5c is located 56 bytes to the right of global variable 'sh_syntabsiz' defined in 'syntax.c:11:5' (0x55e20518ac20) of size 4 0x55e20518ac5c is located 4 bytes to the left of global variable 'sh_syntaxtab' defined in 'syntax.c:12:5' (0x55e20518ac60) of size 1024 SUMMARY: AddressSanitizer: global-buffer-overflow (/home/dualbus/src/gnu/bash-build/bash+0x17a6c9) in bash_dequote_filename Shadow bytes around the buggy address: 0x0abcc0a29530: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0abcc0a29540: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0abcc0a29550: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0abcc0a29560: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0abcc0a29570: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 =>0x0abcc0a29580: 00 00 00 00 04 f9 f9 f9 f9 f9 f9[f9]00 00 00 00 0x0abcc0a29590: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0abcc0a295a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0abcc0a295b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0abcc0a295c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0abcc0a295d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Heap right redzone: fb Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack partial redzone: f4 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb ==27624==ABORTING INPUT G+ABf2QB0YDR0QL5JgkAGhQBXAlfAAAACQACAK9cCQli/wEbU4CfFJQbUyQo4C8UlmQA/AAqAP8U IgUgGAobZB8WJwD6GRW9AACA//8ZgOsYABkIAwgICQcZGRi9PX//ABn//729vQgMB/sICBsQCI8J CCqADL29h729CAgaCHgZ+wgICAiAvb29CAiY9AgfAAIACP8PHwgI/tlAf5A= ==2732==ERROR: AddressSanitizer: global-buffer-overflow on address 0x55b2cee4cc5c at pc 0x55b2ceada6ca bp 0x7ffe47c5ab90 sp 0x7ffe47c5ab88 READ of size 4 at 0x55b2cee4cc5c thread T0 #0 0x55b2ceada6c9 in bash_dequote_filename (/home/dualbus/src/gnu/bash-build/bash+0x17a6c9) #1 0x55b2ceb78c30 in rl_filename_completion_function (/home/dualbus/src/gnu/bash-build/bash+0x218c30) #2 0x55b2ceb77702 in rl_completion_matches (/home/dualbus/src/gnu/bash-build/bash+0x217702) #3 0x55b2ceb72aab in gen_completion_matches (/home/dualbus/src/gnu/bash-build/bash+0x212aab) #4 0x55b2ceb76a63 in rl_complete_internal (/home/dualbus/src/gnu/bash-build/bash+0x216a63) #5 0x55b2ceac7a94 in bash_brace_completion (/home/dualbus/src/gnu/bash-build/bash+0x167a94) #6 0x55b2ceb5c30d in _rl_dispatch_subseq (/home/dualbus/src/gnu/bash-build/bash+0x1fc30d) #7 0x55b2ceb5caef in _rl_dispatch_subseq (/home/dualbus/src/gnu/bash-build/bash+0x1fcaef) #8 0x55b2ceb5bee8 in _rl_dispatch (/home/dualbus/src/gnu/bash-build/bash+0x1fbee8) #9 0x55b2ceb5b727 in readline_internal_char (/home/dualbus/src/gnu/bash-build/bash+0x1fb727) #10 0x55b2ceb5b7b9 in readline_internal_charloop (/home/dualbus/src/gnu/bash-build/bash+0x1fb7b9) #11 0x55b2ceb5b7dd in readline_internal (/home/dualbus/src/gnu/bash-build/bash+0x1fb7dd) #12 0x55b2ceb5ae93 in readline (/home/dualbus/src/gnu/bash-build/bash+0x1fae93) #13 0x55b2ceb16136 in edit_line (/home/dualbus/src/gnu/bash-build/bash+0x1b6136) #14 0x55b2ceb13aa4 in read_builtin (/home/dualbus/src/gnu/bash-build/bash+0x1b3aa4) #15 0x55b2cea29c89 in execute_builtin (/home/dualbus/src/gnu/bash-build/bash+0xc9c89) #16 0x55b2cea2b89f in execute_builtin_or_function (/home/dualbus/src/gnu/bash-build/bash+0xcb89f) #17 0x55b2cea2911f in execute_simple_command (/home/dualbus/src/gnu/bash-build/bash+0xc911f) #18 0x55b2cea16f42 in execute_command_internal (/home/dualbus/src/gnu/bash-build/bash+0xb6f42) #19 0x55b2cea1f82e in execute_connection (/home/dualbus/src/gnu/bash-build/bash+0xbf82e) #20 0x55b2cea17d17 in execute_command_internal (/home/dualbus/src/gnu/bash-build/bash+0xb7d17) #21 0x55b2ceb010f4 in parse_and_execute (/home/dualbus/src/gnu/bash-build/bash+0x1a10f4) #22 0x55b2ce9e2401 in run_one_command (/home/dualbus/src/gnu/bash-build/bash+0x82401) #23 0x55b2ce9e08da in main (/home/dualbus/src/gnu/bash-build/bash+0x808da) #24 0x7fbbd390b2b0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202b0) #25 0x55b2ce9df749 in _start (/home/dualbus/src/gnu/bash-build/bash+0x7f749) 0x55b2cee4cc5c is located 56 bytes to the right of global variable 'sh_syntabsiz' defined in 'syntax.c:11:5' (0x55b2cee4cc20) of size 4 0x55b2cee4cc5c is located 4 bytes to the left of global variable 'sh_syntaxtab' defined in 'syntax.c:12:5' (0x55b2cee4cc60) of size 1024 SUMMARY: AddressSanitizer: global-buffer-overflow (/home/dualbus/src/gnu/bash-build/bash+0x17a6c9) in bash_dequote_filename Shadow bytes around the buggy address: 0x0ab6d9dc1930: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0ab6d9dc1940: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0ab6d9dc1950: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0ab6d9dc1960: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0ab6d9dc1970: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 =>0x0ab6d9dc1980: 00 00 00 00 04 f9 f9 f9 f9 f9 f9[f9]00 00 00 00 0x0ab6d9dc1990: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0ab6d9dc19a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0ab6d9dc19b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0ab6d9dc19c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0ab6d9dc19d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Heap right redzone: fb Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack partial redzone: f4 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb ==2732==ABORTING INPUT GyoQExgaNUxSAAIAAAcbVABAKwCX7ZYQGxsbChsUEDw8PEg8PP9/GfdPAABTYC48i6sB//9/YEAA AAMbGTw8PDw8VP8BGxlgBHt7e3t7e3sQlvwAcQ7/IuAMFBAbGxsrAKEBAJqampqSljyAFH8bGxlU 9t7XllMkLZYAABAgUxP6GhveLwCV/ZYQGxsb/3///yR7e3t7e94vFAAA//8bKgCh8QJ///IbkCEk +iADVP8bG28AGwIbUyQoeRv/GvpAFJQABAIbU+KVG1QE3iYUvxQbGwAC/VMbLxtUBBsbAAL9Uxsv G1QEGxsbG1QAQCsAl+2WEBsbGwobFJYUGxsbSAAAQAAAg+2WEBsbGwrqdwAR+nx8YoB/aNkDMmRR UVFR/fwAdgQbAhtdGxsfAIAUAACiEPwAlgQbAv1TGxUbABsbGVT//3//lgTelhQbGht7e/ogA1T/ GxtTJAp5G/8aDBSUAAR7/3t7e/oMFJQABHt7e3u/3hEUlhQbGxsqAKEUAoAAGxsbOBsfGxsE/+0F -- Eduardo Bustamante https://dualbus.me/