Various crashes, including security sensitive issues (heap overflows, invalid memory accesses, double free)

I did another fuzzing run on `raptor`  a few months ago and got a few security sensitive results. 

Honestly I have been sitting on this for months now, as I wanted to do a proper analysis to and root cause to help fix the bugs, but my time is severely restricted these days.
So I thought the best is just to disclose them anyway to you, since it is likely you can do root cause analysis faster and more effectively. Let me know how I can help.

Again, apologies for dumping this on you, but all I have are the reproducing test cases, a (very) brief analysis of each, including whether I believe them to be real security issues or just "normal" conding issues, and their respective gdb logs. Pasting it all below.

Issues marked as "not security sensitive" are what it says on the tin; for all others, they are definitely security sensitive (as in, real security issues), although some of them might be more critical than others, as it is not clear what can data can be controlled in order to achieve an arbitrary memory write (aka taking control of the program) without deeper analysis and debugging of each issue.

Therefore I'd recommend taking the ones not marked as "non security sensitive" as a priority for fixing.

The first set affects the `turtle` parser, the second one affects `nquads`. I have tested them all against the latest git tip as of today.

[a.zip](https://github.com/user-attachments/files/22983308/a.zip)

### turtle

`id:000000,sig:11,src:000057+000144,time:75512,execs:4253802,op:splice,rep:16`
- Null deref (not security sensitive)

`id:000002,sig:11,src:000131,time:629366,execs:35538368,op:havoc,rep:2`
- heap overflow
    
`id:000003,sig:11,src:000131,time:629367,execs:35538397,op:havoc,rep:1`
- invalid memory access (potentially controllable)
    
`id:000004,sig:11,src:000437+000228,time:697939,execs:39010217,op:splice,rep:3`
- invalid memory access (probably not controllable, not security sensitive)
    
`id:000007,sig:11,src:000131,time:936216,execs:51137057,op:havoc,rep:3`
- double free or heap corruption


#### gdb logs (turtle)
```
gef➤  r -i turtle /fuzzing/raptor/2025/run-1-2025/id:000000,sig:11,src:000057+000144,time:75512,execs:4253802,op:splice,rep:16
Starting program: /home/botto/merdas/security/fuzzing/projects/raptor/raptor/utils/.libs/rapper -i turtle /fuzzing/raptor/2025/run-1-2025/id:000000,sig:11,src:000057+000144,time:75512,execs:4253802,op:splice,rep:16
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
rapper: Parsing URI file:///fuzzing/raptor/2025/run-1-2025/id:000000,sig:11,src:000057+000144,time:75512,execs:4253802,op:splice,rep:16 with parser turtle
rapper: Serializing with serializer ntriples

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff7f5dae4 in turtle_lexer_lex () from /lib/x86_64-linux-gnu/libraptor2.so.0
───────────────────────────────────────────────────────────────────────────────────────────────────────── threads ────
[#0] Id 1, Name: "rapper", stopped 0x7ffff7f5dae4 in turtle_lexer_lex (), reason: SIGSEGV
─────────────────────────────────────────────────────────────────────────────────────────────────────────── trace ────
[#0] 0x7ffff7f5dae4 → turtle_lexer_lex()
[#1] 0x7ffff7f600db → turtle_parser_parse()
[#2] 0x7ffff7f6127c → mov rcx, QWORD PTR [rsp+0x8]
[#3] 0x7ffff7f42f17 → raptor_parser_parse_file_stream()
[#4] 0x7ffff7f4315c → raptor_parser_parse_file()
[#5] 0x5555555582ca → main()
─────────────────────────────────────────────────────────────────────────────────────────────────────────── stack ────
0x00007fffffffc920│+0x0000: 0x00005555555b2b40  →  0x00005555555b2db0  →  0x00005555555909b0  →  0x00000001c4129cef   ← $rsp
0x00007fffffffc928│+0x0008: 0x00005555555b0fc0  →  0x000055555559d460  →  0x9e9e42203e7b3e3c
0x00007fffffffc930│+0x0010: 0x00000000ffffc900
0x00007fffffffc938│+0x0018: 0x00005555555b2db0  →  0x00005555555909b0  →  0x00000001c4129cef
0x00007fffffffc940│+0x0020: 0x00005555555abda0  →  0x9e9e4220007b3e3c ("<>{"?)
0x00007fffffffc948│+0x0028: 0x00007ffff4d1e000  →  0x00007ffff4740000  →  0x00010102464c457f
0x00007fffffffc950│+0x0030: 0x00007fffffffc920  →  0x00005555555b2b40  →  0x00005555555b2db0  →  0x00005555555909b0  →  0x00000001c4129cef
0x00007fffffffc958│+0x0038: 0x00007ffff7fca9d4  →  <_dl_map_object_deps+0354> cmp QWORD PTR [rbp-0x488], 0x0
─────────────────────────────────────────────────────────────────────────────────────────────────────── registers ────
$rax   : 0x00005555555b2db0  →  0x00005555555909b0  →  0x00000001c4129cef
$rbx   : 0x00005555555af960  →  0x0000000000000000
$rcx   : 0x0
$rdx   : 0x0
$rsp   : 0x00007fffffffc920  →  0x00005555555b2b40  →  0x00005555555b2db0  →  0x00005555555909b0  →  0x00000001c4129cef
$rbp   : 0x1
$rsi   : 0x00005555555b1e00  →  0x0000000555555500
$rdi   : 0x0
$rip   : 0x00007ffff7f5dae4  →  <turtle_lexer_lex+05d4> cmp BYTE PTR [rdx], 0x0
$r8    : 0x00007ffff7f5c8b0  →  <turtle_lexer_syntax_error+0000> endbr64
$r9    : 0x00005555555b2db0  →  0x00005555555909b0  →  0x00000001c4129cef
$r10   : 0x00007ffff7f1db60  →  0x00007ffff7f1db50  →  0x00007ffff7f1db40  →  0x00007ffff7f1db30  →  0x00005555555af980  →  0x0000000000000000
$r11   : 0x00005555555b1e00  →  0x0000000555555500
$r12   : 0x00007ffff7f5da7c  →  <turtle_lexer_lex+056c> mov rbx, rax
$r13   : 0x00005555555abda3  →  0x9e9e9e9e9e422000
$r14   : 0x00005555555b2b40  →  0x00005555555b2db0  →  0x00005555555909b0  →  0x00000001c4129cef
$r15   : 0x0
$eflags: [zero carry parity adjust sign trap INTERRUPT direction overflow RESUME virtualx86 identification]
$cs: 0x33 $ss: 0x2b $ds: 0x00 $es: 0x00 $fs: 0x00 $gs: 0x00
───────────────────────────────────────────────────────────────────────────────────────────────────── code:x86:64 ────
   0x7ffff7f5dad7 <turtle_lexer_lex+05c7> call   0x7ffff7f40350 <raptor_stringbuffer_as_string@plt>
   0x7ffff7f5dadc <turtle_lexer_lex+05cc> mov    rdx, rax
   0x7ffff7f5dadf <turtle_lexer_lex+05cf> mov    rax, QWORD PTR [rsp+0x18]
 → 0x7ffff7f5dae4 <turtle_lexer_lex+05d4> cmp    BYTE PTR [rdx], 0x0
   0x7ffff7f5dae7 <turtle_lexer_lex+05d7> mov    rsi, QWORD PTR [rax+0x38]
   0x7ffff7f5daeb <turtle_lexer_lex+05db> mov    rax, QWORD PTR [rsp]
   0x7ffff7f5daef <turtle_lexer_lex+05df> mov    rbp, QWORD PTR [rax+0x90]
   0x7ffff7f5daf6 <turtle_lexer_lex+05e6> jne    0x7ffff7f5e9a0 <turtle_lexer_lex+5264>
──────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
gef➤  r -i turtle /fuzzing/raptor/2025/run-1-2025/id:000002,sig:11,src:000131,time:629366,execs:35538368,op:havoc,rep:2
Starting program: /home/botto/merdas/security/fuzzing/projects/raptor/raptor/utils/.libs/rapper -i turtle /fuzzing/raptor/2025/run-1-2025/id:000002,sig:11,src:000131,time:629366,execs:35538368,op:havoc,rep:2
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
rapper: Parsing URI file:///fuzzing/raptor/2025/run-1-2025/id:000002,sig:11,src:000131,time:629366,execs:35538368,op:havoc,rep:2 with parser turtle
rapper: Serializing with serializer ntriples
rapper: Error - URI file:///fuzzing/raptor/2025/run-1-2025/id:000002,sig:11,src:000131,time:629366,execs:35538368,op:havoc,rep:2:0 - syntax error at 'F'
rapper: Failed to parse file /fuzzing/raptor/2025/run-1-2025/id:000002,sig:11,src:000131,time:629366,execs:35538368,op:havoc,rep:2 turtle content
munmap_chunk(): invalid pointer

Program received signal SIGABRT, Aborted.
__pthread_kill_implementation (threadid=<optimized out>, signo=signo@entry=0x6, no_tid=no_tid@entry=0x0)
    at ./nptl/pthread_kill.c:44
warning: 44     ./nptl/pthread_kill.c: No such file or directory
───────────────────────────────────────────────────────────────────────────────────────────────────────── threads ────
[#0] Id 1, Name: "rapper", stopped 0x7ffff7dca95c in __pthread_kill_implementation (), reason: SIGABRT
─────────────────────────────────────────────────────────────────────────────────────────────────────────── trace ────
[#0] 0x7ffff7dca95c → __pthread_kill_implementation(threadid=<optimized out>, signo=0x6, no_tid=0x0)
[#1] 0x7ffff7dca9ff → __pthread_kill_internal(threadid=<optimized out>, signo=0x6)
[#2] 0x7ffff7d75cc2 → __GI_raise(sig=0x6)
[#3] 0x7ffff7d5e4ac → __GI_abort()
[#4] 0x7ffff7d5f291 → __libc_message_impl(fmt=0x7ffff7ee132d "%s\n")
[#5] 0x7ffff7dd4465 → malloc_printerr(str=0x7ffff7ee40c0 "munmap_chunk(): invalid pointer")
[#6] 0x7ffff7dd46ec → munmap_chunk(p=0x5555555b1e80)
[#7] 0x7ffff7dd9398 → __GI___libc_free(mem=0x5555555b1e90)
[#8] 0x7ffff7f44b67 → raptor_free_serializer()
[#9] 0x5555555583a6 → main()
─────────────────────────────────────────────────────────────────────────────────────────────────────────── stack ────
0x00007fffffffd120│+0x0000: 0x00004f4f000e4f12   ← $rsp
0x00007fffffffd128│+0x0008: 0xbe807b6fefc88200
0x00007fffffffd130│+0x0010: 0x0000000000000006
0x00007fffffffd138│+0x0018: 0x0000000000001000
0x00007fffffffd140│+0x0020: 0x00007fffffffd280  →  "2025/run"
0x00007fffffffd148│+0x0028: 0x00007fffffffd280  →  "2025/run"
0x00007fffffffd150│+0x0030: 0x00007fffffffd280  →  "2025/run"
0x00007fffffffd158│+0x0038: 0x00007ffff7d75cc2  →  <raise+0012> test eax, eax
─────────────────────────────────────────────────────────────────────────────────────────────────────── registers ────
$rax   : 0x0
$rbx   : 0x84fe4
$rcx   : 0x00007ffff7dca95c  →  <__pthread_kill_implementation+010c> mov ebx, eax
$rdx   : 0x6
$rsp   : 0x00007fffffffd120  →  0x00004f4f000e4f12
$rbp   : 0x1000
$rsi   : 0x84fe4
$rdi   : 0x84fe4
$rip   : 0x00007ffff7dca95c  →  <__pthread_kill_implementation+010c> mov ebx, eax
$r8    : 0xffffffff
$r9    : 0x0
$r10   : 0x22
$r11   : 0x246
$r12   : 0x00007fffffffd280  →  "2025/run"
$r13   : 0x6
$r14   : 0x00007fffffffd280  →  "2025/run"
$r15   : 0x00007fffffffd280  →  "2025/run"
$eflags: [ZERO carry PARITY adjust sign trap INTERRUPT direction overflow resume virtualx86 identification]
$cs: 0x33 $ss: 0x2b $ds: 0x00 $es: 0x00 $fs: 0x00 $gs: 0x00
───────────────────────────────────────────────────────────────────────────────────────────────────── code:x86:64 ────
   0x7ffff7dca953 <__pthread_kill_implementation+0103> mov    edi, eax
   0x7ffff7dca955 <__pthread_kill_implementation+0105> mov    eax, 0xea
   0x7ffff7dca95a <__pthread_kill_implementation+010a> syscall
 → 0x7ffff7dca95c <__pthread_kill_implementation+010c> mov    ebx, eax
   0x7ffff7dca95e <__pthread_kill_implementation+010e> neg    ebx
   0x7ffff7dca960 <__pthread_kill_implementation+0110> cmp    eax, 0xfffff000
   0x7ffff7dca965 <__pthread_kill_implementation+0115> mov    eax, 0x0
   0x7ffff7dca96a <__pthread_kill_implementation+011a> cmova  eax, ebx
──────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
gef➤  r -i turtle /fuzzing/raptor/2025/run-1-2025/id:000002,sig:11,src:000131,time:629366,execs:35538368,op:havoc,rep:2Quit
gef➤  r -i turtle /fuzzing/raptor/2025/run-1-2025/id:000003,sig:11,src:000131,time:629367,execs:35538397,op:havoc,rep:1
Starting program: /home/botto/merdas/security/fuzzing/projects/raptor/raptor/utils/.libs/rapper -i turtle /fuzzing/raptor/2025/run-1-2025/id:000003,sig:11,src:000131,time:629367,execs:35538397,op:havoc,rep:1
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
rapper: Parsing URI file:///fuzzing/raptor/2025/run-1-2025/id:000003,sig:11,src:000131,time:629367,execs:35538397,op:havoc,rep:1 with parser turtle
rapper: Serializing with serializer ntriples
<http://example.org/ex#a> <http://example.org/ex#b> "Cheers"@en-UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU .

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff7f4de3b in raptor_sequence_get_at () from /lib/x86_64-linux-gnu/libraptor2.so.0
───────────────────────────────────────────────────────────────────────────────────────────────────────── threads ────
[#0] Id 1, Name: "rapper", stopped 0x7ffff7f4de3b in raptor_sequence_get_at (), reason: SIGSEGV
─────────────────────────────────────────────────────────────────────────────────────────────────────────── trace ────
[#0] 0x7ffff7f4de3b → raptor_sequence_get_at()
[#1] 0x7ffff7f60bb6 → turtle_parser_parse()
[#2] 0x7ffff7f6127c → mov rcx, QWORD PTR [rsp+0x8]
[#3] 0x7ffff7f42f17 → raptor_parser_parse_file_stream()
[#4] 0x7ffff7f4315c → raptor_parser_parse_file()
[#5] 0x5555555582ca → main()
─────────────────────────────────────────────────────────────────────────────────────────────────────────── stack ────
0x00007fffffffca08│+0x0000: 0x00007ffff7f60bb6  →  <turtle_parser_parse+1176> mov rdi, QWORD PTR [rsp+0x30]      ← $rsp
0x00007fffffffca10│+0x0008: 0x00007ffffffffffe
0x00007fffffffca18│+0x0010: 0x00000000000000c8
0x00007fffffffca20│+0x0018: 0x00000000000000c7
0x00007fffffffca28│+0x0020: 0x00007fffffffcac0  →  0x00007fffffffce60  →  0x0000000000000008
0x00007fffffffca30│+0x0028: 0x00007fffffffd180  →  0x00003e3936120200
0x00007fffffffca38│+0x0030: 0x00007fff00000000
0x00007fffffffca40│+0x0038: 0x00005555555b2db0  →  0x00005555555909b0  →  0x00000001c4129cef
─────────────────────────────────────────────────────────────────────────────────────────────────────── registers ────
$rax   : 0x5555555555555555 ("UUUUUUUU"?)
$rbx   : 0x2
$rcx   : 0x5550000f962e
$rdx   : 0x000055555555d010  →  0x0003000300030002
$rsp   : 0x00007fffffffca08  →  0x00007ffff7f60bb6  →  <turtle_parser_parse+1176> mov rdi, QWORD PTR [rsp+0x30]
$rbp   : 0x00007fffffffcad8  →  0x00005555555b1310  →  0x00000005555555b1
$rsi   : 0x55555556
$rdi   : 0x00005555555aef30  →  "UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU[...]"
$rip   : 0x00007ffff7f4de3b  →  <raptor_sequence_get_at+001b> mov rax, QWORD PTR [rax+rsi*8]
$r8    : 0x40
$r9    : 0x0
$r10   : 0x0
$r11   : 0x202
$r12   : 0x00005555555aef30  →  "UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU[...]"
$r13   : 0x00007fffffffd180  →  0x00003e3936120200
$r14   : 0x12
$r15   : 0x00007fffffffd183  →  0xf1dac000003e3936 ("69>"?)
$eflags: [zero carry PARITY adjust sign trap INTERRUPT direction overflow RESUME virtualx86 identification]
$cs: 0x33 $ss: 0x2b $ds: 0x00 $es: 0x00 $fs: 0x00 $gs: 0x00
───────────────────────────────────────────────────────────────────────────────────────────────────── code:x86:64 ────
   0x7ffff7f4de31 <raptor_sequence_get_at+0011> mov    rax, QWORD PTR [rdi+0x10]
   0x7ffff7f4de35 <raptor_sequence_get_at+0015> add    esi, DWORD PTR [rdi+0x8]
   0x7ffff7f4de38 <raptor_sequence_get_at+0018> movsxd rsi, esi
 → 0x7ffff7f4de3b <raptor_sequence_get_at+001b> mov    rax, QWORD PTR [rax+rsi*8]
   0x7ffff7f4de3f <raptor_sequence_get_at+001f> ret
   0x7ffff7f4de40 <raptor_sequence_get_at+0020> xor    eax, eax
   0x7ffff7f4de42 <raptor_sequence_get_at+0022> ret
   0x7ffff7f4de43 <raptor_sequence_get_at+0023> nop    DWORD PTR [rax+rax*1+0x0]
──────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
gef➤  r -i turtle /fuzzing/raptor/2025/run-1-2025/id:000004,sig:11,src:000437+000228,time:697939,execs:39010217,op:splice,rep:3
Starting program: /home/botto/merdas/security/fuzzing/projects/raptor/raptor/utils/.libs/rapper -i turtle /fuzzing/raptor/2025/run-1-2025/id:000004,sig:11,src:000437+000228,time:697939,execs:39010217,op:splice,rep:3
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
rapper: Parsing URI file:///fuzzing/raptor/2025/run-1-2025/id:000004,sig:11,src:000437+000228,time:697939,execs:39010217,op:splice,rep:3 with parser turtle
rapper: Serializing with serializer ntriples
<http://www.w3.org/1999/02/22-rdf-syntax-ns#type> <http://www.w3.org/1999/02/22-rdf-syntax-ns#type> <http://www.w3.org/1999/02/22-rdf-syntax-ns#Property> .
<http://www.w3.org/1999/02/22-rdf-syntax-ns#type> <http://www.w3.org/2000/01/rdf-schema#comment> "Indicates membership of a class" .
<http://www.w3.org/1999/02/22-rdf-syntax-ns#type> <http://www.w3.org/2000/01/rdf-schema#domain> <http://www.w3.org/2000/01/rdf-schema#Resource> .
<http://www.w3.org/1999/02/22-rdf-syntax-ns#type> <http://www.w3.org/2000/01/rdf-schema#isDefinedBy> <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
<http://www.w3.org/1999/02/22-rdf-syntax-ns#type> <http://www.w3.org/2000/01/rdf-schema#label> "type"@en .
<http://www.w3.org/1999/02/22-rdf-syntax-ns#type> <http://www.w3.org/2000/01/rdf-schema#range> <http://www.w3.org/2000/01/rdf-schema#Class> .
<http://www.w3.org/1999/02/22-rdf-syntax-ns#Alt> <http://www.w3.org/1999/02/22-rdf-syntax-ns#type> <http://www.w3.org/2000/01/rdf-schema#Class> .
<http://www.w3.org/1999/02/22-rdf-syntax-ns#Alt> <http://www.w3.org/2000/01/rdf-schema#comment> "A collection of alternatives."@en .
<http://www.w3.org/1999/02/22-rdf-syntax-ns#Alt> <http://www.w3.org/2000/01/rdf-schema#isDefinedBy> <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
<http://www.w3.org/1999/02/22-rdf-syntax-ns#Alt> <http://www.w3.org/2000/01/rdf-schema#label> "Alt"@en .
<http://www.w3.org/1999/02/22-rdf-syntax-ns#Alt> <http://www.w3.org/2000/01/rdf-schema#subClassOf> <http://www.w3.org/2000/01/rdf-schema#Container> .
<http://www.w3.org/1999/02/22-rdf-syntax-ns#Bag> <http://www.w3.org/1999/02/22-rdf-syntax-ns#type> <http://www.w3.org/2000/01/rdf-schema#Class> .
<http://www.w3.org/1999/02/22-rdf-syntax-ns#Bag> <http://www.w3.org/2000/01/rdf-schema#comment> "An unordered collection."@en .
<http://www.w3.org/1999/02/22-rdf-syntax-ns#Bag> <http://www.w3.org/2000/01/rdf-schema#isDefinedBy> <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
<http://www.w3.org/1999/02/22-rdf-syntax-ns#Bag> <http://www.w3.org/2000/01/rdf-schema#label> "Bag"@en .
<http://www.w3.org/1999/02/22-rdf-syntax-ns#Bag> <http://www.w3.org/2000/01/rdf-schema#subClassOf> <http://www.w3.org/2000/01/rdf-schema#Container> .
<http://www.w3.org/1999/02/22-rdf-syntax-ns#Property> <http://www.w3.org/1999/02/22-rdf-syntax-ns#type> <http://www.w3.org/2000/01/rdf-schema#Class> .
<http://www.w3.org/1999/02/22-rdf-syntax-ns#Property> <http://www.w3.org/2000/01/rdf-schema#comment> "The concept of a property." .
<http://www.w3.org/1999/02/22-rdf-syntax-ns#Property> <http://www.w3.org/2000/01/rdf-schema#isDefinedBy> <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
<http://www.w3.org/1999/02/22-rdf-syntax-ns#Property> <http://www.w3.org/2000/01/rdf-schema#label> "Property"@en .
<http://www.w3.org/1999/02/22-rdf-syntax-ns#Property> <http://www.w3.org/2000/01/rdf-schema#subClassOf> <http://www.w3.org/2000/01/rdf-schema#Resource> .

Program received signal SIGSEGV, Segmentation fault.
__memset_avx2_unaligned_erms () at ../sysdeps/x86_64/multiarch/memset-vec-unaligned-erms.S:445
warning: 445    ../sysdeps/x86_64/multiarch/memset-vec-unaligned-erms.S: No such file or directory
───────────────────────────────────────────────────────────────────────────────────────────────────────── threads ────
[#0] Id 1, Name: "rapper", stopped 0x7ffff7e9af14 in __memset_avx2_unaligned_erms (), reason: SIGSEGV
─────────────────────────────────────────────────────────────────────────────────────────────────────────── trace ────
[#0] 0x7ffff7e9af14 → __memset_avx2_unaligned_erms()
[#1] 0x7ffff7f4d01e → raptor_new_term_from_counted_literal()
[#2] 0x7ffff7f60a49 → turtle_parser_parse()
[#3] 0x7ffff7f6127c → mov rcx, QWORD PTR [rsp+0x8]
[#4] 0x7ffff7f42f17 → raptor_parser_parse_file_stream()
[#5] 0x7ffff7f4315c → raptor_parser_parse_file()
[#6] 0x5555555582ca → main()
─────────────────────────────────────────────────────────────────────────────────────────────────────────── stack ────
0x00007fffffffc9b8│+0x0000: 0x00007ffff7f4d01e  →  <raptor_new_term_from_counted_literal+011e> test rax, rax     ← $rsp
0x00007fffffffc9c0│+0x0008: 0xb900000000000000
0x00007fffffffc9c8│+0x0010: 0x00005555555af990  →  0x0000000000000000
0x00007fffffffc9d0│+0x0018: 0x00005555555afd00  →  0x0000000000000000
0x00007fffffffc9d8│+0x0020: 0x0000000000000001
0x00007fffffffc9e0│+0x0028: 0x00007fffffffcaf8  →  0x00005555555aef80  →  0x0000000000000000
0x00007fffffffc9e8│+0x0030: 0x00005555555af990  →  0x0000000000000000
0x00007fffffffc9f0│+0x0038: 0x00007fffffffd180  →  0x3e254b3b37160200
─────────────────────────────────────────────────────────────────────────────────────────────────────── registers ────
$rax   : 0x00005555555ae050  →  0x0000000000000000
$rbx   : 0x00005555555adde0  →  "ennnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnn[...]"
$rcx   : 0x6e6e6e6e6e6e6e60 ("`nnnnnnn"?)
$rdx   : 0x6e6ec3c3c3c94e30
$rsp   : 0x00007fffffffc9b8  →  0x00007ffff7f4d01e  →  <raptor_new_term_from_counted_literal+011e> test rax, rax
$rbp   : 0x0
$rsi   : 0x0
[!] Can't read memory at '93824992673760'
$rdi   : 0x00005555555bffe0  →  0x0000000000000000
$rip   : 0x00007ffff7e9af14  →  <__memset_avx2_unaligned_erms+0154> vmovntdq YMMWORD PTR [rdi+0x20], ymm0
$r8    : 0x00005555555aef80  →  0x0000000000000000
$r9    : 0xb9
$r10   : 0x00007ffff7f83640  →  0x0037000000000000
$r11   : 0x7
$r12   : 0x00005555555909b0  →  0x00000001c4129cef
$r13   : 0xb9
$r14   : 0x3
$r15   : 0x00005555555afb40  →  0x0000000000000000
$eflags: [zero CARRY parity adjust SIGN trap INTERRUPT direction overflow RESUME virtualx86 identification]
$cs: 0x33 $ss: 0x2b $ds: 0x00 $es: 0x00 $fs: 0x00 $gs: 0x00
───────────────────────────────────────────────────────────────────────────────────────────────────── code:x86:64 ────
   0x7ffff7e9af09 <__memset_avx2_unaligned_erms+0149> or     rdi, 0x1f
   0x7ffff7e9af0d <__memset_avx2_unaligned_erms+014d> inc    rdi
   0x7ffff7e9af10 <__memset_avx2_unaligned_erms+0150> vmovntdq YMMWORD PTR [rdi], ymm0
 → 0x7ffff7e9af14 <__memset_avx2_unaligned_erms+0154> vmovntdq YMMWORD PTR [rdi+0x20], ymm0
   0x7ffff7e9af19 <__memset_avx2_unaligned_erms+0159> vmovntdq YMMWORD PTR [rdi+0x40], ymm0
   0x7ffff7e9af1e <__memset_avx2_unaligned_erms+015e> vmovntdq YMMWORD PTR [rdi+0x60], ymm0
   0x7ffff7e9af23 <__memset_avx2_unaligned_erms+0163> sub    rdi, 0xffffffffffffff80
   0x7ffff7e9af27 <__memset_avx2_unaligned_erms+0167> cmp    rdi, rdx
──────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
gef➤  p $rdi
$1 = 0x5555555bffe0
gef➤  p $rdi + 0x20
$2 = 0x5555555c0000
gef➤  r -i turtle /fuzzing/raptor/2025/run-1-2025/id:000007,sig:11,src:000131,time:936216,execs:51137057,op:havoc,rep:3
Starting program: /home/botto/merdas/security/fuzzing/projects/raptor/raptor/utils/.libs/rapper -i turtle /fuzzing/raptor/2025/run-1-2025/id:000007,sig:11,src:000131,time:936216,execs:51137057,op:havoc,rep:3
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
rapper: Parsing URI file:///fuzzing/raptor/2025/run-1-2025/id:000007,sig:11,src:000131,time:936216,execs:51137057,op:havoc,rep:3 with parser turtle
rapper: Serializing with serializer ntriples
rapper: Error - URI file:///fuzzing/raptor/2025/run-1-2025/id:000007,sig:11,src:000131,time:936216,execs:51137057,op:havoc,rep:3:0 - syntax error at ''
rapper: Failed to parse file /fuzzing/raptor/2025/run-1-2025/id:000007,sig:11,src:000131,time:936216,execs:51137057,op:havoc,rep:3 turtle content
rapper: Parsing returned 0 triples
double free or corruption (out)

Program received signal SIGABRT, Aborted.
__pthread_kill_implementation (threadid=<optimized out>, signo=signo@entry=0x6, no_tid=no_tid@entry=0x0)
    at ./nptl/pthread_kill.c:44
warning: 44     ./nptl/pthread_kill.c: No such file or directory
───────────────────────────────────────────────────────────────────────────────────────────────────────── threads ────
[#0] Id 1, Name: "rapper", stopped 0x7ffff7dca95c in __pthread_kill_implementation (), reason: SIGABRT
─────────────────────────────────────────────────────────────────────────────────────────────────────────── trace ────
[#0] 0x7ffff7dca95c → __pthread_kill_implementation(threadid=<optimized out>, signo=0x6, no_tid=0x0)
[#1] 0x7ffff7dca9ff → __pthread_kill_internal(threadid=<optimized out>, signo=0x6)
[#2] 0x7ffff7d75cc2 → __GI_raise(sig=0x6)
[#3] 0x7ffff7d5e4ac → __GI_abort()
[#4] 0x7ffff7d5f291 → __libc_message_impl(fmt=0x7ffff7ee132d "%s\n")
[#5] 0x7ffff7dd4465 → malloc_printerr(str=0x7ffff7ee46d8 "double free or corruption (out)")
[#6] 0x7ffff7dd6560 → _int_free_merge_chunk(av=0x7ffff7f1dac0 <main_arena>, p=0x5555555b0c00, size=0x6161616161616160)
[#7] 0x7ffff7dd66c6 → _int_free_chunk(av=0x7ffff7f1dac0 <main_arena>, p=0x5555555b0c00, size=<optimized out>, have_lock=<optimized out>)
[#8] 0x7ffff7dd93c0 → _int_free(av=0x7ffff7f1dac0 <main_arena>, p=0x5555555b0c00, have_lock=0x0)
[#9] 0x7ffff7dd93c0 → __GI___libc_free(mem=<optimized out>)
─────────────────────────────────────────────────────────────────────────────────────────────────────────── stack ────
0x00007fffffffd0e0│+0x0000: 0x00007fffffffd230  →  0x00007ffff7ee132f  →  0x203a646d6372000a ("\n"?)     ← $rsp
0x00007fffffffd0e8│+0x0008: 0xb3c96276f0af4b00
0x00007fffffffd0f0│+0x0010: 0x0000000000000006
0x00007fffffffd0f8│+0x0018: 0x0000000000001000
0x00007fffffffd100│+0x0020: 0x00007fffffffd240  →  0x0000000000000002
0x00007fffffffd108│+0x0028: 0x00007fffffffd240  →  0x0000000000000002
0x00007fffffffd110│+0x0030: 0x00007fffffffd240  →  0x0000000000000002
0x00007fffffffd118│+0x0038: 0x00007ffff7d75cc2  →  <raise+0012> test eax, eax
─────────────────────────────────────────────────────────────────────────────────────────────────────── registers ────
$rax   : 0x0
$rbx   : 0x8513f
$rcx   : 0x00007ffff7dca95c  →  <__pthread_kill_implementation+010c> mov ebx, eax
$rdx   : 0x6
$rsp   : 0x00007fffffffd0e0  →  0x00007fffffffd230  →  0x00007ffff7ee132f  →  0x203a646d6372000a ("\n"?)
$rbp   : 0x1000
$rsi   : 0x8513f
$rdi   : 0x8513f
$rip   : 0x00007ffff7dca95c  →  <__pthread_kill_implementation+010c> mov ebx, eax
$r8    : 0xffffffff
$r9    : 0x0
$r10   : 0x22
$r11   : 0x246
$r12   : 0x00007fffffffd240  →  0x0000000000000002
$r13   : 0x6
$r14   : 0x00007fffffffd240  →  0x0000000000000002
$r15   : 0x00007fffffffd240  →  0x0000000000000002
$eflags: [ZERO carry PARITY adjust sign trap INTERRUPT direction overflow resume virtualx86 identification]
$cs: 0x33 $ss: 0x2b $ds: 0x00 $es: 0x00 $fs: 0x00 $gs: 0x00
───────────────────────────────────────────────────────────────────────────────────────────────────── code:x86:64 ────
   0x7ffff7dca953 <__pthread_kill_implementation+0103> mov    edi, eax
   0x7ffff7dca955 <__pthread_kill_implementation+0105> mov    eax, 0xea
   0x7ffff7dca95a <__pthread_kill_implementation+010a> syscall
 → 0x7ffff7dca95c <__pthread_kill_implementation+010c> mov    ebx, eax
   0x7ffff7dca95e <__pthread_kill_implementation+010e> neg    ebx
   0x7ffff7dca960 <__pthread_kill_implementation+0110> cmp    eax, 0xfffff000
   0x7ffff7dca965 <__pthread_kill_implementation+0115> mov    eax, 0x0
   0x7ffff7dca96a <__pthread_kill_implementation+011a> cmova  eax, ebx
──────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
```
    

### nquads
`id:000002,sig:11,src:000131,time:629366,execs:35538368,op:havoc,rep:2`
- invalid memory access (potentially controllable)
    
`id:000003,sig:11,src:000131,time:629367,execs:35538397,op:havoc,rep:1`
`id:000007,sig:11,src:000131,time:936216,execs:51137057,op:havoc,rep:3`
- invalid malloc size (not security sensitive)

#### gdb logs (nquads)
```
gef➤  r -i nquads /fuzzing/raptor/2025/run-1-2025/id:000002,sig:11,src:000131,time:629366,execs:35538368,op:havoc,rep:2
Starting program: /home/botto/merdas/security/fuzzing/projects/raptor/raptor/utils/.libs/rapper -i nquads /fuzzing/raptor/2025/run-1-2025/id:000002,sig:11,src:000131,time:629366,execs:35538368,op:havoc,rep:2
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
rapper: Parsing URI file:///fuzzing/raptor/2025/run-1-2025/id:000002,sig:11,src:000131,time:629366,execs:35538368,op:havoc,rep:2 with parser nquads
rapper: Serializing with serializer ntriples
rapper: Error - URI file:///fuzzing/raptor/2025/run-1-2025/id:000002,sig:11,src:000131,time:629366,execs:35538368,op:havoc,rep:2:1 column 330 - Saw 'F', expected Graph term <URIref>, _:bnodeID
rapper: Parsing returned 0 triples

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff7f45afc in raptor_uri_compare () from /lib/x86_64-linux-gnu/libraptor2.so.0
───────────────────────────────────────────────────────────────────────────────────────────────────────── threads ────
[#0] Id 1, Name: "rapper", stopped 0x7ffff7f45afc in raptor_uri_compare (), reason: SIGSEGV
─────────────────────────────────────────────────────────────────────────────────────────────────────────── trace ────
[#0] 0x7ffff7f45afc → raptor_uri_compare()
[#1] 0x7ffff7f53d52 → mov rbx, QWORD PTR [rbp+0x0]
[#2] 0x7ffff7f53dba → mov ecx, DWORD PTR [r14]
[#3] 0x7ffff7f53dba → mov ecx, DWORD PTR [r14]
[#4] 0x7ffff7f53dba → mov ecx, DWORD PTR [r14]
[#5] 0x7ffff7f53dba → mov ecx, DWORD PTR [r14]
[#6] 0x7ffff7f540b2 → raptor_avltree_remove()
[#7] 0x7ffff7f540f2 → raptor_avltree_delete()
[#8] 0x7ffff7f45ee1 → raptor_free_uri()
[#9] 0x555555558446 → main()
─────────────────────────────────────────────────────────────────────────────────────────────────────────── stack ────
0x00007fffffffd230│+0x0000: 0x203a726570706172   ← $rsp
0x00007fffffffd238│+0x0008: 0x00005555555b1e40  →  "oooooooooooooooooooooooooooooooooooooooooooooooooo[...]"
0x00007fffffffd240│+0x0010: 0x0000555555591938  →  0x00005555555b1e40  →  "oooooooooooooooooooooooooooooooooooooooooooooooooo[...]"
0x00007fffffffd248│+0x0018: 0x00007ffff7f53d52  →   mov rbx, QWORD PTR [rbp+0x0]
0x00007fffffffd250│+0x0020: 0x0000000000000000
0x00007fffffffd258│+0x0028: 0x0f212223d9016200
0x00007fffffffd260│+0x0030: 0x0000555555591930  →  0x0000555555590dd0  →  0x0000555555590d60  →  0x0000555555590e40  →  0x0000000000000000
0x00007fffffffd268│+0x0038: 0x0000555555590dd8  →  0x0000555555591930  →  0x0000555555590dd0  →  0x0000555555590d60  →  0x0000555555590e40  →  0x0000000000000000
─────────────────────────────────────────────────────────────────────────────────────────────────────── registers ────
$rax   : 0x2
$rbx   : 0x00005555555b1e40  →  "oooooooooooooooooooooooooooooooooooooooooooooooooo[...]"
$rcx   : 0x00007fffffffd394  →  0xd901620000000000
$rdx   : 0x00005555555afd60  →  0x00005555555909b0  →  0x00000001c4129cef
$rsp   : 0x00007fffffffd230  →  0x203a726570706172 ("rapper: "?)
$rbp   : 0x8f
$rsi   : 0x00005555555afd60  →  0x00005555555909b0  →  0x00000001c4129cef
$rdi   : 0x6f6f6f6f6f6f6f6f ("oooooooo"?)
$rip   : 0x00007ffff7f45afc  →  <raptor_uri_compare+001c> mov ebx, DWORD PTR [rdi+0x10]
$r8    : 0x0
$r9    : 0x0
$r10   : 0x2c
$r11   : 0x00007ffff7f45eb0  →  <raptor_free_uri+0000> endbr64
$r12   : 0x00005555555afd60  →  0x00005555555909b0  →  0x00000001c4129cef
$r13   : 0x0000555555590cb0  →  0x0000555555590e40  →  0x0000000000000000
$r14   : 0x00007fffffffd394  →  0xd901620000000000
$r15   : 0x000055555555bb58  →  0x00005555555564e0  →  <__do_global_dtors_aux+0000> endbr64
$eflags: [zero carry PARITY adjust sign trap INTERRUPT direction overflow RESUME virtualx86 identification]
$cs: 0x33 $ss: 0x2b $ds: 0x00 $es: 0x00 $fs: 0x00 $gs: 0x00
───────────────────────────────────────────────────────────────────────────────────────────────────── code:x86:64 ────
   0x7ffff7f45af4 <raptor_uri_compare+0014> push   rbx
   0x7ffff7f45af5 <raptor_uri_compare+0015> sub    rsp, 0x8
   0x7ffff7f45af9 <raptor_uri_compare+0019> mov    ebp, DWORD PTR [rsi+0x10]
 → 0x7ffff7f45afc <raptor_uri_compare+001c> mov    ebx, DWORD PTR [rdi+0x10]
   0x7ffff7f45aff <raptor_uri_compare+001f> mov    rsi, QWORD PTR [rsi+0x8]
   0x7ffff7f45b03 <raptor_uri_compare+0023> mov    rdi, QWORD PTR [rdi+0x8]
   0x7ffff7f45b07 <raptor_uri_compare+0027> cmp    ebx, ebp
   0x7ffff7f45b09 <raptor_uri_compare+0029> mov    edx, ebp
──────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
gef➤  r -i nquads /fuzzing/raptor/2025/run-1-2025/id:000003,sig:11,src:000131,time:629367,execs:35538397,op:havoc,rep:1
Starting program: /home/botto/merdas/security/fuzzing/projects/raptor/raptor/utils/.libs/rapper -i nquads /fuzzing/raptor/2025/run-1-2025/id:000003,sig:11,src:000131,time:629367,execs:35538397,op:havoc,rep:1
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
rapper: Parsing URI file:///fuzzing/raptor/2025/run-1-2025/id:000003,sig:11,src:000131,time:629367,execs:35538397,op:havoc,rep:1 with parser nquads
rapper: Serializing with serializer ntriples
<http://example.org/ex#a> <http://example.org/ex#b> "Cheers"@en-uuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuu .
rapper: Parsing returned 1 triple
malloc(): invalid size (unsorted)

Program received signal SIGABRT, Aborted.
__pthread_kill_implementation (threadid=<optimized out>, signo=signo@entry=0x6, no_tid=no_tid@entry=0x0)
    at ./nptl/pthread_kill.c:44
warning: 44     ./nptl/pthread_kill.c: No such file or directory
───────────────────────────────────────────────────────────────────────────────────────────────────────── threads ────
[#0] Id 1, Name: "rapper", stopped 0x7ffff7dca95c in __pthread_kill_implementation (), reason: SIGABRT
─────────────────────────────────────────────────────────────────────────────────────────────────────────── trace ────
[#0] 0x7ffff7dca95c → __pthread_kill_implementation(threadid=<optimized out>, signo=0x6, no_tid=0x0)
[#1] 0x7ffff7dca9ff → __pthread_kill_internal(threadid=<optimized out>, signo=0x6)
[#2] 0x7ffff7d75cc2 → __GI_raise(sig=0x6)
[#3] 0x7ffff7d5e4ac → __GI_abort()
[#4] 0x7ffff7d5f291 → __libc_message_impl(fmt=0x7ffff7ee132d "%s\n")
[#5] 0x7ffff7dd4465 → malloc_printerr(str=0x7ffff7ee4a08 "malloc(): invalid size (unsorted)")
[#6] 0x7ffff7dd79cc → _int_malloc(av=0x7ffff7f1dac0 <main_arena>, bytes=0x470)
[#7] 0x7ffff7dd8816 → _int_memalign(av=0x7ffff7f1dac0 <main_arena>, alignment=0x40, bytes=0x400)
[#8] 0x7ffff7dd9115 → _mid_memalign(alignment=<optimized out>, bytes=0x400, address=<optimized out>)
[#9] 0x7ffff7ddaa8f → __posix_memalign(memptr=0x7fffffffd400, alignment=0x40, size=0x400)
─────────────────────────────────────────────────────────────────────────────────────────────────────────── stack ────
0x00007fffffffd0d0│+0x0000: 0x0000000000000001   ← $rsp
0x00007fffffffd0d8│+0x0008: 0x466992cd3c2f8e00
0x00007fffffffd0e0│+0x0010: 0x0000000000000006
0x00007fffffffd0e8│+0x0018: 0x0000000000001000
0x00007fffffffd0f0│+0x0020: 0x00007fffffffd230  →  0x0000000000000001
0x00007fffffffd0f8│+0x0028: 0x00007fffffffd230  →  0x0000000000000001
0x00007fffffffd100│+0x0030: 0x00007fffffffd230  →  0x0000000000000001
0x00007fffffffd108│+0x0038: 0x00007ffff7d75cc2  →  <raise+0012> test eax, eax
─────────────────────────────────────────────────────────────────────────────────────────────────────── registers ────
$rax   : 0x0
$rbx   : 0x85787
$rcx   : 0x00007ffff7dca95c  →  <__pthread_kill_implementation+010c> mov ebx, eax
$rdx   : 0x6
$rsp   : 0x00007fffffffd0d0  →  0x0000000000000001
$rbp   : 0x1000
$rsi   : 0x85787
$rdi   : 0x85787
$rip   : 0x00007ffff7dca95c  →  <__pthread_kill_implementation+010c> mov ebx, eax
$r8    : 0xffffffff
$r9    : 0x0
$r10   : 0x22
$r11   : 0x246
$r12   : 0x00007fffffffd230  →  0x0000000000000001
$r13   : 0x6
$r14   : 0x00007fffffffd230  →  0x0000000000000001
$r15   : 0x00007fffffffd230  →  0x0000000000000001
$eflags: [ZERO carry PARITY adjust sign trap INTERRUPT direction overflow resume virtualx86 identification]
$cs: 0x33 $ss: 0x2b $ds: 0x00 $es: 0x00 $fs: 0x00 $gs: 0x00
───────────────────────────────────────────────────────────────────────────────────────────────────── code:x86:64 ────
   0x7ffff7dca953 <__pthread_kill_implementation+0103> mov    edi, eax
   0x7ffff7dca955 <__pthread_kill_implementation+0105> mov    eax, 0xea
   0x7ffff7dca95a <__pthread_kill_implementation+010a> syscall
 → 0x7ffff7dca95c <__pthread_kill_implementation+010c> mov    ebx, eax
   0x7ffff7dca95e <__pthread_kill_implementation+010e> neg    ebx
   0x7ffff7dca960 <__pthread_kill_implementation+0110> cmp    eax, 0xfffff000
   0x7ffff7dca965 <__pthread_kill_implementation+0115> mov    eax, 0x0
   0x7ffff7dca96a <__pthread_kill_implementation+011a> cmova  eax, ebx
──────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
gef➤  r -i nquads /fuzzing/raptor/2025/run-1-2025/id:000007,sig:11,src:000131,time:936216,execs:51137057,op:havoc,rep:3
Starting program: /home/botto/merdas/security/fuzzing/projects/raptor/raptor/utils/.libs/rapper -i nquads /fuzzing/raptor/2025/run-1-2025/id:000007,sig:11,src:000131,time:936216,execs:51137057,op:havoc,rep:3
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
rapper: Parsing URI file:///fuzzing/raptor/2025/run-1-2025/id:000007,sig:11,src:000131,time:936216,execs:51137057,op:havoc,rep:3 with parser nquads
rapper: Serializing with serializer ntriples
rapper: Error - URI file:///fuzzing/raptor/2025/run-1-2025/id:000007,sig:11,src:000131,time:936216,execs:51137057,op:havoc,rep:3:1 column 651 - Saw '', expected Graph term <URIref>, _:bnodeID
rapper: Parsing returned 0 triples
malloc(): invalid size (unsorted)

Program received signal SIGABRT, Aborted.
__pthread_kill_implementation (threadid=<optimized out>, signo=signo@entry=0x6, no_tid=no_tid@entry=0x0)
    at ./nptl/pthread_kill.c:44
warning: 44     ./nptl/pthread_kill.c: No such file or directory
───────────────────────────────────────────────────────────────────────────────────────────────────────── threads ────
[#0] Id 1, Name: "rapper", stopped 0x7ffff7dca95c in __pthread_kill_implementation (), reason: SIGABRT
─────────────────────────────────────────────────────────────────────────────────────────────────────────── trace ────
[#0] 0x7ffff7dca95c → __pthread_kill_implementation(threadid=<optimized out>, signo=0x6, no_tid=0x0)
[#1] 0x7ffff7dca9ff → __pthread_kill_internal(threadid=<optimized out>, signo=0x6)
[#2] 0x7ffff7d75cc2 → __GI_raise(sig=0x6)
[#3] 0x7ffff7d5e4ac → __GI_abort()
[#4] 0x7ffff7d5f291 → __libc_message_impl(fmt=0x7ffff7ee132d "%s\n")
[#5] 0x7ffff7dd4465 → malloc_printerr(str=0x7ffff7ee4a08 "malloc(): invalid size (unsorted)")
[#6] 0x7ffff7dd79cc → _int_malloc(av=0x7ffff7f1dac0 <main_arena>, bytes=0x470)
[#7] 0x7ffff7dd8816 → _int_memalign(av=0x7ffff7f1dac0 <main_arena>, alignment=0x40, bytes=0x400)
[#8] 0x7ffff7dd9115 → _mid_memalign(alignment=<optimized out>, bytes=0x400, address=<optimized out>)
[#9] 0x7ffff7ddaa8f → __posix_memalign(memptr=0x7fffffffd400, alignment=0x40, size=0x400)
─────────────────────────────────────────────────────────────────────────────────────────────────────────── stack ────
0x00007fffffffd0d0│+0x0000: 0x0000000000000001   ← $rsp
0x00007fffffffd0d8│+0x0008: 0xf5a8d947765e9800
0x00007fffffffd0e0│+0x0010: 0x0000000000000006
0x00007fffffffd0e8│+0x0018: 0x0000000000001000
0x00007fffffffd0f0│+0x0020: 0x00007fffffffd230  →  0x0000000000000001
0x00007fffffffd0f8│+0x0028: 0x00007fffffffd230  →  0x0000000000000001
0x00007fffffffd100│+0x0030: 0x00007fffffffd230  →  0x0000000000000001
0x00007fffffffd108│+0x0038: 0x00007ffff7d75cc2  →  <raise+0012> test eax, eax
─────────────────────────────────────────────────────────────────────────────────────────────────────── registers ────
$rax   : 0x0
$rbx   : 0x857ec
$rcx   : 0x00007ffff7dca95c  →  <__pthread_kill_implementation+010c> mov ebx, eax
$rdx   : 0x6
$rsp   : 0x00007fffffffd0d0  →  0x0000000000000001
$rbp   : 0x1000
$rsi   : 0x857ec
$rdi   : 0x857ec
$rip   : 0x00007ffff7dca95c  →  <__pthread_kill_implementation+010c> mov ebx, eax
$r8    : 0xffffffff
$r9    : 0x0
$r10   : 0x22
$r11   : 0x246
$r12   : 0x00007fffffffd230  →  0x0000000000000001
$r13   : 0x6
$r14   : 0x00007fffffffd230  →  0x0000000000000001
$r15   : 0x00007fffffffd230  →  0x0000000000000001
$eflags: [ZERO carry PARITY adjust sign trap INTERRUPT direction overflow resume virtualx86 identification]
$cs: 0x33 $ss: 0x2b $ds: 0x00 $es: 0x00 $fs: 0x00 $gs: 0x00
───────────────────────────────────────────────────────────────────────────────────────────────────── code:x86:64 ────
   0x7ffff7dca953 <__pthread_kill_implementation+0103> mov    edi, eax
   0x7ffff7dca955 <__pthread_kill_implementation+0105> mov    eax, 0xea
   0x7ffff7dca95a <__pthread_kill_implementation+010a> syscall
 → 0x7ffff7dca95c <__pthread_kill_implementation+010c> mov    ebx, eax
   0x7ffff7dca95e <__pthread_kill_implementation+010e> neg    ebx
   0x7ffff7dca960 <__pthread_kill_implementation+0110> cmp    eax, 0xfffff000
   0x7ffff7dca965 <__pthread_kill_implementation+0115> mov    eax, 0x0
   0x7ffff7dca96a <__pthread_kill_implementation+011a> cmova  eax, ebx
──────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
```



Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Various crashes, including security sensitive issues (heap overflows, invalid memory accesses, double free) #83

turtle

gdb logs (turtle)

nquads

gdb logs (nquads)

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Various crashes, including security sensitive issues (heap overflows, invalid memory accesses, double free) #83

Description

turtle

gdb logs (turtle)

nquads

gdb logs (nquads)

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions