frida-cycript
frida-cycript copied to clipboard
Published
20 hours ago •
nowsecure
nowsecure
fcy is sigfaulting
Upon latest build from master, frida-cycript is failing upon start. To replicate, you need to start fcy# prompt and start writing something; ie:
./cycript
fcy# choose
[1] 31013 segmentation fault ./cycript
Backtrace dumps on istreambuf iterator:
galaxy@devil. frida-cycript/build/src update-meson-build ∙ lldb cycript
Voltron loaded.
(lldb) target create "cycript"
Current executable set to '/Users/hduraki/dev/frida-cycript/build/src/cycript' (x86_64).
(lldb) r
Process 19773 launched: '/Users/hduraki/dev/frida-cycript/build/src/cycript' (x86_64)
2022-04-06 01:43:39.622959+0200 cycript[19773:41072626] SecTaskLoadEntitlements failed error=22 cs_flags=20, pid=19773
2022-04-06 01:43:39.623537+0200 cycript[19773:41072626] SecTaskCopyDebugDescription: cycript[19773]/0#-1 LF=0
fcy#
fcy# chooseProcess 19773 stopped
* thread #1, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x28)
frame #0: 0x00007ff8120498aa libc++.1.dylib` std::__1::istreambuf_iterator<char, std::__1::char_traits<char> > std::__1::num_get<char, std::__1::istreambuf_iterator<char, std::__1::char_traits<char> > >::__do_get_unsigned<unsigned short>(std::__1::istreambuf_iterator<char, std::__1::char_traits<char> >, std::__1::istreambuf_iterator<char, std::__1::char_traits<char> >, std::__1::ios_base&, unsigned int&, unsigned short&) const + 54
libc++.1.dylib`std::__1::num_get<char, std::__1::istreambuf_iterator<char, std::__1::char_traits<char> > >::__do_get_unsigned<unsigned short>:
-> 0x7ff8120498aa <+54>: mov eax, dword ptr [rcx + 0x8]
0x7ff8120498ad <+57>: and eax, 0x4a
0x7ff8120498b0 <+60>: je 0x7ff8120498c4 ; <+80>
0x7ff8120498b2 <+62>: cmp eax, 0x40
0x7ff8120498b5 <+65>: je 0x7ff8120498c9 ; <+85>
0x7ff8120498b7 <+67>: cmp eax, 0x8
0x7ff8120498ba <+70>: jne 0x7ff8120498d1 ; <+93>
0x7ff8120498bc <+72>: mov r15d, 0x10
Target 0: (cycript) stopped.
(lldb)
Hello, any news or progress on this bug ? I'm pretty sure it relates to "readline" sub-package
So below the pretty same dump has @duraki: For technical informations: Build and compiling on an M1 Mac, OS is macOS Monterey 12.5. Compiling is OK but running /build/src/cycript in terminal ends up with a "segmentation fault" as soon as I type something at the "cy" prompt.
Below my backtrace, faulting as @duraki said in "istreambuf_iterator".
(lldb) target create "cycript"
Current executable set to '/Users/tigrou/Programming/macos/tools/frida-cycript/build/src/cycript' (arm64).
(lldb) r
Process 10763 launched: '/Users/tigrou/Programming/macos/tools/frida-cycript/build/src/cycript' (arm64)
fcy# vaProcess 10763 stopped
* thread #1, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x28)
frame #0: 0x00000001b6ce5a74 libc++.1.dylib`std::__1::istreambuf_iterator<char, std::__1::char_traits<char> > std::__1::num_get<char, std::__1::istreambuf_iterator<char, std::__1::char_traits<char> > >::__do_get_unsigned<unsigned short>(std::__1::istreambuf_iterator<char, std::__1::char_traits<char> >, std::__1::istreambuf_iterator<char, std::__1::char_traits<char> >, std::__1::ios_base&, unsigned int&, unsigned short&) const + 68
libc++.1.dylib`std::__1::num_get<char, std::__1::istreambuf_iterator<char, std::__1::char_traits<char> > >::__do_get_unsigned<unsigned short>:
-> 0x1b6ce5a74 <+68>: ldr w8, [x3, #0x8]
0x1b6ce5a78 <+72>: mov w9, #0x4a
0x1b6ce5a7c <+76>: ands w8, w8, w9
0x1b6ce5a80 <+80>: str x5, [sp, #0x10]
Target 0: (cycript) stopped.
I know for a fact that @lateralusd made a PR #26 implementing this REPL prompt for different prefix, maybe he can chime in. Also, @oleavr, does it have something to do with depbot running on cicd? Maybe we need to merge bumped libs.
I can't replicate the issue consistently, it indeed failed only for the first time but second run it was okay.
Still no way to run it ? I have the very same problem everything build but as soon as I hit few keys segm fault
I'm getting the same problem. arm64 macOS 13.2. Using node18 from macports. Not using homebrew.
repro steps:
-
./build/src/cycript - Type anything, whack enter
And boom, it crashes.
lldb backtrace:
$ lldb ./build/src/cycript
(lldb) target create "./build/src/cycript"
Current executable set to '/Users/deer/code/gh/frida-cycript/build/src/cycript' (arm64).
(lldb) run
Process 45434 launched: '/Users/deer/code/gh/frida-cycript/build/src/cycript' (arm64)
Process 45434 stopped
* thread #1, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x28)
frame #0: 0x0000000196e1590c libc++.1.dylib`std::__1::istreambuf_iterator<char, std::__1::char_traits<char>> std::__1::num_get<char, std::__1::istreambuf_iterator<char, std::__1::char_traits<char>>>::__do_get_unsigned<unsigned short>(std::__1::istreambuf_iterator<char, std::__1::char_traits<char>>, std::__1::istreambuf_iterator<char, std::__1::char_traits<char>>, std::__1::ios_base&, unsigned int&, unsigned short&) const + 68
libc++.1.dylib`std::__1::num_get<char, std::__1::istreambuf_iterator<char, std::__1::char_traits<char>>>::__do_get_unsigned<unsigned short>:
-> 0x196e1590c <+68>: ldr w8, [x3, #0x8]
0x196e15910 <+72>: mov w9, #0x4a
0x196e15914 <+76>: ands w8, w8, w9
0x196e15918 <+80>: str x5, [sp, #0x10]
(lldb)
error: No auto repeat.
(lldb) bt
* thread #1, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x28)
* frame #0: 0x0000000196e1590c libc++.1.dylib`std::__1::istreambuf_iterator<char, std::__1::char_traits<char>> std::__1::num_get<char, std::__1::istreambuf_iterator<char, std::__1::char_traits<char>>>::__do_get_unsigned<unsigned short>(std::__1::istreambuf_iterator<char, std::__1::char_traits<char>>, std::__1::istreambuf_iterator<char, std::__1::char_traits<char>>, std::__1::ios_base&, unsigned int&, unsigned short&) const + 68
frame #1: 0x0000000103e9fe90 libcycript.dylib`std::__1::basic_ostream<char, std::__1::char_traits<char>>::operator<<(unsigned int) + 252
frame #2: 0x0000000103a64eb0 libcycript.dylib`CYLexerHighlight(data="5", size=1, output=0x000000016fdfe9a8, ignore=true) at Highlight.cpp:95:67 [opt]
frame #3: 0x00000001000026bc cycript`CYDisplayUpdate() at Console.cpp:176:5 [opt]
frame #4: 0x00000001000071b0 cycript`_rl_internal_char_cleanup at readline.c:514:7 [opt]
frame #5: 0x0000000100007440 cycript`readline_internal_char at readline.c:638:7 [opt]
frame #6: 0x0000000100006bd8 cycript`readline [inlined] readline_internal_charloop at readline.c:656:11 [opt]
frame #7: 0x0000000100006bcc cycript`readline [inlined] readline_internal at readline.c:670:9 [opt]
frame #8: 0x0000000100006bbc cycript`readline(prompt=<unavailable>) at readline.c:376:11 [opt]
frame #9: 0x00000001000034c4 cycript`Console(options=0x000000016fdff160) at Console.cpp:657:20 [opt]
frame #10: 0x0000000100002c14 cycript`Main(argc=0, argv=0x000000016fdff718, envp=<unavailable>) at Console.cpp:911:9 [opt]
frame #11: 0x0000000100003ed8 cycript`main(argc=<unavailable>, argv=<unavailable>, envp=<unavailable>) at Console.cpp:996:16 [opt]
frame #12: 0x0000000196b7be50 dyld`start + 2544
(lldb) quit
Quitting LLDB will kill one or more processes. Do you really want to proceed: [Y/n]
I found a workaround. Comment out these lines and these lines in Highlight.cpp
All this does is disable syntax highlighting.
Thank you @rweichler but can you copy/paste lines to comment out because your 2 links just show the full Highlight.cpp file