mruby v. 1.2.0 crashes in
kh_put_iv function in
variable.c file with a crafted input. I'm examining the bug in order to better understand the root cause of the issue.
Test platform: Linux 4.2.0-1 SMP Debian 4.2.3-2 x86_64
Stacktrace: ``` Program terminated with signal SIGSEGV, Segmentation fault.
292 KHASH_DEFINE(iv, mrb_sym, mrb_value, TRUE, kh_int_hash_func, kh_int_hash_equal) (gdb) backtrace
(gdb) exploitable main:99: UserWarning: GDB v7.11 may not support required Python API Description: Possible stack corruption Short description: PossibleStackCorruption (7/22) Hash: 5696db2f9fc8b1e9b330173ee7ddc787.2627e5d3f14472e2e24f2d46a9038356 Exploitability Classification: EXPLOITABLE Explanation: GDB generated an error while unwinding the stack and/or the stack contained return addresses that were not mapped in the inferior's process address space and/or the stack pointer is pointing to a location outside the default stack region. These conditions likely indicate stack corruption, which is generally considered exploitable. Other tags: AccessViolation (21/22)
Attachment  is the crafted input.