================================================================= ==13309==ERROR: AddressSanitizer: heap-use-after-free on address 0x616000000390 at pc 0x00000029d583 bp 0x7f7fffffdb90 sp 0x7f7fffffdb88 WRITE of size 1 at 0x616000000390 thread T0 #0 0x29d582 in shf_vfprintf (/bin/ksh+0x9d582) #1 0x29bd08 in shf_fprintf (/bin/ksh+0x9bd08) #2 0x27f273 in j_print (/bin/ksh+0x7f273) #3 0x27a953 in j_notify (/bin/ksh+0x7a953) #4 0x27a583 in j_exit (/bin/ksh+0x7a583) #5 0x290709 in quitenv (/bin/ksh+0x90709) #6 0x2908b4 in unwind (/bin/ksh+0x908b4) #7 0x290107 in shell (/bin/ksh+0x90107) #8 0x28deac in main (/bin/ksh+0x8deac) #9 0x23f961 in ___start (/bin/ksh+0x3f961) 0x616000000390 is located 16 bytes inside of 528-byte region [0x616000000380,0x616000000590) freed by thread T0 here: #0 0x3925a2 in free (/bin/ksh+0x1925a2) #1 0x23fb4b in afreeall (/bin/ksh+0x3fb4b) #2 0x290594 in quitenv (/bin/ksh+0x90594) #3 0x2908b4 in unwind (/bin/ksh+0x908b4) #4 0x290107 in shell (/bin/ksh+0x90107) #5 0x28deac in main (/bin/ksh+0x8deac) #6 0x23f961 in ___start (/bin/ksh+0x3f961) #7 0x7f7ff7c01dff (/libexec/ld.elf_so+0x1dff) previously allocated by thread T0 here: #0 0x392793 in __interceptor_malloc (/bin/ksh+0x192793) #1 0x23fba2 in alloc (/bin/ksh+0x3fba2) #2 0x298840 in shf_fdopen (/bin/ksh+0x98840) #3 0x277878 in initio (/bin/ksh+0x77878) #4 0x28d013 in main (/bin/ksh+0x8d013) #5 0x23f961 in ___start (/bin/ksh+0x3f961) #6 0x7f7ff7c01dff (/libexec/ld.elf_so+0x1dff) SUMMARY: AddressSanitizer: heap-use-after-free (/bin/ksh+0x9d582) in shf_vfprintf Shadow bytes around the buggy address: 0x4c2c00000020: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x4c2c00000030: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x4c2c00000040: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x4c2c00000050: fd fd fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x4c2c00000060: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa =>0x4c2c00000070: fd fd[fd]fd fd fd fd fd fd fd fd fd fd fd fd fd 0x4c2c00000080: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x4c2c00000090: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x4c2c000000a0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x4c2c000000b0: fd fd fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x4c2c000000c0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb Shadow gap: cc ==13309==ABORTING