fcy is sigfaulting

[duraki]

Upon latest build from master, frida-cycript is failing upon start. To replicate, you need to start fcy# prompt and start writing something; ie:

./cycript
fcy# choose
[1]    31013 segmentation fault  ./cycript

Backtrace dumps on istreambuf iterator:

galaxy@devil. frida-cycript/build/src update-meson-build ∙ lldb cycript
Voltron loaded.
(lldb) target create "cycript"
Current executable set to '/Users/hduraki/dev/frida-cycript/build/src/cycript' (x86_64).
(lldb) r
Process 19773 launched: '/Users/hduraki/dev/frida-cycript/build/src/cycript' (x86_64)
2022-04-06 01:43:39.622959+0200 cycript[19773:41072626] SecTaskLoadEntitlements failed error=22 cs_flags=20, pid=19773
2022-04-06 01:43:39.623537+0200 cycript[19773:41072626] SecTaskCopyDebugDescription: cycript[19773]/0#-1 LF=0
fcy#
fcy# chooseProcess 19773 stopped
* thread #1, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x28)
    frame #0: 0x00007ff8120498aa libc++.1.dylib` std::__1::istreambuf_iterator<char, std::__1::char_traits<char> > std::__1::num_get<char, std::__1::istreambuf_iterator<char, std::__1::char_traits<char> > >::__do_get_unsigned<unsigned short>(std::__1::istreambuf_iterator<char, std::__1::char_traits<char> >, std::__1::istreambuf_iterator<char, std::__1::char_traits<char> >, std::__1::ios_base&, unsigned int&, unsigned short&) const  + 54
libc++.1.dylib`std::__1::num_get<char, std::__1::istreambuf_iterator<char, std::__1::char_traits<char> > >::__do_get_unsigned<unsigned short>:
->  0x7ff8120498aa <+54>: mov    eax, dword ptr [rcx + 0x8]
    0x7ff8120498ad <+57>: and    eax, 0x4a
    0x7ff8120498b0 <+60>: je     0x7ff8120498c4            ; <+80>
    0x7ff8120498b2 <+62>: cmp    eax, 0x40
    0x7ff8120498b5 <+65>: je     0x7ff8120498c9            ; <+85>
    0x7ff8120498b7 <+67>: cmp    eax, 0x8
    0x7ff8120498ba <+70>: jne    0x7ff8120498d1            ; <+93>
    0x7ff8120498bc <+72>: mov    r15d, 0x10
Target 0: (cycript) stopped.
(lldb)

[yd021976]

Hello,
any news or progress on this bug ? I'm pretty sure it relates to "readline" sub-package

So below the pretty same dump has @duraki:
For technical informations: Build and compiling on an M1 Mac, OS is macOS Monterey 12.5.
Compiling is OK but running /build/src/cycript in terminal ends up with a "segmentation fault" as soon as I type something at the "cy" prompt.

Below my backtrace, faulting as @duraki said in "istreambuf_iterator".

(lldb) target create "cycript"
Current executable set to '/Users/tigrou/Programming/macos/tools/frida-cycript/build/src/cycript' (arm64).
(lldb) r
Process 10763 launched: '/Users/tigrou/Programming/macos/tools/frida-cycript/build/src/cycript' (arm64)
fcy# vaProcess 10763 stopped
* thread #1, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x28)
    frame #0: 0x00000001b6ce5a74 libc++.1.dylib`std::__1::istreambuf_iterator<char, std::__1::char_traits<char> > std::__1::num_get<char, std::__1::istreambuf_iterator<char, std::__1::char_traits<char> > >::__do_get_unsigned<unsigned short>(std::__1::istreambuf_iterator<char, std::__1::char_traits<char> >, std::__1::istreambuf_iterator<char, std::__1::char_traits<char> >, std::__1::ios_base&, unsigned int&, unsigned short&) const + 68
libc++.1.dylib`std::__1::num_get<char, std::__1::istreambuf_iterator<char, std::__1::char_traits<char> > >::__do_get_unsigned<unsigned short>:
->  0x1b6ce5a74 <+68>: ldr    w8, [x3, #0x8]
    0x1b6ce5a78 <+72>: mov    w9, #0x4a
    0x1b6ce5a7c <+76>: ands   w8, w8, w9
    0x1b6ce5a80 <+80>: str    x5, [sp, #0x10]
Target 0: (cycript) stopped.

[duraki]

I know for a fact that @lateralusd made a PR #26 implementing this REPL prompt for different prefix, maybe he can chime in. Also, @oleavr, does it have something to do with depbot running on cicd? Maybe we need to merge bumped libs.

[NSEcho]

I can't replicate the issue consistently, it indeed failed only for the first time but second run it was okay.

[mogui]

Still no way to run it ? I have the very same problem everything build but as soon as I hit few keys segm fault

[rweichler]

I'm getting the same problem. arm64 macOS 13.2. Using node18 from macports. Not using homebrew.

repro steps:

• ./build/src/cycript
• Type anything, whack enter

And boom, it crashes.

lldb backtrace:

$ lldb ./build/src/cycript
(lldb) target create "./build/src/cycript"
Current executable set to '/Users/deer/code/gh/frida-cycript/build/src/cycript' (arm64).
(lldb) run
Process 45434 launched: '/Users/deer/code/gh/frida-cycript/build/src/cycript' (arm64)
Process 45434 stopped
* thread #1, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x28)
    frame #0: 0x0000000196e1590c libc++.1.dylib`std::__1::istreambuf_iterator<char, std::__1::char_traits<char>> std::__1::num_get<char, std::__1::istreambuf_iterator<char, std::__1::char_traits<char>>>::__do_get_unsigned<unsigned short>(std::__1::istreambuf_iterator<char, std::__1::char_traits<char>>, std::__1::istreambuf_iterator<char, std::__1::char_traits<char>>, std::__1::ios_base&, unsigned int&, unsigned short&) const + 68
libc++.1.dylib`std::__1::num_get<char, std::__1::istreambuf_iterator<char, std::__1::char_traits<char>>>::__do_get_unsigned<unsigned short>:
->  0x196e1590c <+68>: ldr    w8, [x3, #0x8]
    0x196e15910 <+72>: mov    w9, #0x4a
    0x196e15914 <+76>: ands   w8, w8, w9
    0x196e15918 <+80>: str    x5, [sp, #0x10]
(lldb)
error: No auto repeat.
(lldb) bt
* thread #1, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x28)
  * frame #0: 0x0000000196e1590c libc++.1.dylib`std::__1::istreambuf_iterator<char, std::__1::char_traits<char>> std::__1::num_get<char, std::__1::istreambuf_iterator<char, std::__1::char_traits<char>>>::__do_get_unsigned<unsigned short>(std::__1::istreambuf_iterator<char, std::__1::char_traits<char>>, std::__1::istreambuf_iterator<char, std::__1::char_traits<char>>, std::__1::ios_base&, unsigned int&, unsigned short&) const + 68
    frame #1: 0x0000000103e9fe90 libcycript.dylib`std::__1::basic_ostream<char, std::__1::char_traits<char>>::operator<<(unsigned int) + 252
    frame #2: 0x0000000103a64eb0 libcycript.dylib`CYLexerHighlight(data="5", size=1, output=0x000000016fdfe9a8, ignore=true) at Highlight.cpp:95:67 [opt]
    frame #3: 0x00000001000026bc cycript`CYDisplayUpdate() at Console.cpp:176:5 [opt]
    frame #4: 0x00000001000071b0 cycript`_rl_internal_char_cleanup at readline.c:514:7 [opt]
    frame #5: 0x0000000100007440 cycript`readline_internal_char at readline.c:638:7 [opt]
    frame #6: 0x0000000100006bd8 cycript`readline [inlined] readline_internal_charloop at readline.c:656:11 [opt]
    frame #7: 0x0000000100006bcc cycript`readline [inlined] readline_internal at readline.c:670:9 [opt]
    frame #8: 0x0000000100006bbc cycript`readline(prompt=<unavailable>) at readline.c:376:11 [opt]
    frame #9: 0x00000001000034c4 cycript`Console(options=0x000000016fdff160) at Console.cpp:657:20 [opt]
    frame #10: 0x0000000100002c14 cycript`Main(argc=0, argv=0x000000016fdff718, envp=<unavailable>) at Console.cpp:911:9 [opt]
    frame #11: 0x0000000100003ed8 cycript`main(argc=<unavailable>, argv=<unavailable>, envp=<unavailable>) at Console.cpp:996:16 [opt]
    frame #12: 0x0000000196b7be50 dyld`start + 2544
(lldb) quit
Quitting LLDB will kill one or more processes. Do you really want to proceed: [Y/n]

[rweichler]

I found a workaround. Comment out these lines and these lines in Highlight.cpp

All this does is disable syntax highlighting.

[yd021976]

Thank you @rweichler but can you copy/paste lines to comment out because your 2 links just show the full Highlight.cpp file