I've attached the reproduction of the crash in a duplicate bug. At first glance, this appears to be a NULL-offset, but since it's so large, it's unclear if there is arbitrary control over the destination of the %al byte being written.
SegvAnalysis:
Segfault happened at: 0x7f2131398308: mov %al,(%rcx)
PC (0x7f2131398308) ok
source "%al" ok
destination "(%rcx)" (0x008effff) not located in a known VMA region (needed writable region)!
I've attached the reproduction of the crash in a duplicate bug. At first glance, this appears to be a NULL-offset, but since it's so large, it's unclear if there is arbitrary control over the destination of the %al byte being written.
SegvAnalysis:
Segfault happened at: 0x7f2131398308: mov %al,(%rcx)
PC (0x7f2131398308) ok
source "%al" ok
destination "(%rcx)" (0x008effff) not located in a known VMA region (needed writable region)!