Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SEGV in wabt::cat_compute_size #1992

Closed
Q1IQ opened this issue Sep 5, 2022 · 1 comment
Closed

SEGV in wabt::cat_compute_size #1992

Q1IQ opened this issue Sep 5, 2022 · 1 comment

Comments

@Q1IQ
Copy link

Q1IQ commented Sep 5, 2022

Environment

OS      : Linux ubuntu 5.15.0-46-generic #49~20.04.1-Ubuntu SMP Thu Aug 4 19:15:44 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
Commit  : 3054d61f703d609995798f872fc86b462617c294
Version : 1.0.29
Build   : make clang-debug-asan

Proof of concept

poc-5.wasm.zip

Stack dump

AddressSanitizer:DEADLYSIGNAL
=================================================================
==1681910==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7f858ec47234 bp 0x7ffce2314ff0 sp 0x7ffce2314ef8 T0)
==1681910==The signal is caused by a READ memory access.
==1681910==Hint: address points to the zero page.
    #0 0x7f858ec47234 in std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>::operator std::basic_string_view<char, std::char_traits<char>>() const (/lib/x86_64-linux-gnu/libstdc++.so.6+0x186234)
    #1 0x61d4eb in unsigned long wabt::cat_compute_size<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, char [3]>(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&, char const (&) [3]) /wabt/out/clang/Debug/asan/../../../../src/string-util.h:68:27
    #2 0x61d39d in unsigned long wabt::cat_compute_size<char [5], std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, char [3]>(char const (&) [5], std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&, char const (&) [3]) /wabt/out/clang/Debug/asan/../../../../src/string-util.h:68:39
    #3 0x61d235 in unsigned long wabt::cat_compute_size<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, char [5], std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, char [3]>(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&, char const (&) [5], std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&, char const (&) [3]) /wabt/out/clang/Debug/asan/../../../../src/string-util.h:68:39
    #4 0x61d005 in unsigned long wabt::cat_compute_size<char [5], std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, char [5], std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, char [3]>(char const (&) [5], std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&, char const (&) [5], std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&, char const (&) [3]) /wabt/out/clang/Debug/asan/../../../../src/string-util.h:68:39
    #5 0x60f57f in std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> wabt::cat<char [5], std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, char [5], std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, char [3]>(char const (&) [5], std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&, char const (&) [5], std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&, char const (&) [3]) /wabt/out/clang/Debug/asan/../../../../src/string-util.h:75:13
    #6 0x5d137d in wabt::Decompiler::DecompileExpr(wabt::Node const&, wabt::Node const*) /wabt/out/clang/Debug/asan/../../../../src/decompiler.cc:530:20
    #7 0x5ccb59 in wabt::Decompiler::DecompileExpr(wabt::Node const&, wabt::Node const*) /wabt/out/clang/Debug/asan/../../../../src/decompiler.cc:357:22
    #8 0x5c30b4 in wabt::Decompiler::Decompile[abi:cxx11]() /wabt/out/clang/Debug/asan/../../../../src/decompiler.cc:825:20
    #9 0x5be6bd in wabt::Decompile[abi:cxx11](wabt::Module const&, wabt::DecompileOptions const&) /wabt/out/clang/Debug/asan/../../../../src/decompiler.cc:854:21
    #10 0x4f16bd in ProgramMain(int, char**) /wabt/out/clang/Debug/asan/../../../../src/tools/wasm-decompile.cc:103:18
    #11 0x4f2101 in main /wabt/out/clang/Debug/asan/../../../../src/tools/wasm-decompile.cc:116:10
    #12 0x7f858e754082 in __libc_start_main /build/glibc-SzIz7B/glibc-2.31/csu/../csu/libc-start.c:308:16
    #13 0x43f04d in _start (/wabt/out/clang/Debug/asan/wasm-decompile+0x43f04d)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV (/lib/x86_64-linux-gnu/libstdc++.so.6+0x186234) in std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>::operator std::basic_string_view<char, std::char_traits<char>>() const
==1681910==ABORTING
@Q1IQ Q1IQ closed this as completed Sep 5, 2022
@Q1IQ
Copy link
Author

Q1IQ commented Sep 5, 2022

duplicate of #1938

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Q1IQ