Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Crash in fuzzer #3

Open
dmeijboom opened this issue Jun 26, 2023 · 1 comment
Open

Crash in fuzzer #3

dmeijboom opened this issue Jun 26, 2023 · 1 comment

Comments

@dmeijboom
Copy link
Member

dmeijboom commented Jun 26, 2023
edited
Loading 

thread '<unnamed>' panicked at 'internal error: entered unreachable code', /Users/dmeijboom/.cargo/registry/src/index.crates.io-6f17d22bba15001f/comrak-0.18.0/src/cm.rs:403:18
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace
==22000== ERROR: libFuzzer: deadly signal
    #0 0x10860c478 in __sanitizer_print_stack_trace+0x28 (librustc-nightly_rt.asan.dylib:arm64+0x5c478) (BuildId: 371aed59910b3cc58ef294b46fc734c432000000200000000100000000000b00)
    #1 0x104a54870 in fuzzer::PrintStackTrace()+0x30 (fuzz_target_1:arm64+0x100020870) (BuildId: bf55bd78ed8136609d63aed4a0a53da432000000200000000100000000000d00)
    #2 0x104a486c8 in fuzzer::Fuzzer::CrashCallback()+0x54 (fuzz_target_1:arm64+0x1000146c8) (BuildId: bf55bd78ed8136609d63aed4a0a53da432000000200000000100000000000d00)
    #3 0x1a1caea80 in _sigtramp+0x34 (libsystem_platform.dylib:arm64+0x3a80) (BuildId: 756cd10d62a032839e57cbaa810c95ac32000000200000000100000000030d00)
    #4 0x49210001a1c7fc24  (<unknown module>)
    #5 0xa5338001a1b8dae4  (<unknown module>)
    #6 0xe551000105dbc2ec  (<unknown module>)
    #7 0x105e5f688 in std::process::abort::h023a768029553d3c+0x8 (fuzz_target_1:arm64+0x10142b688) (BuildId: bf55bd78ed8136609d63aed4a0a53da432000000200000000100000000000d00)
    #8 0x104a47618 in libfuzzer_sys::initialize::_$u7b$$u7b$closure$u7d$$u7d$::h8d827ee3a3ae4b9f+0xb8 (fuzz_target_1:arm64+0x100013618) (BuildId: bf55bd78ed8136609d63aed4a0a53da432000000200000000100000000000d00)
    #9 0x105db3504 in std::panicking::rust_panic_with_hook::hf61eb752d055680a+0x210 (fuzz_target_1:arm64+0x10137f504) (BuildId: bf55bd78ed8136609d63aed4a0a53da432000000200000000100000000000d00)
    #10 0x105db329c in std::panicking::begin_panic_handler::_$u7b$$u7b$closure$u7d$$u7d$::hb49e80b66af5ef34+0x8c (fuzz_target_1:arm64+0x10137f29c) (BuildId: bf55bd78ed8136609d63aed4a0a53da432000000200000000100000000000d00)
    #11 0x105db0790 in std::sys_common::backtrace::__rust_end_short_backtrace::hd27ec0b3a7b534a1+0x8 (fuzz_target_1:arm64+0x10137c790) (BuildId: bf55bd78ed8136609d63aed4a0a53da432000000200000000100000000000d00)
    #12 0x105db3044 in rust_begin_unwind+0x68 (fuzz_target_1:arm64+0x10137f044) (BuildId: bf55bd78ed8136609d63aed4a0a53da432000000200000000100000000000d00)
    #13 0x105e61ff0 in core::panicking::panic_fmt::h1662b4113e0b91e8+0x30 (fuzz_target_1:arm64+0x10142dff0) (BuildId: bf55bd78ed8136609d63aed4a0a53da432000000200000000100000000000d00)
    #14 0x105e62060 in core::panicking::panic::h18c94bd782eb83eb+0x34 (fuzz_target_1:arm64+0x10142e060) (BuildId: bf55bd78ed8136609d63aed4a0a53da432000000200000000100000000000d00)
    #15 0x104d4296c in comrak::cm::CommonMarkFormatter::format_item::h56b47918086c7565+0x113c (fuzz_target_1:arm64+0x10030e96c) (BuildId: bf55bd78ed8136609d63aed4a0a53da432000000200000000100000000000d00)
    #16 0x104d3de08 in comrak::cm::CommonMarkFormatter::format_node::hd2d1eda7e727cc44+0x8a0 (fuzz_target_1:arm64+0x100309e08) (BuildId: bf55bd78ed8136609d63aed4a0a53da432000000200000000100000000000d00)
    #17 0x104d3bcac in comrak::cm::CommonMarkFormatter::format::hc6e4f48fc95d4a42+0x31c (fuzz_target_1:arm64+0x100307cac) (BuildId: bf55bd78ed8136609d63aed4a0a53da432000000200000000100000000000d00)
    #18 0x104d35644 in comrak::cm::format_document_with_plugins::hc153a3f85904e57e+0x390 (fuzz_target_1:arm64+0x100301644) (BuildId: bf55bd78ed8136609d63aed4a0a53da432000000200000000100000000000d00)
    #19 0x104b25390 in html_to_markdown::render_with_options::h4a22b6a3c8784b11+0x6ac (fuzz_target_1:arm64+0x1000f1390) (BuildId: bf55bd78ed8136609d63aed4a0a53da432000000200000000100000000000d00)
    #20 0x104b24c50 in html_to_markdown::render::h4334a17af94b495d+0x150 (fuzz_target_1:arm64+0x1000f0c50) (BuildId: bf55bd78ed8136609d63aed4a0a53da432000000200000000100000000000d00)
    #21 0x104a4105c in fuzz_target_1::_::__libfuzzer_sys_run::hc090f6d908b80398 fuzz_target_1.rs:9
    #22 0x104a404c8 in rust_fuzzer_test_input lib.rs:224
    #23 0x104a41938 in std::panicking::try::do_call::h68b482d4605b0591+0xac (fuzz_target_1:arm64+0x10000d938) (BuildId: bf55bd78ed8136609d63aed4a0a53da432000000200000000100000000000d00)
    #24 0x104a47898 in __rust_try+0x20 (fuzz_target_1:arm64+0x100013898) (BuildId: bf55bd78ed8136609d63aed4a0a53da432000000200000000100000000000d00)
    #25 0x104a46954 in LLVMFuzzerTestOneInput+0x1d0 (fuzz_target_1:arm64+0x100012954) (BuildId: bf55bd78ed8136609d63aed4a0a53da432000000200000000100000000000d00)
    #26 0x104a49fbc in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long)+0x150 (fuzz_target_1:arm64+0x100015fbc) (BuildId: bf55bd78ed8136609d63aed4a0a53da432000000200000000100000000000d00)
    #27 0x104a49678 in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool, bool*)+0x48 (fuzz_target_1:arm64+0x100015678) (BuildId: bf55bd78ed8136609d63aed4a0a53da432000000200000000100000000000d00)
    #28 0x104a4b028 in fuzzer::Fuzzer::MutateAndTestOne()+0x230 (fuzz_target_1:arm64+0x100017028) (BuildId: bf55bd78ed8136609d63aed4a0a53da432000000200000000100000000000d00)
    #29 0x104a4bde4 in fuzzer::Fuzzer::Loop(std::__1::vector<fuzzer::SizedFile, std::__1::allocator<fuzzer::SizedFile>>&)+0x338 (fuzz_target_1:arm64+0x100017de4) (BuildId: bf55bd78ed8136609d63aed4a0a53da432000000200000000100000000000d00)
    #30 0x104a6826c in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long))+0x1d64 (fuzz_target_1:arm64+0x10003426c) (BuildId: bf55bd78ed8136609d63aed4a0a53da432000000200000000100000000000d00)
    #31 0x104a776fc in main+0x24 (fuzz_target_1:arm64+0x1000436fc) (BuildId: bf55bd78ed8136609d63aed4a0a53da432000000200000000100000000000d00)
    #32 0x1a1927f24  (<unknown module>)
    #33 0xab30fffffffffffc  (<unknown module>)

NOTE: libFuzzer has rudimentary signal handlers.
      Combine libFuzzer with AddressSanitizer or similar for better crash reports.
SUMMARY: libFuzzer: deadly signal
MS: 1 CMP- DE: "li"-; base unit: c7a94f825b10381328f073231ca41c40aabcc14f
0x3c,0x6c,0x69,0x2f,0x3e,
<li/>
artifact_prefix='/Users/dmeijboom/DevProjects/github/brainhivenl/html-to-markdown/fuzz/artifacts/fuzz_target_1/'; Test unit written to /Users/dmeijboom/DevProjects/github/brainhivenl/html-to-markdown/fuzz/artifacts/fuzz_target_1/crash-abb270144fcd50271700c1f14de119458c2b781e
Base64: PGxpLz4=

────────────────────────────────────────────────────────────────────────────────

Failing input:

        fuzz/artifacts/fuzz_target_1/crash-abb270144fcd50271700c1f14de119458c2b781e

Output of `std::fmt::Debug`:

        [60, 108, 105, 47, 62]

Reproduce with:

        cargo fuzz run fuzz_target_1 fuzz/artifacts/fuzz_target_1/crash-abb270144fcd50271700c1f14de119458c2b781e

Minimize test case with:

        cargo fuzz tmin fuzz_target_1 fuzz/artifacts/fuzz_target_1/crash-abb270144fcd50271700c1f14de119458c2b781e

────────────────────────────────────────────────────────────────────────────────

Error: Fuzz target exited with exit status: 77
@dmeijboom
Copy link
Member Author

Input: <li/>

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@dmeijboom