| +----------------------------------------Release Build Stacktrace----------------------------------------+
-- | --
| Command: /mnt/scratch0/clusterfuzz/resources/platform/linux/unshare -c -n /mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds_curl_d1a7f12cc2e5055727a9c66d5eca203f3c8f5a6c/revisions/curl_fuzzer_rtsp -runs=100 /mnt/scratch0/clusterfuzz/bot/inputs/fuzzer-testcases/b557b55fe6aee3248cae088eab2fc98246d15b9f47d13e37a45a58554e2crash
| Time ran: 0.046141624450683594
|
| INFO: Running with entropic power schedule (0xFF, 100).
| INFO: Seed: 2812897356
| INFO: Loaded 1 modules (125695 inline 8-bit counters): 125695 [0x146cd80, 0x148b87f),
| INFO: Loaded 1 PC tables (125695 PCs): 125695 [0x148b880,0x1676870),
| /mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds_curl_d1a7f12cc2e5055727a9c66d5eca203f3c8f5a6c/revisions/curl_fuzzer_rtsp: Running 1 inputs 100 time(s) each.
| Running: /mnt/scratch0/clusterfuzz/bot/inputs/fuzzer-testcases/b557b55fe6aee3248cae088eab2fc98246d15b9f47d13e37a45a58554e2crash
| curl_fuzzer_rtsp: rtsp.c:844: CURLcode rtsp_rtp_write_resp(struct Curl_easy *, const char *, size_t, _Bool, _Bool *): Assertion `blen == 0' failed.
| ==152899== ERROR: libFuzzer: deadly signal
| #0 0x53a831 in __sanitizer_print_stack_trace /src/llvm-project/compiler-rt/lib/asan/asan_stack.cpp:87:3
| #1 0x459348 in fuzzer::PrintStackTrace() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerUtil.cpp:210:5
| #2 0x43e023 in fuzzer::Fuzzer::CrashCallback() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:233:3
| #3 0x7df9c56c141f in libpthread.so.0
| #4 0x7df9c538400a in __libc_signal_restore_set /build/glibc-SzIz7B/glibc-2.31/sysdeps/unix/sysv/linux/internal-signals.h:86:3
| #5 0x7df9c538400a in raise /build/glibc-SzIz7B/glibc-2.31/sysdeps/unix/sysv/linux/raise.c:48:3
| #6 0x7df9c5363858 in abort /build/glibc-SzIz7B/glibc-2.31/stdlib/abort.c:79:7
| #7 0x7df9c5363728 in __assert_fail_base /build/glibc-SzIz7B/glibc-2.31/assert/assert.c:92:3
| #8 0x7df9c5374fd5 in __assert_fail /build/glibc-SzIz7B/glibc-2.31/assert/assert.c:101:3
| #9 0x6d739d in rtsp_rtp_write_resp curl/lib/rtsp.c:844:3
| #10 0x5dd287 in Curl_xfer_write_resp curl/lib/transfer.c:1687:14
| #11 0x5dd287 in readwrite_data curl/lib/transfer.c:534:14
| #12 0x5dd287 in Curl_readwrite curl/lib/transfer.c:921:14
| #13 0x5a6d7e in multi_runsingle curl/lib/multi.c:2483:16
| #14 0x5a36c9 in curl_multi_perform curl/lib/multi.c:2780:16
| #15 0x56f2a2 in fuzz_handle_transfer(fuzz_data*) curl_fuzzer/curl_fuzzer.cc:419:5
| #16 0x56e0f9 in LLVMFuzzerTestOneInput curl_fuzzer/curl_fuzzer.cc:97:3
| #17 0x43f5c3 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:611:15
| #18 0x42ad22 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:324:6
| #19 0x4305cc in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:860:9
| #20 0x459b02 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10
| #21 0x7df9c5365082 in __libc_start_main /build/glibc-SzIz7B/glibc-2.31/csu/libc-start.c:308:16
| #22 0x420eed in _start
|
| NOTE: libFuzzer has rudimentary signal handlers.
| Combine libFuzzer with AddressSanitizer or similar for better crash reports.
| SUMMARY: libFuzzer: deadly signal
|
|
| +----------------------------------------Release Build Unsymbolized Stacktrace (diff)----------------------------------------+
|
| curl_fuzzer_rtsp: rtsp.c:844: CURLcode rtsp_rtp_write_resp(struct Curl_easy *, const char *, size_t, _Bool, _Bool *): Assertion `blen == 0' failed.
| ==152899== ERROR: libFuzzer: deadly signal
| #0 0x53a831 (/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds_curl_d1a7f12cc2e5055727a9c66d5eca203f3c8f5a6c/revisions/curl_fuzzer_rtsp+0x53a831)
| #1 0x459348 (/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds_curl_d1a7f12cc2e5055727a9c66d5eca203f3c8f5a6c/revisions/curl_fuzzer_rtsp+0x459348)
| #2 0x43e023 (/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds_curl_d1a7f12cc2e5055727a9c66d5eca203f3c8f5a6c/revisions/curl_fuzzer_rtsp+0x43e023)
| #3 0x7df9c56c141f (/lib/x86_64-linux-gnu/libpthread.so.0+0x1441f) (BuildId: 7b4536f41cdaa5888408e82d0836e33dcf436466)
| #4 0x7df9c538400a (/lib/x86_64-linux-gnu/libc.so.6+0x4300a) (BuildId: 1878e6b475720c7c51969e69ab2d276fae6d1dee)
| #5 0x7df9c5363858 (/lib/x86_64-linux-gnu/libc.so.6+0x22858) (BuildId: 1878e6b475720c7c51969e69ab2d276fae6d1dee)
| #6 0x7df9c5363728 (/lib/x86_64-linux-gnu/libc.so.6+0x22728) (BuildId: 1878e6b475720c7c51969e69ab2d276fae6d1dee)
| #7 0x7df9c5374fd5 (/lib/x86_64-linux-gnu/libc.so.6+0x33fd5) (BuildId: 1878e6b475720c7c51969e69ab2d276fae6d1dee)
| #8 0x6d739d (/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds_curl_d1a7f12cc2e5055727a9c66d5eca203f3c8f5a6c/revisions/curl_fuzzer_rtsp+0x6d739d)
| #9 0x5dd287 (/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds_curl_d1a7f12cc2e5055727a9c66d5eca203f3c8f5a6c/revisions/curl_fuzzer_rtsp+0x5dd287)
| #10 0x5a6d7e (/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds_curl_d1a7f12cc2e5055727a9c66d5eca203f3c8f5a6c/revisions/curl_fuzzer_rtsp+0x5a6d7e)
| #11 0x5a36c9 (/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds_curl_d1a7f12cc2e5055727a9c66d5eca203f3c8f5a6c/revisions/curl_fuzzer_rtsp+0x5a36c9)
| #12 0x56f2a2 (/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds_curl_d1a7f12cc2e5055727a9c66d5eca203f3c8f5a6c/revisions/curl_fuzzer_rtsp+0x56f2a2)
| #13 0x56e0f9 (/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds_curl_d1a7f12cc2e5055727a9c66d5eca203f3c8f5a6c/revisions/curl_fuzzer_rtsp+0x56e0f9)
| #14 0x43f5c3 (/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds_curl_d1a7f12cc2e5055727a9c66d5eca203f3c8f5a6c/revisions/curl_fuzzer_rtsp+0x43f5c3)
| #15 0x42ad22 (/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds_curl_d1a7f12cc2e5055727a9c66d5eca203f3c8f5a6c/revisions/curl_fuzzer_rtsp+0x42ad22)
| #16 0x4305cc (/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds_curl_d1a7f12cc2e5055727a9c66d5eca203f3c8f5a6c/revisions/curl_fuzzer_rtsp+0x4305cc)
| #17 0x459b02 (/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds_curl_d1a7f12cc2e5055727a9c66d5eca203f3c8f5a6c/revisions/curl_fuzzer_rtsp+0x459b02)
| #18 0x7df9c5365082 (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 1878e6b475720c7c51969e69ab2d276fae6d1dee)
| #19 0x420eed (/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds_curl_d1a7f12cc2e5055727a9c66d5eca203f3c8f5a6c/revisions/curl_fuzzer_rtsp+0x420eed)
</div>Original Stacktrace on revision d7b6ce64ce0ad787ad2ed3ee05c94938a6b4f551 (65 lines)
+----------------------------------------Release Build Stacktrace----------------------------------------+
Command: /mnt/scratch0/clusterfuzz/resources/platform/linux/unshare -c -n /mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds_curl_d1a7f12cc2e5055727a9c66d5eca203f3c8f5a6c/revisions/curl_fuzzer_rtsp -runs=100 /mnt/scratch0/clusterfuzz/bot/inputs/fuzzer-testcases/b557b55fe6aee3248cae088eab2fc98246d15b9f47d13e37a45a58554e2crash
Time ran: 0.046141624450683594
INFO: Running with entropic power schedule (0xFF, 100).
INFO: Seed: 2812897356
INFO: Loaded 1 modules (125695 inline 8-bit counters): 125695 [0x146cd80, 0x148b87f),
INFO: Loaded 1 PC tables (125695 PCs): 125695 [0x148b880,0x1676870),
/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds_curl_d1a7f12cc2e5055727a9c66d5eca203f3c8f5a6c/revisions/curl_fuzzer_rtsp: Running 1 inputs 100 time(s) each.
Running: /mnt/scratch0/clusterfuzz/bot/inputs/fuzzer-testcases/b557b55fe6aee3248cae088eab2fc98246d15b9f47d13e37a45a58554e2crash
curl_fuzzer_rtsp: rtsp.c:844: CURLcode rtsp_rtp_write_resp(struct Curl_easy *, const char *, size_t, _Bool, _Bool *): Assertion `blen == 0' failed.
==152899== ERROR: libFuzzer: deadly signal
#0 0x53a831 in __sanitizer_print_stack_trace /src/llvm-project/compiler-rt/lib/asan/asan_stack.cpp:87:3
#1 0x459348 in fuzzer::PrintStackTrace() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerUtil.cpp:210:5
#2 0x43e023 in fuzzer::Fuzzer::CrashCallback() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:233:3
#3 0x7df9c56c141f in libpthread.so.0
#4 0x7df9c538400a in __libc_signal_restore_set /build/glibc-SzIz7B/glibc-2.31/sysdeps/unix/sysv/linux/internal-signals.h:86:3
#5 0x7df9c538400a in raise /build/glibc-SzIz7B/glibc-2.31/sysdeps/unix/sysv/linux/raise.c:48:3
#6 0x7df9c5363858 in abort /build/glibc-SzIz7B/glibc-2.31/stdlib/abort.c:79:7
#7 0x7df9c5363728 in __assert_fail_base /build/glibc-SzIz7B/glibc-2.31/assert/assert.c:92:3
#8 0x7df9c5374fd5 in __assert_fail /build/glibc-SzIz7B/glibc-2.31/assert/assert.c:101:3
#9 0x6d739d in rtsp_rtp_write_resp [curl/lib/rtsp.c:844](https://github.com/curl/curl/blob/d7b6ce64ce0ad787ad2ed3ee05c94938a6b4f551/lib/rtsp.c#L844):3
#10 0x5dd287 in Curl_xfer_write_resp [curl/lib/transfer.c:1687](https://github.com/curl/curl/blob/d7b6ce64ce0ad787ad2ed3ee05c94938a6b4f551/lib/transfer.c#L1687):14
#11 0x5dd287 in readwrite_data [curl/lib/transfer.c:534](https://github.com/curl/curl/blob/d7b6ce64ce0ad787ad2ed3ee05c94938a6b4f551/lib/transfer.c#L534):14
#12 0x5dd287 in Curl_readwrite [curl/lib/transfer.c:921](https://github.com/curl/curl/blob/d7b6ce64ce0ad787ad2ed3ee05c94938a6b4f551/lib/transfer.c#L921):14
#13 0x5a6d7e in multi_runsingle [curl/lib/multi.c:2483](https://github.com/curl/curl/blob/d7b6ce64ce0ad787ad2ed3ee05c94938a6b4f551/lib/multi.c#L2483):16
#14 0x5a36c9 in curl_multi_perform [curl/lib/multi.c:2780](https://github.com/curl/curl/blob/d7b6ce64ce0ad787ad2ed3ee05c94938a6b4f551/lib/multi.c#L2780):16
#15 0x56f2a2 in fuzz_handle_transfer(fuzz_data*) [curl_fuzzer/curl_fuzzer.cc:419](https://github.com/curl/curl-fuzzer/blob/b94de48b46994153794a6d3c991c4edf822a02d7/curl_fuzzer.cc#L419):5
#16 0x56e0f9 in LLVMFuzzerTestOneInput [curl_fuzzer/curl_fuzzer.cc:97](https://github.com/curl/curl-fuzzer/blob/b94de48b46994153794a6d3c991c4edf822a02d7/curl_fuzzer.cc#L97):3
#17 0x43f5c3 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:611:15
#18 0x42ad22 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:324:6
#19 0x4305cc in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:860:9
#20 0x459b02 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10
#21 0x7df9c5365082 in __libc_start_main /build/glibc-SzIz7B/glibc-2.31/csu/libc-start.c:308:16
#22 0x420eed in _start
NOTE: libFuzzer has rudimentary signal handlers.
Combine libFuzzer with AddressSanitizer or similar for better crash reports.
SUMMARY: libFuzzer: deadly signal
+----------------------------------------Release Build Unsymbolized Stacktrace (diff)----------------------------------------+
curl_fuzzer_rtsp: rtsp.c:844: CURLcode rtsp_rtp_write_resp(struct Curl_easy *, const char *, size_t, _Bool, _Bool *): Assertion `blen == 0' failed.
==152899== ERROR: libFuzzer: deadly signal
#0 0x53a831 (/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds_curl_d1a7f12cc2e5055727a9c66d5eca203f3c8f5a6c/revisions/curl_fuzzer_rtsp+0x53a831)
#1 0x459348 (/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds_curl_d1a7f12cc2e5055727a9c66d5eca203f3c8f5a6c/revisions/curl_fuzzer_rtsp+0x459348)
#2 0x43e023 (/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds_curl_d1a7f12cc2e5055727a9c66d5eca203f3c8f5a6c/revisions/curl_fuzzer_rtsp+0x43e023)
#3 0x7df9c56c141f (/lib/x86_64-linux-gnu/libpthread.so.0+0x1441f) (BuildId: 7b4536f41cdaa5888408e82d0836e33dcf436466)
#4 0x7df9c538400a (/lib/x86_64-linux-gnu/libc.so.6+0x4300a) (BuildId: 1878e6b475720c7c51969e69ab2d276fae6d1dee)
#5 0x7df9c5363858 (/lib/x86_64-linux-gnu/libc.so.6+0x22858) (BuildId: 1878e6b475720c7c51969e69ab2d276fae6d1dee)
#6 0x7df9c5363728 (/lib/x86_64-linux-gnu/libc.so.6+0x22728) (BuildId: 1878e6b475720c7c51969e69ab2d276fae6d1dee)
#7 0x7df9c5374fd5 (/lib/x86_64-linux-gnu/libc.so.6+0x33fd5) (BuildId: 1878e6b475720c7c51969e69ab2d276fae6d1dee)
#8 0x6d739d (/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds_curl_d1a7f12cc2e5055727a9c66d5eca203f3c8f5a6c/revisions/curl_fuzzer_rtsp+0x6d739d)
#9 0x5dd287 (/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds_curl_d1a7f12cc2e5055727a9c66d5eca203f3c8f5a6c/revisions/curl_fuzzer_rtsp+0x5dd287)
#10 0x5a6d7e (/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds_curl_d1a7f12cc2e5055727a9c66d5eca203f3c8f5a6c/revisions/curl_fuzzer_rtsp+0x5a6d7e)
#11 0x5a36c9 (/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds_curl_d1a7f12cc2e5055727a9c66d5eca203f3c8f5a6c/revisions/curl_fuzzer_rtsp+0x5a36c9)
#12 0x56f2a2 (/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds_curl_d1a7f12cc2e5055727a9c66d5eca203f3c8f5a6c/revisions/curl_fuzzer_rtsp+0x56f2a2)
#13 0x56e0f9 (/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds_curl_d1a7f12cc2e5055727a9c66d5eca203f3c8f5a6c/revisions/curl_fuzzer_rtsp+0x56e0f9)
#14 0x43f5c3 (/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds_curl_d1a7f12cc2e5055727a9c66d5eca203f3c8f5a6c/revisions/curl_fuzzer_rtsp+0x43f5c3)
#15 0x42ad22 (/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds_curl_d1a7f12cc2e5055727a9c66d5eca203f3c8f5a6c/revisions/curl_fuzzer_rtsp+0x42ad22)
#16 0x4305cc (/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds_curl_d1a7f12cc2e5055727a9c66d5eca203f3c8f5a6c/revisions/curl_fuzzer_rtsp+0x4305cc)
#17 0x459b02 (/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds_curl_d1a7f12cc2e5055727a9c66d5eca203f3c8f5a6c/revisions/curl_fuzzer_rtsp+0x459b02)
#18 0x7df9c5365082 (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 1878e6b475720c7c51969e69ab2d276fae6d1dee)
#19 0x420eed (/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds_curl_d1a7f12cc2e5055727a9c66d5eca203f3c8f5a6c/revisions/curl_fuzzer_rtsp+0x420eed)
I did this
The curl fuzzer reached an assert. Introduced in d7b6ce6
I expected the following
Happy fuzzer
curl/libcurl version
git master
operating system
it runs on Linux but I doubt it matters