Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Segmentation Faults 2017-06-02 #125

Open
rwhitworth opened this issue Jun 3, 2017 · 3 comments
Open

Segmentation Faults 2017-06-02 #125

rwhitworth opened this issue Jun 3, 2017 · 3 comments
Labels
fixed

Comments

@rwhitworth
Copy link

Hello, I was using American Fuzzy Lop (afl-fuzz) to fuzz input to the ravi program on Linux. Is fixing the crashes from these input files something you're interested in? The input files can be found here: https://github.com/rwhitworth/ravi-fuzz/tree/master/2017-06-02

The files can be executed as ./ravi id_filename to cause seg faults. Git commit bb371e9 was used for testing

Let me know if I can provide any more information to help narrow down this issue.
@rwhitworth
Copy link
Author

gdb backtraces:

Core was generated by `./ravi output/ravi-1/crashes/id:000000,sig:11,src:000969,op:arith8,pos:2077,val'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0  0x00007f800b0eb225 in luaH_getshortstr (t=<optimized out>, key=<optimized out>) at /root/ravi/include/ltable.h:85
85        Node *n = hashstr(t, key);
#0  0x00007f800b0eb225 in luaH_getshortstr (t=<optimized out>, key=<optimized out>) at /root/ravi/include/ltable.h:85
#1  luaV_execute (L=0x1c0a018) at /root/ravi/src/lvm.c:1902
#2  0x00007f800b0ac6ed in luaD_call (L=0x1c0a018, func=<optimized out>, nResults=<optimized out>) at /root/ravi/src/ldo.c:549
#3  luaD_callnoyield (L=0x1c0a018, func=<optimized out>, nResults=<optimized out>) at /root/ravi/src/ldo.c:559
#4  0x00007f800b095372 in f_call (L=0x7f800b317078, ud=0x7ffcd2f53510) at /root/ravi/src/lapi.c:1262
#5  0x00007f800b0a84d7 in luaD_rawrunprotected (L=0x1c0a018, f=0x7f800b095320 <f_call>, ud=0x7ffcd2f53510) at /root/ravi/src/ldo.c:142
#6  0x00007f800b0adb46 in luaD_pcall (L=0x1c0a018, func=0x7f800b528050, u=0x605500 <__afl_area_initial>, old_top=80, ef=64) at /root/ravi/src/ldo.c:779
#7  0x00007f800b0951a1 in lua_pcallk (L=0x1c0a018, nargs=<optimized out>, nresults=-1, errfunc=<optimized out>, ctx=<optimized out>, k=<optimized out>) at /root/ravi/src/lapi.c:1288
#8  0x000000000040345b in docall (L=0x1c0a018, narg=0, nres=-1) at /root/ravi/src/lua.c:214
#9  handle_script (L=0x1c0a018, argv=<optimized out>) at /root/ravi/src/lua.c:455
#10 pmain (L=0x1c0a018) at /root/ravi/src/lua.c:590
#11 0x00007f800b0ab18e in luaD_precall (L=0x1c0a018, func=<optimized out>, nresults=<optimized out>, op_call=<optimized out>) at /root/ravi/src/ldo.c:436
#12 0x00007f800b0ac6ba in luaD_call (L=0x1c0a018, func=<optimized out>, nResults=<optimized out>) at /root/ravi/src/ldo.c:548
#13 luaD_callnoyield (L=0x1c0a018, func=0x1c0a660, nResults=1) at /root/ravi/src/ldo.c:559
#14 0x00007f800b095372 in f_call (L=0x7f800b317078, ud=0x7ffcd2f53880) at /root/ravi/src/lapi.c:1262
#15 0x00007f800b0a84d7 in luaD_rawrunprotected (L=0x1c0a018, f=0x7f800b095320 <f_call>, ud=0x7ffcd2f53880) at /root/ravi/src/ldo.c:142
#16 0x00007f800b0adb46 in luaD_pcall (L=0x1c0a018, func=0x7f800b528050, u=0x605500 <__afl_area_initial>, old_top=16, ef=0) at /root/ravi/src/ldo.c:779
#17 0x00007f800b0951a1 in lua_pcallk (L=0x1c0a018, nargs=<optimized out>, nresults=1, errfunc=<optimized out>, ctx=<optimized out>, k=<optimized out>) at /root/ravi/src/lapi.c:1288
#18 0x0000000000402176 in main (argc=2, argv=0x7ffcd2f539e8) at /root/ravi/src/lua.c:626

Core was generated by `./ravi output/ravi-1/crashes/id:000001,sig:11,src:001464,op:flip2,pos:2093'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0  0x00007f0d823a6348 in luaV_execute (L=0xa7c018) at /root/ravi/src/lvm.c:1925
1925            raviH_get_float_inline(L, t, idx, ra);
#0  0x00007f0d823a6348 in luaV_execute (L=0xa7c018) at /root/ravi/src/lvm.c:1925
#1  0x00007f0d823606ed in luaD_call (L=0xa7c018, func=<optimized out>, nResults=<optimized out>) at /root/ravi/src/ldo.c:549
#2  luaD_callnoyield (L=0xa7c018, func=<optimized out>, nResults=<optimized out>) at /root/ravi/src/ldo.c:559
#3  0x00007f0d82349372 in f_call (L=0x7f0d825cb078, ud=0x7fffdeb9c6a0) at /root/ravi/src/lapi.c:1262
#4  0x00007f0d8235c4d7 in luaD_rawrunprotected (L=0xa7c018, f=0x7f0d82349320 <f_call>, ud=0x7fffdeb9c6a0) at /root/ravi/src/ldo.c:142
#5  0x00007f0d82361b46 in luaD_pcall (L=0xa7c018, func=0x7f0d827dc050, u=0x605500 <__afl_area_initial>, old_top=80, ef=64) at /root/ravi/src/ldo.c:779
#6  0x00007f0d823491a1 in lua_pcallk (L=0xa7c018, nargs=<optimized out>, nresults=-1, errfunc=<optimized out>, ctx=<optimized out>, k=<optimized out>) at /root/ravi/src/lapi.c:1288
#7  0x000000000040345b in docall (L=0xa7c018, narg=0, nres=-1) at /root/ravi/src/lua.c:214
#8  handle_script (L=0xa7c018, argv=<optimized out>) at /root/ravi/src/lua.c:455
#9  pmain (L=0xa7c018) at /root/ravi/src/lua.c:590
#10 0x00007f0d8235f18e in luaD_precall (L=0xa7c018, func=<optimized out>, nresults=<optimized out>, op_call=<optimized out>) at /root/ravi/src/ldo.c:436
#11 0x00007f0d823606ba in luaD_call (L=0xa7c018, func=<optimized out>, nResults=<optimized out>) at /root/ravi/src/ldo.c:548
#12 luaD_callnoyield (L=0xa7c018, func=0xa7c660, nResults=1) at /root/ravi/src/ldo.c:559
#13 0x00007f0d82349372 in f_call (L=0x7f0d825cb078, ud=0x7fffdeb9ca10) at /root/ravi/src/lapi.c:1262
#14 0x00007f0d8235c4d7 in luaD_rawrunprotected (L=0xa7c018, f=0x7f0d82349320 <f_call>, ud=0x7fffdeb9ca10) at /root/ravi/src/ldo.c:142
#15 0x00007f0d82361b46 in luaD_pcall (L=0xa7c018, func=0x7f0d827dc050, u=0x605500 <__afl_area_initial>, old_top=16, ef=0) at /root/ravi/src/ldo.c:779
#16 0x00007f0d823491a1 in lua_pcallk (L=0xa7c018, nargs=<optimized out>, nresults=1, errfunc=<optimized out>, ctx=<optimized out>, k=<optimized out>) at /root/ravi/src/lapi.c:1288
#17 0x0000000000402176 in main (argc=2, argv=0x7fffdeb9cb78) at /root/ravi/src/lua.c:626

@dibyendumajumdar
Copy link
Owner

Hi @rwhitworth

Thank you for taking the time to run the tests and report the results. I am somewhat tied up at the moment but will investigate the issue when I get some time (probably in a few weeks).

Regards

@dibyendumajumdar
Copy link
Owner

Looks like the issues reported here were fixed in #207

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
fixed
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@dibyendumajumdar @rwhitworth