When the following mruby code is executed with mruby in
version 63c7ff3, mruby crashes because of a segmentation violation:
#This input causes mruby to crash
#this bug was found using nautilus 2.0: https://github.com/nautilus-fuzz/nautilus
d=[1,nil," sdfg"]
srand(1337)
b = to_s.srand()
c = File.new(b)
a = d.prepend(c)
c = File.select(d)
ASAN output:
AddressSanitizer:DEADLYSIGNAL
=================================================================
==84900==ERROR: AddressSanitizer: SEGV on unknown address 0x1000802b320e (pc 0x00000072e9ad bp 0x7ffffc59bcf0 sp 0x7ffffc59a6a0 T0)
==84900==The signal is caused by a READ memory access.
#0 0x72e9ac in mrb_io_s_select (/fuzzing/targets/binary_backups/mruby_current_ASAN_no_instrumentation+0x72e9ac)
#1 0x62c651 in mrb_vm_exec (/fuzzing/targets/binary_backups/mruby_current_ASAN_no_instrumentation+0x62c651)
#2 0x61c3d4 in mrb_vm_run (/fuzzing/targets/binary_backups/mruby_current_ASAN_no_instrumentation+0x61c3d4)
#3 0x67323f in mrb_top_run (/fuzzing/targets/binary_backups/mruby_current_ASAN_no_instrumentation+0x67323f)
#4 0x5eda0d in mrb_load_exec (/fuzzing/targets/binary_backups/mruby_current_ASAN_no_instrumentation+0x5eda0d)
#5 0x5ee71d in mrb_load_file_cxt (/fuzzing/targets/binary_backups/mruby_current_ASAN_no_instrumentation+0x5ee71d)
#6 0x4c56df in main (/fuzzing/targets/binary_backups/mruby_current_ASAN_no_instrumentation+0x4c56df)
#7 0x7fc551b5e1e2 in __libc_start_main /build/glibc-t7JzpG/glibc-2.30/csu/../csu/libc-start.c:308:16
#8 0x41c68d in _start (/fuzzing/targets/binary_backups/mruby_current_ASAN_no_instrumentation+0x41c68d)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV (/fuzzing/targets/binary_backups/mruby_current_ASAN_no_instrumentation+0x72e9ac) in mrb_io_s_select
==84900==ABORTING
When the following mruby code is executed with mruby in
version 63c7ff3, mruby crashes because of a segmentation violation:
ASAN output: