Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Abrt on unknown address (OSS-Fuzz 884) #518

Closed
nlohmann opened this issue Mar 17, 2017 · 1 comment
Closed

Abrt on unknown address (OSS-Fuzz 884) #518

nlohmann opened this issue Mar 17, 2017 · 1 comment
Assignees
@nlohmann
Labels
aspect: binary formats BSON, CBOR, MessagePack, UBJSON confirmed kind: bug
Milestone
Release 3.0.0

Comments

@nlohmann
Copy link
Owner 

Detailed report: https://oss-fuzz.com/testcase?key=5315478471835648

Project: json
Fuzzer: afl_json_parse_msgpack_fuzzer
Fuzz target binary: parse_msgpack_fuzzer
Job Type: afl_asan_json
Platform Id: linux

Crash Type: Abrt on unknown address 0x000000000001
Crash Address: 
Crash State:
  _start
  
Sanitizer: address (ASAN)

Reproducer Testcase: https://oss-fuzz.com/download/AMIfv96fkf9AwXKy-wXbV61t7B0JC38mg5zA4-rUOl-zRwncgV-WS83ugg7RnDc0TfzXL31HJbzmOk_qUOXy3YNOKytZU_avhvk8gH6o0GGeRczjdEO8DEwn2ha8HFU09-9Fw-Hh9ekhRlfTNOmIsSnleZYWEymX-eldkHDGnjwJyh4UDaQEcWgFtYb7kkssT4H-uA42bQpkauB4PsOG6NECCcpstleKoNAMMBPrsIiicvKPtn8CGF6SuilJXlkzZ3zAUwGdYA00m6ibSBMffRlbRjOKNq0T3rkW6r3cGn2mEOj2WQ_c4kzGvOZOXtgUA3F8bCLAXeBdSX2m6l2dcH5dS26wuHE3ZDDxpEYAXNxS0eiWPbeIlOPFwmTDhovUqXV7WEn8_mgvj4XjQC-6CakOaIBB9hawxcNBsArk4ZGi5U-ljMdW7jM?testcase_id=5315478471835648


Issue filed automatically.

See https://github.com/google/oss-fuzz/blob/master/docs/reproducing.md for more information.

This bug is subject to a 90 day disclosure deadline. If 90 days elapse
without an upstream patch, then the bug report will automatically
become visible to the public.

[Environment] ASAN_OPTIONS = redzone=32:handle_sigill=1:strict_string_check=1:allocator_release_to_os_interval_ms=500:strict_memcmp=1:detect_container_overflow=1:coverage=0:allocator_may_return_null=1:use_sigaltstack=1:detect_stack_use_after_return=1:alloc_dealloc_mismatch=0:detect_leaks=1:print_scariness=1:strip_path_prefix=/workspace/:max_uar_stack_size_log=16:handle_abort=1:check_malloc_usable_size=0:quarantine_size_mb=10:detect_odr_violation=0:symbolize=0:handle_segv=1:fast_unwind_on_fatal=0
[Environment] LSAN_OPTIONS = symbolize=1:external_symbolizer_path=/mnt/scratch0/clusterfuzz/scripts/linux/llvm-symbolizer
parse_msgpack_fuzzer: src/fuzzer-parse_msgpack.cpp:45: int LLVMFuzzerTestOneInput(const uint8_t *, size_t): Assertion `j1 == j2 failed.
ASAN:DEADLYSIGNAL
=================================================================
==1==ERROR: AddressSanitizer: ABRT on unknown address 0x000000000001 (pc 0x7f1ba631e418 bp 0x0000005b6a80 sp 0x7ffc3cb95148 T0)
SCARINESS: 10 (signal)
#0 0x7f1ba631e417 in gsignal
#1 0x7f1ba6320019 in abort
#2 0x7f1ba6316bd6 in libc.so.6
#3 0x7f1ba6316c81 in __assert_fail
#4 0x512b27 in LLVMFuzzerTestOneInput /src/json/test/src/fuzzer-parse_msgpack.cpp:45:13
#5 0x5122e3 in main /src/libfuzzer/afl/afl_driver.cpp:287:7
#6 0x7f1ba630982f in __libc_start_main
#7 0x41b588 in _start
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: ABRT (/lib/x86_64-linux-gnu/libc.so.6+0x35417)
==1==ABORTING

clusterfuzz-testcase-5315478471835648.zip
@nlohmann
Copy link
Owner Author

This seems to be the same reason as #516: comparison of NaN.

@nlohmann nlohmann mentioned this issue Mar 17, 2017
Closed
nlohmann added a commit that referenced this issue Mar 17, 2017
@nlohmann
🚑 fix for #516 and #518
f547679 
We should compare the binary serializations rather than the JSON values
themselves. This fix was already done for CBOR and apparently forgotten
for MessagePack.
@nlohmann nlohmann added the solution: proposed fix a fix for the issue has been proposed and waits for confirmation label Mar 17, 2017
@nlohmann nlohmann self-assigned this Mar 17, 2017
@nlohmann nlohmann modified the milestone: Release 3.0.0 Mar 17, 2017
@nlohmann nlohmann added the aspect: binary formats BSON, CBOR, MessagePack, UBJSON label Mar 28, 2017
@nlohmann nlohmann removed the solution: proposed fix a fix for the issue has been proposed and waits for confirmation label Apr 7, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@nlohmann nlohmann

Labels
aspect: binary formats BSON, CBOR, MessagePack, UBJSON confirmed kind: bug
Projects
None yet
Milestone
Release 3.0.0
Development

No branches or pull requests
1 participant
@nlohmann