Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix an init-deadlock in OPENSSL_INIT_LOAD_CRYPTO_STRINGS #21683

Closed
wants to merge 1 commit into from
Closed

Fix an init-deadlock in OPENSSL_INIT_LOAD_CRYPTO_STRINGS #21683

wants to merge 1 commit into from

Conversation

bernd-edlinger
Copy link
Member

This can be reproduced with my error injection patch.

The test vector has been validated on the master branch:

$ ERROR_INJECT=1692279870 ../util/shlib_wrap.sh ./asn1parse-test ./corpora/asn1parse/027f6e82ba01d9db9a9167b83e56cc9f2c602550 ERROR_INJECT=1692279870
#0 0x7f280b42fef8 in _sanitizer_print_stack_trace ../../../../src/libsanitizer/asan/asan_stack.cpp:86
#1 0x5610a3f396b4 in my_malloc fuzz/test-corpus.c:114
#2 0x7f280a2eb94c in CRYPTO_malloc crypto/mem.c:177
#3 0x7f280a2dafdb in OPENSSL_LH_insert crypto/lhash/lhash.c:114
#4 0x7f280a1c87fe in err_load_strings crypto/err/err.c:264
#5 0x7f280a1c87fe in err_load_strings crypto/err/err.c:259
#6 0x7f280a1c87fe in ERR_load_strings_const crypto/err/err.c:301
#7 0x7f280a6f513b in ossl_err_load_PROV_strings providers/common/provider_err.c:233
#8 0x7f280a1cf015 in ossl_err_load_crypto_strings crypto/err/err_all.c:109
#9 0x7f280a2e9b8c in ossl_init_load_crypto_strings crypto/init.c:190
#10 0x7f280a2e9b8c in ossl_init_load_crypto_strings_ossl crypto/init.c:181
#11 0x7f2808cfbf67 (/lib/x86_64-linux-gnu/libc.so.6+0x99f67)
#12 0x7f280a32301e in CRYPTO_THREAD_run_once crypto/threads_pthread.c:154
#13 0x7f280a2ea1da in OPENSSL_init_crypto crypto/init.c:553
#14 0x5610a3f38e2f in FuzzerInitialize fuzz/asn1parse.c:29
#15 0x5610a3f38783 in main fuzz/test-corpus.c:194
#16 0x7f2808c8bd8f (/lib/x86_64-linux-gnu/libc.so.6+0x29d8f)
#17 0x7f2808c8be3f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x29e3f)
#18 0x5610a3f38d34 in _start (/home/runner/work/openssl/openssl/fuzz/asn1parse-test+0x3d34)

AddressSanitizer:DEADLYSIGNAL
================================================================= ==27629==ERROR: AddressSanitizer: ABRT on unknown address 0x03e900006e23 (pc 0x7f2808cfbef8 bp 0x7f280b36afe0 sp 0x7ffd545b2460 T0)
#0 0x7f2808cfbef8 (/lib/x86_64-linux-gnu/libc.so.6+0x99ef8)
#1 0x7f280a32301e in CRYPTO_THREAD_run_once crypto/threads_pthread.c:154
#2 0x7f280a2ea1da in OPENSSL_init_crypto crypto/init.c:553
#3 0x7f280a1c935e in ossl_err_get_state_int crypto/err/err.c:705
#4 0x7f280a1cf1f9 in ERR_new crypto/err/err_blocks.c:20
#5 0x7f280a2eb9ac in CRYPTO_malloc crypto/mem.c:205
#6 0x7f280a2dafdb in OPENSSL_LH_insert crypto/lhash/lhash.c:114
#7 0x7f280a1c87fe in err_load_strings crypto/err/err.c:264
#8 0x7f280a1c87fe in err_load_strings crypto/err/err.c:259
#9 0x7f280a1c87fe in ERR_load_strings_const crypto/err/err.c:301
#10 0x7f280a6f513b in ossl_err_load_PROV_strings providers/common/provider_err.c:233
#11 0x7f280a1cf015 in ossl_err_load_crypto_strings crypto/err/err_all.c:109
#12 0x7f280a2e9b8c in ossl_init_load_crypto_strings crypto/init.c:190
#13 0x7f280a2e9b8c in ossl_init_load_crypto_strings_ossl_ crypto/init.c:181
#14 0x7f2808cfbf67 (/lib/x86_64-linux-gnu/libc.so.6+0x99f67)
#15 0x7f280a32301e in CRYPTO_THREAD_run_once crypto/threads_pthread.c:154
#16 0x7f280a2ea1da in OPENSSL_init_crypto crypto/init.c:553
#17 0x5610a3f38e2f in FuzzerInitialize fuzz/asn1parse.c:29
#18 0x5610a3f38783 in main fuzz/test-corpus.c:194
#19 0x7f2808c8bd8f (/lib/x86_64-linux-gnu/libc.so.6+0x29d8f)
#20 0x7f2808c8be3f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x29e3f)
#21 0x5610a3f38d34 in _start (/home/runner/work/openssl/openssl/fuzz/asn1parse-test+0x3d34)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: ABRT (/lib/x86_64-linux-gnu/libc.so.6+0x99ef8) ==27629==ABORTING

Checklist
  • documentation is added or updated
  • tests are added or updated

@slontis
Copy link
Member

slontis commented Aug 8, 2023

It might be good to include the offending OPENSSL_init_crypto() call in the commit message?

t8m
t8m requested changes Aug 8, 2023
View reviewed changes
crypto/err/err.c Outdated
Comment on lines 457 to 459
if (!OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL))
return 0;

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should it be moved to ossl_err_string_int() instead?

@t8m
Copy link
Member

t8m commented Aug 8, 2023
edited
Loading

Also the pyca external test failure seems relevant. Unfortunately it won't be trivial to fix I am afraid. Except it might be actually fixed by the suggestion I've made above. It is worth trying.

@bernd-edlinger
Copy link
Member Author

@t8m I tried to follow your suggestion, but since ossl_err_string_int
is a void return function there is no way to return an error code when
OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL) fails.
why do you prefer that function over get_error_values ?

@bernd-edlinger
Copy link
Member Author

No, this does not work at all, and caused:

65-test_cmp_ctx.t .. 
CMP error: reason(102)
    # total=11 len=11 msg='reason(100)'
    # 
    # total=45 len=34 msg='reason(103):data1 : data2
    # new line'
    # 
    # ERROR: (int) 'msg_total_size == expected_size' failed @ test/cmp_ctx_test.c:185
    # [45] compared to [48]
    # total=3605 len=3605 msg='reason(100):This is a 64 bytes looooooooooooooooooooooooooooooooong string.
    # This is a 64 bytes looooooooooooooooooooooooooooooooong string.
    # This is a 64 bytes looooooooooooooooooooooooooooooooong string.
    # This is a 64 bytes looooooooooooooooooooooooooooooooong string.
    # This is a 64 bytes looooooooooooooooooooooooooooooooong string.
    # This is a 64 bytes looooooooooooooooooooooooooooooooong string.
    # This is a 64 bytes looooooooooooooooooooooooooooooooong string.
    # This is a 61 bytes loooooooooooooooooooooooooooooong string.
    # <SEP>This is a 64 bytes looooooooooooooooooooooooooooooooong string.
    # This is a 64 bytes looooooooooooooooooooooooooooooooong string.
    # This is a 64 bytes looooooooooooooooooooooooooooooooong string.
    # This is a 64 bytes looooooooooooooooooooooooooooooooong string.
    # This is a 64 bytes looooooooooooooooooooooooooooooooong string.
    # This is a 64 bytes looooooooooooooooooooooooooooooooong string.
    # This is a 64 bytes looooooooooooooooooooooooooooooooong string.
    # This is a 61 bytes loooooooooooooooooooooooooooooong string.
    # <SEP>This is a 64 bytes looooooooooooooooooooooooooooooooong string.
    # This is a 64 bytes looooooooooooooooooooooooooooooooong string.
    # This is a 64 bytes looooooooooooooooooooooooooooooooong string.
    # This is a 64 bytes looooooooooooooooooooooooooooooooong string.
    # This is a 64 bytes looooooooooooooooooooooooooooooooong string.
    # This is a 64 bytes looooooooooooooooooooooooooooooooong string.
    # This is a 64 bytes looooooooooooooooooooooooooooooooong string.
    # This is a 61 bytes loooooooooooooooooooooooooooooong string.
    # <SEP>This is a 64 bytes looooooooooooooooooooooooooooooooong string.
    # This is a 64 bytes looooooooooooooooooooooooooooooooong string.
    # This is a 64 bytes looooooooooooooooooooooooooooooooong string.
    # This is a 64 bytes looooooooooooooooooooooooooooooooong string.
    # This is a 64 bytes looooooooooooooooooooooooooooooooong string.
    # This is a 64 bytes looooooooooooooooooooooooooooooooong string.
    # This is a 64 bytes looooooooooooooooooooooooooooooooong string.
    # This is a 61 bytes loooooooooooooooooooooooooooooong string.
    # <SEP>This is a 64 bytes looooooooooooooooooooooooooooooooong string.
    # This is a 64 bytes looooooooooooooooooooooooooooooooong string.
    # This is a 64 bytes looooooooooooooooooooooooooooooooong string.
    # This is a 64 bytes looooooooooooooooooooooooooooooooong string.
    # This is a 64 bytes looooooooooooooooooooooooooooooooong string.
    # This is a 64 bytes looooooooooooooooooooooooooooooooong string.
    # This is a 64 bytes looooooooooooooooooooooooooooooooong string.
    # This is a 61 bytes loooooooooooooooooooooooooooooong string.
    # <SEP>This is a 64 bytes looooooooooooooooooooooooooooooooong string.
    # This is a 64 bytes looooooooooooooooooooooooooooooooong string.
    # This is a 64 bytes looooooooooooooooooooooooooooooooong string.
    # This is a 64 bytes looooooooooooooooooooooooooooooooong string.
    # This is a 64 bytes looooooooooooooooooooooooooooooooong string.
    # This is a 64 bytes looooooooooooooooooooooooooooooooong string.
    # This is a 64 bytes looooooooooooooooooooooooooooooooong string.
    # This is a 61 bytes loooooooooooooooooooooooooooooong string.
    # <SEP>This is a 64 bytes looooooooooooooooooooooooooooooooong string.
    # This is a 64 bytes looooooooooooooooooooooooooooooooong string.
    # This is a 64 bytes looooooooooooooooooooooooooooooooong string.
    # This is a 64 bytes looooooooooooooooooooooooooooooooong string.
    # This is a 64 bytes looooooooooooooooooooooooooooooooong string.
    # This is a 64 bytes looooooooooooooooooooooooooooooooong string.
    # This is a 64 bytes looooooooooooooooooooooooooooooooong string.
    # This is a 61 bytes loooooooooooooooooooooooooooooong string.
    # '
    # 
    # total=4126 len=521 msg='reason(100):This is a 64 bytes looooooooooooooooooooooooooooooooong string.
    # This is a 64 bytes looooooooooooooooooooooooooooooooong string.
    # This is a 64 bytes looooooooooooooooooooooooooooooooong string.
    # This is a 64 bytes looooooooooooooooooooooooooooooooong string.
    # This is a 64 bytes looooooooooooooooooooooooooooooooong string.
    # This is a 64 bytes looooooooooooooooooooooooooooooooong string.
    # This is a 64 bytes looooooooooooooooooooooooooooooooong string.
    # This is a 61 bytes loooooooooooooooooooooooooooooong string.
    # '
    # 
    # ERROR: (int) 'msg_total_size == expected_size' failed @ test/cmp_ctx_test.c:198
    # [4126] compared to [4128]
    # OPENSSL_TEST_RAND_ORDER=1691519185
    not ok 6 - test_CTX_print_errors
# ------------------------------------------------------------------------------
../../util/wrap.pl ../../test/cmp_ctx_test => 1
not ok 1
65-test_cmp_ctx.t .. 1/? -------------------------------------------------------
#   Failed test at test/recipes/65-test_cmp_ctx.t line 24.
65-test_cmp_ctx.t .. Dubious, test returned 1 (wstat 256, 0x100)
Failed 1/1 subtests

t8m
t8m reviewed Aug 8, 2023
View reviewed changes
crypto/err/err.c Outdated
@@ -589,9 +589,10 @@ const char *ERR_lib_error_string(unsigned long e)
ERR_STRING_DATA d, *p;
unsigned long l;

if (!RUN_ONCE(&err_string_init, do_err_strings_init)) {
if (!OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Perhaps you need to also add it to ERR_reason_error_string() ?

@t8m
Copy link
Member

t8m commented Aug 8, 2023

The ci failure is quite strange now.

@bernd-edlinger bernd-edlinger force-pushed the fix_init_deadlock_in_init_load_crypto_strings branch from 4617789 to bd2a20e Compare August 9, 2023 05:52
t8m
t8m approved these changes Aug 9, 2023
View reviewed changes
Copy link
Member

@t8m t8m left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could you please amend the commit message so it tells about the final fix and not the previous attempts? Also I do not think it needs all the backtraces but it is up to you how detailed you want it to be.

@t8m t8m added branch: master Merge to master branch approval: review pending This pull request needs review by a committer triaged: bug The issue/pr is/fixes a bug tests: exempted The PR is exempt from requirements for testing labels Aug 9, 2023
@bernd-edlinger bernd-edlinger force-pushed the fix_init_deadlock_in_init_load_crypto_strings branch from bd2a20e to 9323bd4 Compare August 9, 2023 09:47
@bernd-edlinger
Fix an init-deadlock in OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_…
7602ee3 
…STRINGS)

A recursive OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS) call
may happen if an out-of-memory error happens at the first callstack,
and the dead-lock happens at the second callstack, because ossl_err_get_state_int
calls OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS) although that
call is currently already executing.

At least on posix system this causes the process to freeze at this
point, and must be avoided whatever it takes.

The fix is using err_shelve_state around the critical region, which
makes ossl_err_get_state_int return early and not call the recursive
OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS).

This can be reproduced with my error injection patch.

The test vector has been validated on the master branch:

$ ERROR_INJECT=1692279870 ../util/shlib_wrap.sh ./asn1parse-test ./corpora/asn1parse/027f6e82ba01d9db9a9167b83e56cc9f2c602550
ERROR_INJECT=1692279870
    #0 0x7f280b42fef8 in __sanitizer_print_stack_trace ../../../../src/libsanitizer/asan/asan_stack.cpp:86
    openssl#1 0x5610a3f396b4 in my_malloc fuzz/test-corpus.c:114
    openssl#2 0x7f280a2eb94c in CRYPTO_malloc crypto/mem.c:177
    openssl#3 0x7f280a2dafdb in OPENSSL_LH_insert crypto/lhash/lhash.c:114
    openssl#4 0x7f280a1c87fe in err_load_strings crypto/err/err.c:264
    openssl#5 0x7f280a1c87fe in err_load_strings crypto/err/err.c:259
    openssl#6 0x7f280a1c87fe in ERR_load_strings_const crypto/err/err.c:301
    openssl#7 0x7f280a6f513b in ossl_err_load_PROV_strings providers/common/provider_err.c:233
    openssl#8 0x7f280a1cf015 in ossl_err_load_crypto_strings crypto/err/err_all.c:109
    openssl#9 0x7f280a2e9b8c in ossl_init_load_crypto_strings crypto/init.c:190
    openssl#10 0x7f280a2e9b8c in ossl_init_load_crypto_strings_ossl_ crypto/init.c:181
    openssl#11 0x7f2808cfbf67  (/lib/x86_64-linux-gnu/libc.so.6+0x99f67)
    openssl#12 0x7f280a32301e in CRYPTO_THREAD_run_once crypto/threads_pthread.c:154
    openssl#13 0x7f280a2ea1da in OPENSSL_init_crypto crypto/init.c:553
    openssl#14 0x5610a3f38e2f in FuzzerInitialize fuzz/asn1parse.c:29
    openssl#15 0x5610a3f38783 in main fuzz/test-corpus.c:194
    openssl#16 0x7f2808c8bd8f  (/lib/x86_64-linux-gnu/libc.so.6+0x29d8f)
    openssl#17 0x7f2808c8be3f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x29e3f)
    openssl#18 0x5610a3f38d34 in _start (/home/runner/work/openssl/openssl/fuzz/asn1parse-test+0x3d34)

AddressSanitizer:DEADLYSIGNAL
=================================================================
==27629==ERROR: AddressSanitizer: ABRT on unknown address 0x03e900006e23 (pc 0x7f2808cfbef8 bp 0x7f280b36afe0 sp 0x7ffd545b2460 T0)
    #0 0x7f2808cfbef8  (/lib/x86_64-linux-gnu/libc.so.6+0x99ef8)
    openssl#1 0x7f280a32301e in CRYPTO_THREAD_run_once crypto/threads_pthread.c:154
    openssl#2 0x7f280a2ea1da in OPENSSL_init_crypto crypto/init.c:553
    openssl#3 0x7f280a1c935e in ossl_err_get_state_int crypto/err/err.c:705
    openssl#4 0x7f280a1cf1f9 in ERR_new crypto/err/err_blocks.c:20
    openssl#5 0x7f280a2eb9ac in CRYPTO_malloc crypto/mem.c:205
    openssl#6 0x7f280a2dafdb in OPENSSL_LH_insert crypto/lhash/lhash.c:114
    openssl#7 0x7f280a1c87fe in err_load_strings crypto/err/err.c:264
    openssl#8 0x7f280a1c87fe in err_load_strings crypto/err/err.c:259
    openssl#9 0x7f280a1c87fe in ERR_load_strings_const crypto/err/err.c:301
    openssl#10 0x7f280a6f513b in ossl_err_load_PROV_strings providers/common/provider_err.c:233
    openssl#11 0x7f280a1cf015 in ossl_err_load_crypto_strings crypto/err/err_all.c:109
    openssl#12 0x7f280a2e9b8c in ossl_init_load_crypto_strings crypto/init.c:190
    openssl#13 0x7f280a2e9b8c in ossl_init_load_crypto_strings_ossl_ crypto/init.c:181
    openssl#14 0x7f2808cfbf67  (/lib/x86_64-linux-gnu/libc.so.6+0x99f67)
    openssl#15 0x7f280a32301e in CRYPTO_THREAD_run_once crypto/threads_pthread.c:154
    openssl#16 0x7f280a2ea1da in OPENSSL_init_crypto crypto/init.c:553
    openssl#17 0x5610a3f38e2f in FuzzerInitialize fuzz/asn1parse.c:29
    openssl#18 0x5610a3f38783 in main fuzz/test-corpus.c:194
    openssl#19 0x7f2808c8bd8f  (/lib/x86_64-linux-gnu/libc.so.6+0x29d8f)
    openssl#20 0x7f2808c8be3f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x29e3f)
    openssl#21 0x5610a3f38d34 in _start (/home/runner/work/openssl/openssl/fuzz/asn1parse-test+0x3d34)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: ABRT (/lib/x86_64-linux-gnu/libc.so.6+0x99ef8)
==27629==ABORTING
@bernd-edlinger bernd-edlinger force-pushed the fix_init_deadlock_in_init_load_crypto_strings branch from 9323bd4 to 7602ee3 Compare August 9, 2023 10:41
@bernd-edlinger
Copy link
Member Author

I updated the commit message once more: I added this statement describing how the fix works (and removed the accidental stuff at the end):

A recursive OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS) call
may happen if an out-of-memory error happens at the first callstack,
and the dead-lock happens at the second callstack, because ossl_err_get_state_int
calls OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS) although that
call is currently already executing.

At least on posix system this causes the process to freeze at this
point, and must be avoided whatever it takes.

The fix is using err_shelve_state around the critical region, which
makes ossl_err_get_state_int return early and not call the recursive
OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS).

But I have still no Idea why
147e844
made the test_shlibload fail...

@t8m t8m requested a review from a team August 9, 2023 12:41
tom-cosgrove-arm
tom-cosgrove-arm approved these changes Aug 9, 2023
View reviewed changes
Copy link
Contributor

@tom-cosgrove-arm tom-cosgrove-arm left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@tom-cosgrove-arm tom-cosgrove-arm added approval: done This pull request has the required number of approvals and removed approval: review pending This pull request needs review by a committer labels Aug 9, 2023
@openssl-machine openssl-machine added approval: ready to merge The 24 hour grace period has passed, ready to merge and removed approval: done This pull request has the required number of approvals labels Aug 10, 2023
@openssl-machine
Copy link
Collaborator

This pull request is ready to merge

@bernd-edlinger
Copy link
Member Author

Merged to master as 6b1a127. Thanks!

openssl-machine pushed a commit that referenced this pull request Aug 10, 2023
@bernd-edlinger
Fix an init-deadlock in OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_…
6b1a127 
…STRINGS)

A recursive OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS) call
may happen if an out-of-memory error happens at the first callstack,
and the dead-lock happens at the second callstack, because ossl_err_get_state_int
calls OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS) although that
call is currently already executing.

At least on posix system this causes the process to freeze at this
point, and must be avoided whatever it takes.

The fix is using err_shelve_state around the critical region, which
makes ossl_err_get_state_int return early and not call the recursive
OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS).

This can be reproduced with my error injection patch.

The test vector has been validated on the master branch:

$ ERROR_INJECT=1692279870 ../util/shlib_wrap.sh ./asn1parse-test ./corpora/asn1parse/027f6e82ba01d9db9a9167b83e56cc9f2c602550
ERROR_INJECT=1692279870
    #0 0x7f280b42fef8 in __sanitizer_print_stack_trace ../../../../src/libsanitizer/asan/asan_stack.cpp:86
    #1 0x5610a3f396b4 in my_malloc fuzz/test-corpus.c:114
    #2 0x7f280a2eb94c in CRYPTO_malloc crypto/mem.c:177
    #3 0x7f280a2dafdb in OPENSSL_LH_insert crypto/lhash/lhash.c:114
    #4 0x7f280a1c87fe in err_load_strings crypto/err/err.c:264
    #5 0x7f280a1c87fe in err_load_strings crypto/err/err.c:259
    #6 0x7f280a1c87fe in ERR_load_strings_const crypto/err/err.c:301
    #7 0x7f280a6f513b in ossl_err_load_PROV_strings providers/common/provider_err.c:233
    #8 0x7f280a1cf015 in ossl_err_load_crypto_strings crypto/err/err_all.c:109
    #9 0x7f280a2e9b8c in ossl_init_load_crypto_strings crypto/init.c:190
    #10 0x7f280a2e9b8c in ossl_init_load_crypto_strings_ossl_ crypto/init.c:181
    #11 0x7f2808cfbf67  (/lib/x86_64-linux-gnu/libc.so.6+0x99f67)
    #12 0x7f280a32301e in CRYPTO_THREAD_run_once crypto/threads_pthread.c:154
    #13 0x7f280a2ea1da in OPENSSL_init_crypto crypto/init.c:553
    #14 0x5610a3f38e2f in FuzzerInitialize fuzz/asn1parse.c:29
    #15 0x5610a3f38783 in main fuzz/test-corpus.c:194
    #16 0x7f2808c8bd8f  (/lib/x86_64-linux-gnu/libc.so.6+0x29d8f)
    #17 0x7f2808c8be3f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x29e3f)
    #18 0x5610a3f38d34 in _start (/home/runner/work/openssl/openssl/fuzz/asn1parse-test+0x3d34)

AddressSanitizer:DEADLYSIGNAL
=================================================================
==27629==ERROR: AddressSanitizer: ABRT on unknown address 0x03e900006e23 (pc 0x7f2808cfbef8 bp 0x7f280b36afe0 sp 0x7ffd545b2460 T0)
    #0 0x7f2808cfbef8  (/lib/x86_64-linux-gnu/libc.so.6+0x99ef8)
    #1 0x7f280a32301e in CRYPTO_THREAD_run_once crypto/threads_pthread.c:154
    #2 0x7f280a2ea1da in OPENSSL_init_crypto crypto/init.c:553
    #3 0x7f280a1c935e in ossl_err_get_state_int crypto/err/err.c:705
    #4 0x7f280a1cf1f9 in ERR_new crypto/err/err_blocks.c:20
    #5 0x7f280a2eb9ac in CRYPTO_malloc crypto/mem.c:205
    #6 0x7f280a2dafdb in OPENSSL_LH_insert crypto/lhash/lhash.c:114
    #7 0x7f280a1c87fe in err_load_strings crypto/err/err.c:264
    #8 0x7f280a1c87fe in err_load_strings crypto/err/err.c:259
    #9 0x7f280a1c87fe in ERR_load_strings_const crypto/err/err.c:301
    #10 0x7f280a6f513b in ossl_err_load_PROV_strings providers/common/provider_err.c:233
    #11 0x7f280a1cf015 in ossl_err_load_crypto_strings crypto/err/err_all.c:109
    #12 0x7f280a2e9b8c in ossl_init_load_crypto_strings crypto/init.c:190
    #13 0x7f280a2e9b8c in ossl_init_load_crypto_strings_ossl_ crypto/init.c:181
    #14 0x7f2808cfbf67  (/lib/x86_64-linux-gnu/libc.so.6+0x99f67)
    #15 0x7f280a32301e in CRYPTO_THREAD_run_once crypto/threads_pthread.c:154
    #16 0x7f280a2ea1da in OPENSSL_init_crypto crypto/init.c:553
    #17 0x5610a3f38e2f in FuzzerInitialize fuzz/asn1parse.c:29
    #18 0x5610a3f38783 in main fuzz/test-corpus.c:194
    #19 0x7f2808c8bd8f  (/lib/x86_64-linux-gnu/libc.so.6+0x29d8f)
    #20 0x7f2808c8be3f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x29e3f)
    #21 0x5610a3f38d34 in _start (/home/runner/work/openssl/openssl/fuzz/asn1parse-test+0x3d34)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: ABRT (/lib/x86_64-linux-gnu/libc.so.6+0x99ef8)
==27629==ABORTING

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from #21683)
@bernd-edlinger bernd-edlinger mentioned this pull request Aug 10, 2023
Open
2 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@t8m t8m t8m approved these changes

@tom-cosgrove-arm tom-cosgrove-arm tom-cosgrove-arm approved these changes

Assignees
No one assigned
Labels
approval: ready to merge The 24 hour grace period has passed, ready to merge branch: master Merge to master branch tests: exempted The PR is exempt from requirements for testing triaged: bug The issue/pr is/fixes a bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@bernd-edlinger @slontis @t8m @openssl-machine @tom-cosgrove-arm