forked from NetBSD/src
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Fuzzing agrep regex(3): null pointer bug found
- Loading branch information
Showing
3 changed files
with
37 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,18 @@ | ||
| # $NetBSD: Makefile,v 1.15 2007/05/28 12:06:25 tls Exp $ | ||
| # @(#)Makefile 8.2 (Berkeley) 4/2/94 | ||
|
|
||
| .include <bsd.own.mk> | ||
|
|
||
| PROG= main | ||
| .PATH: ../ | ||
| SRCS= fuzz_regcomp.c | ||
| .PATH: ../../../../ | ||
| SRCS+= main.c | ||
| .PATH: ${NETBSDSRCDIR}/external/bsd/tre/dist/lib | ||
| SRCS+= regcomp.c regerror.c regexec.c | ||
| SRCS+= tre-compile.c tre-stack.c tre-mem.c tre-ast.c tre-match-backtrack.c tre-match-approx.c tre-match-parallel.c tre-parse.c | ||
| # .PATH: ${NETBSDSRCDIR}/external/gpl2/grep/dist/intl | ||
|
|
||
| CPPFLAGS+=-g -I${NETBSDSRCDIR}/external/bsd/tre/dist/lib/ -I${NETBSDSRCDIR}/external/bsd/tre/include -DHAVE_CONFIG_H=1 -DTRE_SYSTEM_REGEX_H_PATH=\"${NETBSDSRCDIR}/include/regex.h\" -DTRE_USE_SYSTEM_REGEX_H=1 -DTRE_REGEX_T_FIELD=re_g | ||
|
|
||
| .include <bsd.prog.mk> |
1 change: 1 addition & 0 deletions
1
tests/fuzz/regex/agrep/regcomp/bug/crash-5af0c7b1443df5b7824086851d5ce0c62c83185f
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1 @@ | ||
| *\{1+, \}\{2, \} |
18 changes: 18 additions & 0 deletions
18
tests/fuzz/regex/agrep/regcomp/bug/output-5af0c7b1443df5b7824086851d5ce0c62c83185f
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,18 @@ | ||
| UndefinedBehaviorSanitizer:DEADLYSIGNAL | ||
| ==25755==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x000000000000 (pc 0x000000412b2b bp 0x7f7fffffd060 sp 0x7f7fffffcf00 T1) | ||
| ==25755==The signal is caused by a READ memory access. | ||
| ==25755==Hint: address points to the zero page. | ||
| #0 0x412b2a in tre_match_empty /public/src/external/bsd/tre/dist/lib/tre-compile.c:1259:17 | ||
| #1 0x46e128 in __sanitizer::HandleDeadlySignal(void*, void*, unsigned int, void (*)(__sanitizer::SignalContext const&, void const*, __sanitizer::BufferedStackTrace*), void const*) /public/llvm/projects/compiler-rt/lib/sanitizer_common/sanitizer_symbolizer_report.cc:234:3 | ||
|
|
||
| UndefinedBehaviorSanitizer can not provide additional info. | ||
| ==25755==ABORTING | ||
| MS: 2 ChangeASCIIInt-ManualDict- DE: "+"-; base unit: 6735f1c4f939e8b7ff4a9814913e24b54e3b6688 | ||
| 0x2a,0x5c,0x7b,0x31,0x2b,0x2c,0x20,0x5c,0x7d,0x5c,0x7b,0x32,0x2c,0x20,0x5c,0x7d, | ||
| *\\{1+, \\}\\{2, \\} | ||
| artifact_prefix='./'; Test unit written to ./crash-5af0c7b1443df5b7824086851d5ce0c62c83185f | ||
| Base64: Klx7MSssIFx9XHsyLCBcfQ== | ||
| *** Error code 1 | ||
|
|
||
| Stop. | ||
| make: stopped in /public/src/tests/fuzz/regex/agrep/regcomp |