You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
As part of our fuzzing efforts at Google, we have identified an issue affecting
sleuthkit (tested with revision * develop ae71fc2).
To reproduce, we are attaching a Dockerfile which compiles the project with
LLVM, taking advantage of the sanitizers that it offers. More information about
how to use the attached Dockerfile can be found here: https://docs.docker.com/engine/reference/builder/
And, back inside the container: /fuzzing/repro.sh /fuzzing/reproducer
Alternatively, and depending on the bug, you could use gcc, valgrind or other
instrumentation tools to aid in the investigation. The sanitizer error that we
encountered is here:
Direct leak of 240 byte(s) in 1 object(s) allocated from:
#0 0x4ccf98 in __interceptor_malloc (/fuzzing/sleuthkit/tools/fstools/fls+0x4ccf98) #1 0x5bb23e in tsk_malloc /fuzzing/sleuthkit/tsk/base/mymalloc.c:32:16 #2 0x514ab3 in tsk_fs_meta_alloc /fuzzing/sleuthkit/tsk/fs/fs_inode.c:42:29 #3 0x5d1c1d in ext2fs_inode_lookup /fuzzing/sleuthkit/tsk/fs/ext2fs.c:857:17 #4 0x5138bc in tsk_fs_file_open_meta /fuzzing/sleuthkit/tsk/fs/fs_file.c:128:9 #5 0x5f292b in ext2fs_dir_open_meta /fuzzing/sleuthkit/tsk/fs/ext2fs_dent.c:310:13 #6 0x50f57d in tsk_fs_dir_open_meta /fuzzing/sleuthkit/tsk/fs/fs_dir.c:290:14 #7 0x510332 in tsk_fs_dir_walk_lcl /fuzzing/sleuthkit/tsk/fs/fs_dir.c:556:19 #8 0x510167 in tsk_fs_dir_walk /fuzzing/sleuthkit/tsk/fs/fs_dir.c:817:14 #9 0x50d95e in tsk_fs_fls /fuzzing/sleuthkit/tsk/fs/fls_lib.c:262:12 #10 0x509061 in main /fuzzing/sleuthkit/tools/fstools/fls.cpp:307:9 #11 0x7fe15e8c02b0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202b0)
Indirect leak of 120 byte(s) in 1 object(s) allocated from:
#0 0x4ccf98 in __interceptor_malloc (/fuzzing/sleuthkit/tools/fstools/fls+0x4ccf98) #1 0x5bb23e in tsk_malloc /fuzzing/sleuthkit/tsk/base/mymalloc.c:32:16 #2 0x514aec in tsk_fs_meta_alloc /fuzzing/sleuthkit/tsk/fs/fs_inode.c:48:37 #3 0x5d1c1d in ext2fs_inode_lookup /fuzzing/sleuthkit/tsk/fs/ext2fs.c:857:17 #4 0x5138bc in tsk_fs_file_open_meta /fuzzing/sleuthkit/tsk/fs/fs_file.c:128:9 #5 0x5f292b in ext2fs_dir_open_meta /fuzzing/sleuthkit/tsk/fs/ext2fs_dent.c:310:13 #6 0x50f57d in tsk_fs_dir_open_meta /fuzzing/sleuthkit/tsk/fs/fs_dir.c:290:14 #7 0x510332 in tsk_fs_dir_walk_lcl /fuzzing/sleuthkit/tsk/fs/fs_dir.c:556:19 #8 0x510167 in tsk_fs_dir_walk /fuzzing/sleuthkit/tsk/fs/fs_dir.c:817:14 #9 0x50d95e in tsk_fs_fls /fuzzing/sleuthkit/tsk/fs/fls_lib.c:262:12 #10 0x509061 in main /fuzzing/sleuthkit/tools/fstools/fls.cpp:307:9 #11 0x7fe15e8c02b0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202b0)
SUMMARY: AddressSanitizer: 360 byte(s) leaked in 2 allocation(s).
Read offset too large for image file (tsk_img_read - 3072) (fatfs_open: boot sector)
Invalid magic value (not an HFS+ file system (magic))
Invalid magic value (Invalid FS type in iso9660_open)
Invalid magic value (Not a NTFS file system (magic))
Invalid magic value (File is not a DOS partition (invalid primary magic) (Sector: 0))
Read offset too large for image file (tsk_img_read - 4096) (MAC Partition entry 1)
Invalid API argument (tsk_img_read: a_off: 18446744073709543424) (GPT Header structure in Sector: 18446744073709551615)
Invalid magic value (SUN (intel) partition table (Sector: 0) 0)
We will gladly work with you so you can successfully confirm and reproduce this
issue. Do let us know if you have any feedback surrounding the documentation.
Once you have reproduced the issue, we'd appreciate to learn your expected
timeline for an update to be released. With any fix, please attribute the report
to "Google Autofuzz project".
We are also pleased to inform you that your project is eligible for inclusion to
the OSS-Fuzz project, which can provide additional continuous fuzzing, and
encourage you to investigate integration options.
Don't hesitate to let us know if you have any questions!
Hello sleuthkit team,
As part of our fuzzing efforts at Google, we have identified an issue affecting
sleuthkit (tested with revision * develop ae71fc2).
To reproduce, we are attaching a Dockerfile which compiles the project with
LLVM, taking advantage of the sanitizers that it offers. More information about
how to use the attached Dockerfile can be found here:
https://docs.docker.com/engine/reference/builder/
TL;DR instructions:
mkdir project
cp Dockerfile /path/to/project
docker build --no-cache /path/to/project
docker run -it image_id_from_docker_build
From another terminal, outside the container:
docker cp /path/to/attached/reproducer running_container_hostname:/fuzzing/reproducer
(reference: https://docs.docker.com/engine/reference/commandline/cp/)
And, back inside the container:
/fuzzing/repro.sh /fuzzing/reproducer
Alternatively, and depending on the bug, you could use gcc, valgrind or other
instrumentation tools to aid in the investigation. The sanitizer error that we
encountered is here:
REPRO_START:* develop ae71fc2
=================================================================
==10==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 240 byte(s) in 1 object(s) allocated from:
#0 0x4ccf98 in __interceptor_malloc (/fuzzing/sleuthkit/tools/fstools/fls+0x4ccf98)
#1 0x5bb23e in tsk_malloc /fuzzing/sleuthkit/tsk/base/mymalloc.c:32:16
#2 0x514ab3 in tsk_fs_meta_alloc /fuzzing/sleuthkit/tsk/fs/fs_inode.c:42:29
#3 0x5d1c1d in ext2fs_inode_lookup /fuzzing/sleuthkit/tsk/fs/ext2fs.c:857:17
#4 0x5138bc in tsk_fs_file_open_meta /fuzzing/sleuthkit/tsk/fs/fs_file.c:128:9
#5 0x5f292b in ext2fs_dir_open_meta /fuzzing/sleuthkit/tsk/fs/ext2fs_dent.c:310:13
#6 0x50f57d in tsk_fs_dir_open_meta /fuzzing/sleuthkit/tsk/fs/fs_dir.c:290:14
#7 0x510332 in tsk_fs_dir_walk_lcl /fuzzing/sleuthkit/tsk/fs/fs_dir.c:556:19
#8 0x510167 in tsk_fs_dir_walk /fuzzing/sleuthkit/tsk/fs/fs_dir.c:817:14
#9 0x50d95e in tsk_fs_fls /fuzzing/sleuthkit/tsk/fs/fls_lib.c:262:12
#10 0x509061 in main /fuzzing/sleuthkit/tools/fstools/fls.cpp:307:9
#11 0x7fe15e8c02b0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202b0)
Indirect leak of 120 byte(s) in 1 object(s) allocated from:
#0 0x4ccf98 in __interceptor_malloc (/fuzzing/sleuthkit/tools/fstools/fls+0x4ccf98)
#1 0x5bb23e in tsk_malloc /fuzzing/sleuthkit/tsk/base/mymalloc.c:32:16
#2 0x514aec in tsk_fs_meta_alloc /fuzzing/sleuthkit/tsk/fs/fs_inode.c:48:37
#3 0x5d1c1d in ext2fs_inode_lookup /fuzzing/sleuthkit/tsk/fs/ext2fs.c:857:17
#4 0x5138bc in tsk_fs_file_open_meta /fuzzing/sleuthkit/tsk/fs/fs_file.c:128:9
#5 0x5f292b in ext2fs_dir_open_meta /fuzzing/sleuthkit/tsk/fs/ext2fs_dent.c:310:13
#6 0x50f57d in tsk_fs_dir_open_meta /fuzzing/sleuthkit/tsk/fs/fs_dir.c:290:14
#7 0x510332 in tsk_fs_dir_walk_lcl /fuzzing/sleuthkit/tsk/fs/fs_dir.c:556:19
#8 0x510167 in tsk_fs_dir_walk /fuzzing/sleuthkit/tsk/fs/fs_dir.c:817:14
#9 0x50d95e in tsk_fs_fls /fuzzing/sleuthkit/tsk/fs/fls_lib.c:262:12
#10 0x509061 in main /fuzzing/sleuthkit/tools/fstools/fls.cpp:307:9
#11 0x7fe15e8c02b0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202b0)
SUMMARY: AddressSanitizer: 360 byte(s) leaked in 2 allocation(s).
Read offset too large for image file (tsk_img_read - 3072) (fatfs_open: boot sector)
Invalid magic value (not an HFS+ file system (magic))
Invalid magic value (Invalid FS type in iso9660_open)
Invalid magic value (Not a NTFS file system (magic))
Invalid magic value (File is not a DOS partition (invalid primary magic) (Sector: 0))
Read offset too large for image file (tsk_img_read - 4096) (MAC Partition entry 1)
Invalid API argument (tsk_img_read: a_off: 18446744073709543424) (GPT Header structure in Sector: 18446744073709551615)
Invalid magic value (SUN (intel) partition table (Sector: 0) 0)
We will gladly work with you so you can successfully confirm and reproduce this
issue. Do let us know if you have any feedback surrounding the documentation.
Once you have reproduced the issue, we'd appreciate to learn your expected
timeline for an update to be released. With any fix, please attribute the report
to "Google Autofuzz project".
We are also pleased to inform you that your project is eligible for inclusion to
the OSS-Fuzz project, which can provide additional continuous fuzzing, and
encourage you to investigate integration options.
Don't hesitate to let us know if you have any questions!
Google AutoFuzz Team
Dockerfile.zip
poc-6a3abedee4a75daee438357e751206cffd68410349604be5cde1d7419147836b_min.zip
The text was updated successfully, but these errors were encountered: