- Notifications
You must be signed in to change notification settings - Fork2
Closed
Description
Hi!
I am interested in your project. I tried to use it for fuzzing.
I got a segfault when I ran pulp2json with a file containing "<M(hg".
[user@alty-10 console_demo]$ ./pulp2json input Ошибка сегментирования[user@alty-10 console_demo]$ cat input<M(hg
If I compile blobstamper with ASAN, I get this:
[user@alty-10 console_demo]$ ./pulp2json buf AddressSanitizer:DEADLYSIGNAL===================================================================3995==ERROR: AddressSanitizer: SEGV on unknown address (pc 0x562e6cc62018 bp 0x7fff622a69a0 sp 0x7fff622a6940 T0)==3995==The signal is caused by a READ memory access.==3995==Hint: this fault was caused by a dereference of a high value address (see register values below). Dissassemble the provided pc to learn which register was used. #0 0x562e6cc62018 in __gnu_cxx::__exchange_and_add(int volatile*, int) /usr/include/c++/10/ext/atomicity.h:50 #1 0x562e6cc62018 in __gnu_cxx::__exchange_and_add_dispatch(int*, int) /usr/include/c++/10/ext/atomicity.h:84 #2 0x562e6cc62018 in std::_Sp_counted_base<(__gnu_cxx::_Lock_policy)2>::_M_release() /usr/include/c++/10/bits/shared_ptr_base.h:155 #3 0x562e6cc618fd in std::__shared_count<(__gnu_cxx::_Lock_policy)2>::~__shared_count() /usr/include/c++/10/bits/shared_ptr_base.h:736 #4 0x562e6cc90c1f in std::__shared_ptr<StampJSONHashEl, (__gnu_cxx::_Lock_policy)2>::~__shared_ptr() /usr/include/c++/10/bits/shared_ptr_base.h:1188 #5 0x562e6cc94a0b in std::__shared_ptr<StampJSONHashEl, (__gnu_cxx::_Lock_policy)2>::operator=(std::__shared_ptr<StampJSONHashEl, (__gnu_cxx::_Lock_policy)2>&&) /usr/include/c++/10/bits/shared_ptr_base.h:1284 #6 0x562e6cc92517 in std::shared_ptr<StampJSONHashEl>::operator=(std::shared_ptr<StampJSONHashEl>&&) /usr/include/c++/10/bits/shared_ptr.h:384 #7 0x562e6cc90e1f in StampJSONHash::StampJSONHash(std::shared_ptr<PoolPickerStamp>) blobstamper/stamp_json.h:92 #8 0x562e6cca34e7 in void __gnu_cxx::new_allocator<StampJSONHash>::construct<StampJSONHash, std::shared_ptr<StampJSON> >(StampJSONHash*, std::shared_ptr<StampJSON>&&) /usr/include/c++/10/ext/new_allocator.h:156 #9 0x562e6cca15e1 in void std::allocator_traits<std::allocator<StampJSONHash> >::construct<StampJSONHash, std::shared_ptr<StampJSON> >(std::allocator<StampJSONHash>&, StampJSONHash*, std::shared_ptr<StampJSON>&&) /usr/include/c++/10/bits/alloc_traits.h:512 #10 0x562e6cca0791 in std::_Sp_counted_ptr_inplace<StampJSONHash, std::allocator<StampJSONHash>, (__gnu_cxx::_Lock_policy)2>::_Sp_counted_ptr_inplace<std::shared_ptr<StampJSON> >(std::allocator<StampJSONHash>, std::shared_ptr<StampJSON>&&) /usr/include/c++/10/bits/shared_ptr_base.h:551 #11 0x562e6cc9e3ec in std::__shared_count<(__gnu_cxx::_Lock_policy)2>::__shared_count<StampJSONHash, std::allocator<StampJSONHash>, std::shared_ptr<StampJSON> >(StampJSONHash*&, std::_Sp_alloc_shared_tag<std::allocator<StampJSONHash> >, std::shared_ptr<StampJSON>&&) /usr/include/c++/10/bits/shared_ptr_base.h:682 #12 0x562e6cc9be01 in std::__shared_ptr<StampJSONHash, (__gnu_cxx::_Lock_policy)2>::__shared_ptr<std::allocator<StampJSONHash>, std::shared_ptr<StampJSON> >(std::_Sp_alloc_shared_tag<std::allocator<StampJSONHash> >, std::shared_ptr<StampJSON>&&) /usr/include/c++/10/bits/shared_ptr_base.h:1376 #13 0x562e6cc995e0 in std::shared_ptr<StampJSONHash>::shared_ptr<std::allocator<StampJSONHash>, std::shared_ptr<StampJSON> >(std::_Sp_alloc_shared_tag<std::allocator<StampJSONHash> >, std::shared_ptr<StampJSON>&&) /usr/include/c++/10/bits/shared_ptr.h:408 #14 0x562e6cc96a42 in std::shared_ptr<StampJSONHash> std::allocate_shared<StampJSONHash, std::allocator<StampJSONHash>, std::shared_ptr<StampJSON> >(std::allocator<StampJSONHash> const&, std::shared_ptr<StampJSON>&&) /usr/include/c++/10/bits/shared_ptr.h:862 #15 0x562e6cc93df9 in std::shared_ptr<StampJSONHash> std::make_shared<StampJSONHash, std::shared_ptr<StampJSON> >(std::shared_ptr<StampJSON>&&) /usr/include/c++/10/bits/shared_ptr.h:878 #16 0x562e6cc8cc52 in StampJSON::StampJSON() blobstamper/stamp_json.cpp:163 #17 0x562e6cc64bb2 in void __gnu_cxx::new_allocator<StampJSON>::construct<StampJSON>(StampJSON*) (/home/user/libblobstamper/console_demo/pulp2json+0x15bb2) #18 0x562e6cc648ea in void std::allocator_traits<std::allocator<StampJSON> >::construct<StampJSON>(std::allocator<StampJSON>&, StampJSON*) (/home/user/libblobstamper/console_demo/pulp2json+0x158ea) #19 0x562e6cc643fa in std::_Sp_counted_ptr_inplace<StampJSON, std::allocator<StampJSON>, (__gnu_cxx::_Lock_policy)2>::_Sp_counted_ptr_inplace<>(std::allocator<StampJSON>) (/home/user/libblobstamper/console_demo/pulp2json+0x153fa) #20 0x562e6cc639be in std::__shared_count<(__gnu_cxx::_Lock_policy)2>::__shared_count<StampJSON, std::allocator<StampJSON>>(StampJSON*&, std::_Sp_alloc_shared_tag<std::allocator<StampJSON> >) (/home/user/libblobstamper/console_demo/pulp2json+0x149be) #21 0x562e6cc63334 in std::__shared_ptr<StampJSON, (__gnu_cxx::_Lock_policy)2>::__shared_ptr<std::allocator<StampJSON>>(std::_Sp_alloc_shared_tag<std::allocator<StampJSON> >) (/home/user/libblobstamper/console_demo/pulp2json+0x14334) #22 0x562e6cc62d59 in std::shared_ptr<StampJSON>::shared_ptr<std::allocator<StampJSON>>(std::_Sp_alloc_shared_tag<std::allocator<StampJSON> >) (/home/user/libblobstamper/console_demo/pulp2json+0x13d59) #23 0x562e6cc6270f in std::shared_ptr<StampJSON> std::allocate_shared<StampJSON, std::allocator<StampJSON>>(std::allocator<StampJSON> const&) (/home/user/libblobstamper/console_demo/pulp2json+0x1370f) #24 0x562e6cc61e4b in std::shared_ptr<StampJSON> std::make_shared<StampJSON>() (/home/user/libblobstamper/console_demo/pulp2json+0x12e4b) #25 0x562e6cc60f55 in main (/home/user/libblobstamper/console_demo/pulp2json+0x11f55) #26 0x7f6f0704eefc in __libc_start_main (/lib64/libc.so.6+0x27efc) #27 0x562e6cc606d9 in _start (/home/user/libblobstamper/console_demo/pulp2json+0x116d9)AddressSanitizer can not provide additional info.SUMMARY: AddressSanitizer: SEGV /usr/include/c++/10/ext/atomicity.h:50 in __gnu_cxx::__exchange_and_add(int volatile*, int)==3995==ABORTING
Reproduced in Alt Linux p10
Linux 6.1.49-un-def-alt1 #1 SMP PREEMPT_DYNAMIC Sun Aug 27 21:19:35 UTC 2023 x86_64 GNU/Linuxgcc version 10.3.1 20210703 (ALT Sisyphus 10.3.1-alt2) (GCC)
Metadata
Metadata
Assignees
Labels
No labels