【标题描述】bio_reader.c 出现 use-of-uninitialized-value
【环境信息】
硬件信息:
1) x86
软件信息:
1) openEuler 21.09
2) 软件信息
Name: strongswan
Version: 5.7.2
Release: 7
【问题复现步骤】
1、获取源码
rpmbuild -bp strongswan.spec
2、打补丁
3、编译
python3 infra/helper.py build_fuzzers --sanitizer memory strongswan
4、运行
python3 infra/helper.py run_fuzzer strongswan fuzz_pa_tnc
或
python3 infra/helper.py run_fuzzer strongswan fuzz_pb_tnc
【预期结果】
描述预期结果,可以通过对比新老版本获取
【实际结果】
==8==WARNING: MemorySanitizer: use-of-uninitialized-value
#0 0x5c37a1 in read_uint24_internal /src/strongswan/src/libstrongswan/bio/bio_reader.c:134:9
#1 0x5c3354 in read_uint24 /src/strongswan/src/libstrongswan/bio/bio_reader.c:205:9
#2 0x55c1af in process /src/strongswan/src/libimcv/pa_tnc/pa_tnc_msg.c:213:2
#3 0x51f84c in LLVMFuzzerTestOneInput /src/strongswan/fuzz/fuzz_pa_tnc.c:43:6
#4 0x459341 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:556:15
#5 0x4446a2 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:296:6
#6 0x44a737 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:776:9
#7 0x472d82 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:19:10
#8 0x7f232a5f482f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
#9 0x41ecb8 in _start (/out/fuzz_pa_tnc+0x41ecb8)
Uninitialized value was created by an allocation of 'tmp' in the stack frame of function 'read_uint24_internal'
#0 0x5c3360 in read_uint24_internal /src/strongswan/src/libstrongswan/bio/bio_reader.c:124
SUMMARY: MemorySanitizer: use-of-uninitialized-value /src/strongswan/src/libstrongswan/bio/bio_reader.c:134:9 in read_uint24_internal
【附件信息】
比如系统message日志/组件日志、dump信息、图片等
Hey yanglijin, welcome to the openEuler Community.
I'm the Bot here serving you. You can find the instructions on how to interact with me at
https://gitee.com/openeuler/community/blob/master/en/sig-infrastructure/command.md.
If you have any questions, please contact the SIG: Application, and any of the maintainers: @jimmy_hero, @朱春意, @Alex_Chao, @惊奇脆片饼干, @wx897463, @BigSkySea, @small_leek.
此处可能存在不合适展示的内容,页面不予展示。您可通过相关编辑功能自查并修改。
如您确认内容无涉及 不当用语 / 纯广告导流 / 暴力 / 低俗色情 / 侵权 / 盗版 / 虚假 / 无价值内容或违法国家有关法律法规的内容,可点击提交进行申诉,我们将尽快为您处理。
登录 后才可以发表评论