代码拉取完成,页面将自动刷新
【环境信息】
x86
【测试版本】
Name: opusfile
Version: 0.11
Release: 2
【注意事项】
受影响版本排查(受影响/不受影响)
1、master
2、openEuler-LTS-20.03
3、openEuler-LTS-20.03-SP1
4、openEuler-LTS-20.03-Next
5、openEuler-20.09
【测试步骤】
1、编译
python3 infra/helper.py build_fuzzers --sanitizer memory opusfile
2、执行
python3 infra/helper.py run_fuzzer opusfile opusfile_fuzzer -rss_limit_mb=0
【报错信息】
#3694365 REDUCE cov: 64 ft: 98 corp: 18/11153b lim: 4096 exec/s: 10319 rss: 249Mb L: 4096/4096 MS: 2 CrossOver-CMP- DE: "S*\xe9\x94"-
Uninitialized bytes in MemcmpInterceptorCommon at offset 0 inside [0x7fff31ca6ef0, 4)
==13==WARNING: MemorySanitizer: use-of-uninitialized-value
#0 0x4d5afe in memcmp /src/llvm-project/compiler-rt/lib/msan/../sanitizer_common/sanitizer_common_interceptors.inc:877:10
#1 0x56b32c in ogg_sync_pageseek (/out/opusfile_fuzzer+0x56b32c)
#2 0x544c2e in op_get_next_page /src/opusfile/src/opusfile.c:192:10
#3 0x5433b8 in op_fetch_headers /src/opusfile/src/opusfile.c:577:8
#4 0x52f163 in op_open1 /src/opusfile/src/opusfile.c:1555:9
#5 0x52e8d2 in op_test_callbacks /src/opusfile/src/opusfile.c:1606:9
#6 0x52fcd6 in op_open_callbacks /src/opusfile/src/opusfile.c:1623:6
#7 0x530410 in op_open_close_on_failure /src/opusfile/src/opusfile.c:1643:6
#8 0x5306bc in op_open_memory /src/opusfile/src/opusfile.c:1656:10
#9 0x521156 in LLVMFuzzerTestOneInput /src/opusfile_fuzzer.c:28:21
#10 0x4589d1 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:556:15
#11 0x458115 in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool*) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:470:3
#12 0x45a1e7 in fuzzer::Fuzzer::MutateAndTestOne() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:698:19
#13 0x45ac65 in fuzzer::Fuzzer::Loop(std::__Fuzzer::vector<fuzzer::SizedFile, fuzzer::fuzzer_allocator<fuzzer::SizedFile> >&) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:832:5
#14 0x449c3e in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:826:6
#15 0x472412 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:19:10
#16 0x7f2b5b9f282f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
#17 0x41e348 in _start (/out/opusfile_fuzzer+0x41e348)
Uninitialized value was created by an allocation of 'op' in the stack frame of function 'op_fetch_headers_impl'
#0 0x545290 in op_fetch_headers_impl /src/opusfile/src/opusfile.c:479
SUMMARY: MemorySanitizer: use-of-uninitialized-value /src/llvm-project/compiler-rt/lib/msan/../sanitizer_common/sanitizer_common_interceptors.inc:877:10 in memcmp
Exiting
MS: 1 ShuffleBytes-; base unit: 7ad6badc7f6183245188ffe9997c3fb4b1bfd87e
artifact_prefix='./'; Test unit written to ./crash-27dee5063df1205fedd18a946d4e909f325ec2fb
【问题复现】
python infra/helper.py reproduce opusfile opusfile_fuzzer crash-27dee5063df1205fedd18a946d4e909f325ec2fb
FileDragTip
