登录 注册
开源 企业版 高校版 私有云 Gitee AI NEW
扫描微信二维码支付
取消
支付完成
Watch
不关注 关注所有动态 仅关注版本发行动态 关注但不提醒动态
124 Star 0 Fork 9

src-openEuler / re2

代码 Issues 0 Pull Requests 1 Wiki 统计 流水线
服务
Issues
 / 详情

【fuzz】use-of-uninitialized-value

已完成
缺陷
jinjin
创建于  
2020-12-02 14:47

【环境信息】
x86
【测试版本】
Name: re2
Version: 20160401
Release: 8
【注意事项】
受影响版本排查(受影响/不受影响)
1、master
2、openEuler-LTS-20.03
3、openEuler-LTS-20.03-SP1
4、openEuler-LTS-20.03-Next
5、openEuler-20.09
【测试步骤】
1、编译
python3 infra/helper.py build_fuzzers --sanitizer memory re2
2、执行
python3 infra/helper.py run_fuzzer re2 re2_fuzzer -rss_limit_mb=0
【报错信息】

==13==WARNING: MemorySanitizer: use-of-uninitialized-value
    #0 0x6164d5 in contains /src/re2/./util/sparse_set.h:134:52
    #1 0x6164d5 in re2::Prog::MarkRoots(re2::SparseArray<int>*, re2::SparseSet*, std::__1::vector<int, std::__1::allocator<int> >*) /src/re2/re2/prog.cc:429:12
    #2 0x61262e in re2::Prog::Flatten() /src/re2/re2/prog.cc:371:3
    #3 0x5a0ac2 in re2::Compiler::Finish() /src/re2/re2/compile.cc:1240:10
    #4 0x59e7b3 in re2::Compiler::Compile(re2::Regexp*, bool, long) /src/re2/re2/compile.cc:1218:12
    #5 0x52750f in re2::RE2::Init(re2::StringPiece const&, re2::RE2::Options const&) /src/re2/re2/re2.cc:212:27
    #6 0x529e99 in re2::RE2::RE2(re2::StringPiece const&, re2::RE2::Options const&) /src/re2/re2/re2.cc:118:3
    #7 0x523377 in Test(re2::StringPiece, re2::RE2::Options const&, re2::StringPiece) /src/re2/re2/fuzzing/re2_fuzzer.cc:21:7
    #8 0x5257d6 in LLVMFuzzerTestOneInput /src/re2/re2/fuzzing/re2_fuzzer.cc:85:3
    #9 0x45aa71 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:556:15
    #10 0x45a1b5 in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool*) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:470:3
    #11 0x45c77a in fuzzer::Fuzzer::ReadAndExecuteSeedCorpora(std::__Fuzzer::vector<fuzzer::SizedFile, fuzzer::fuzzer_allocator<fuzzer::SizedFile> >&) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:748:5
    #12 0x45ca09 in fuzzer::Fuzzer::Loop(std::__Fuzzer::vector<fuzzer::SizedFile, fuzzer::fuzzer_allocator<fuzzer::SizedFile> >&) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:794:3
    #13 0x44bcde in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:826:6
    #14 0x4744b2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:19:10
    #15 0x7f972438b82f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
    #16 0x4203e8 in _start (/out/re2_fuzzer+0x4203e8)

  Uninitialized value was created by a heap allocation
    #0 0x522309 in operator new[](unsigned long) /src/llvm-project/compiler-rt/lib/msan/msan_new_delete.cpp:47:37
    #1 0x611fee in SparseSet /src/re2/./util/sparse_set.h:61:24
    #2 0x611fee in re2::Prog::Flatten() /src/re2/re2/prog.cc:364:13
    #3 0x5a0ac2 in re2::Compiler::Finish() /src/re2/re2/compile.cc:1240:10
    #4 0x59e7b3 in re2::Compiler::Compile(re2::Regexp*, bool, long) /src/re2/re2/compile.cc:1218:12
    #5 0x52750f in re2::RE2::Init(re2::StringPiece const&, re2::RE2::Options const&) /src/re2/re2/re2.cc:212:27
    #6 0x529e99 in re2::RE2::RE2(re2::StringPiece const&, re2::RE2::Options const&) /src/re2/re2/re2.cc:118:3
    #7 0x523377 in Test(re2::StringPiece, re2::RE2::Options const&, re2::StringPiece) /src/re2/re2/fuzzing/re2_fuzzer.cc:21:7
    #8 0x5257d6 in LLVMFuzzerTestOneInput /src/re2/re2/fuzzing/re2_fuzzer.cc:85:3
    #9 0x45aa71 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:556:15
    #10 0x45a1b5 in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool*) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:470:3
    #11 0x45c77a in fuzzer::Fuzzer::ReadAndExecuteSeedCorpora(std::__Fuzzer::vector<fuzzer::SizedFile, fuzzer::fuzzer_allocator<fuzzer::SizedFile> >&) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:748:5
    #12 0x45ca09 in fuzzer::Fuzzer::Loop(std::__Fuzzer::vector<fuzzer::SizedFile, fuzzer::fuzzer_allocator<fuzzer::SizedFile> >&) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:794:3
    #13 0x44bcde in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:826:6
    #14 0x4744b2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:19:10
    #15 0x7f972438b82f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)

SUMMARY: MemorySanitizer: use-of-uninitialized-value /src/re2/./util/sparse_set.h:134:52 in contains
Unique heap origins: 60
Stack depot allocated bytes: 7224
Unique origin histories: 8
History depot allocated bytes: 192
Exiting
MS: 0 ; base unit: 0000000000000000000000000000000000000000
0xa,
\x0a
artifact_prefix='./'; Test unit written to ./crash-adc83b19e793491b1c6ea0fd8b46cd9f32e592fc
Base64: Cg==

【问题复现】
python3 infra/helper.py reproduce re2 re2_fuzzer crash-adc83b19e793491b1c6ea0fd8b46cd9f32e592fc

评论 (2)

jinjin 创建了缺陷
jinjin 负责人设置为small_leek
jinjin 关联分支设置为openEuler-20.03-LTS-SP1
jinjin 关联仓库设置为src-openEuler/re2
jinjin 上传了附件crash-adc83b19e793491b1c6ea0fd8b46cd9f32e592fc
展开全部操作日志

原因:使用了一些未初始化的变量,导致报错
解决方案:re2可以升级到2020-08-01版本,没有检测出fuzz问题

本次升级涉及分支关联PR:
master分支: !4:upgrade to 20200801:upgrade to 20200801
20.09分支: !5:upgrade to 20200801:upgrade to 20200801
20.03-LTS分支: !6:upgrade to 20200801:upgrade to 20200801
20.03-LTS-Next分支: !7:upgrade to 20200801:upgrade to 20200801
20.03-LTS-SP1分支: !8:upgrade to 20200801:upgrade to 20200801

small_leek 任务状态待办的 修改为已完成

登录 后才可以发表评论

状态
负责人
标签
未设置
项目
未立项任务
未立项任务
里程碑
openEuler-20.03-LTS-SP1-round-2
未关联
Pull Requests
未关联
未关联
关联的 Pull Requests 被合并后可能会关闭此 issue
分支
未关联
分支 (20)
标签 (17)
master
openEuler-24.03-LTS
openEuler-24.03-LTS-Next
openEuler-20.03-LTS-SP3
openEuler-20.03-LTS-SP4
openEuler-22.03-LTS-Next
openEuler-22.03-LTS-SP2
openEuler-22.03-LTS-SP3
openEuler-22.03-LTS
openEuler-23.03
openEuler-23.09
openEuler-20.03-LTS-SP1
openEuler-22.03-LTS-SP1
openEuler-22.09
openEuler-20.03-LTS
openEuler-20.03-LTS-Next
openEuler-20.03-LTS-SP2
openEuler-20.09
openEuler-21.03
openEuler-21.09
openEuler-22.03-LTS-SP3-release
openEuler-23.09-rc5
openEuler-22.03-LTS-SP1-release
openEuler-22.09-release
openEuler-22.09-rc5
openEuler-22.09-20220829
openEuler-22.03-LTS-20220331
openEuler-22.03-LTS-round5
openEuler-22.03-LTS-round3
openEuler-22.03-LTS-round2
openEuler-22.03-LTS-round1
openEuler-20.03-LTS-SP3-release
openEuler-20.03-LTS-SP2-20210624
openEuler-21.03-20210330
openEuler-20.09-20200929
openEuler-20.03-LTS-20200606
openEuler-20.03-LTS-tag
开始日期   -   截止日期
-
置顶选项
不置顶
置顶等级:高
置顶等级:中
置顶等级:低
优先级
不指定
严重
主要
次要
不重要
预计工期 (小时)
参与者(2)
1
https://gitee.com/src-openeuler/re2.git
git@gitee.com:src-openeuler/re2.git
src-openeuler
re2
re2
点此查找更多帮助

搜索帮助

Git 命令在线学习 如何在 Gitee 导入 GitHub 仓库
Git 仓库基础操作
企业版和社区版功能对比
SSH 公钥设置
如何处理代码冲突
仓库体积过大,如何减小?
如何找回被删除的仓库数据
Gitee 产品配额说明
GitHub仓库快速导入Gitee及同步更新
什么是 Release(发行版)
将 PHP 项目自动发布到 packagist.org
仓库举报
回到顶部