【环境信息】
x86
【测试版本】
Name: re2
Version: 20160401
Release: 8
【注意事项】
受影响版本排查(受影响/不受影响)
1、master
2、openEuler-LTS-20.03
3、openEuler-LTS-20.03-SP1
4、openEuler-LTS-20.03-Next
5、openEuler-20.09
【测试步骤】
1、编译
python3 infra/helper.py build_fuzzers --sanitizer memory re2
2、执行
python3 infra/helper.py run_fuzzer re2 re2_fuzzer -rss_limit_mb=0
【报错信息】
==13==WARNING: MemorySanitizer: use-of-uninitialized-value
#0 0x6164d5 in contains /src/re2/./util/sparse_set.h:134:52
#1 0x6164d5 in re2::Prog::MarkRoots(re2::SparseArray<int>*, re2::SparseSet*, std::__1::vector<int, std::__1::allocator<int> >*) /src/re2/re2/prog.cc:429:12
#2 0x61262e in re2::Prog::Flatten() /src/re2/re2/prog.cc:371:3
#3 0x5a0ac2 in re2::Compiler::Finish() /src/re2/re2/compile.cc:1240:10
#4 0x59e7b3 in re2::Compiler::Compile(re2::Regexp*, bool, long) /src/re2/re2/compile.cc:1218:12
#5 0x52750f in re2::RE2::Init(re2::StringPiece const&, re2::RE2::Options const&) /src/re2/re2/re2.cc:212:27
#6 0x529e99 in re2::RE2::RE2(re2::StringPiece const&, re2::RE2::Options const&) /src/re2/re2/re2.cc:118:3
#7 0x523377 in Test(re2::StringPiece, re2::RE2::Options const&, re2::StringPiece) /src/re2/re2/fuzzing/re2_fuzzer.cc:21:7
#8 0x5257d6 in LLVMFuzzerTestOneInput /src/re2/re2/fuzzing/re2_fuzzer.cc:85:3
#9 0x45aa71 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:556:15
#10 0x45a1b5 in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool*) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:470:3
#11 0x45c77a in fuzzer::Fuzzer::ReadAndExecuteSeedCorpora(std::__Fuzzer::vector<fuzzer::SizedFile, fuzzer::fuzzer_allocator<fuzzer::SizedFile> >&) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:748:5
#12 0x45ca09 in fuzzer::Fuzzer::Loop(std::__Fuzzer::vector<fuzzer::SizedFile, fuzzer::fuzzer_allocator<fuzzer::SizedFile> >&) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:794:3
#13 0x44bcde in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:826:6
#14 0x4744b2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:19:10
#15 0x7f972438b82f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
#16 0x4203e8 in _start (/out/re2_fuzzer+0x4203e8)
Uninitialized value was created by a heap allocation
#0 0x522309 in operator new[](unsigned long) /src/llvm-project/compiler-rt/lib/msan/msan_new_delete.cpp:47:37
#1 0x611fee in SparseSet /src/re2/./util/sparse_set.h:61:24
#2 0x611fee in re2::Prog::Flatten() /src/re2/re2/prog.cc:364:13
#3 0x5a0ac2 in re2::Compiler::Finish() /src/re2/re2/compile.cc:1240:10
#4 0x59e7b3 in re2::Compiler::Compile(re2::Regexp*, bool, long) /src/re2/re2/compile.cc:1218:12
#5 0x52750f in re2::RE2::Init(re2::StringPiece const&, re2::RE2::Options const&) /src/re2/re2/re2.cc:212:27
#6 0x529e99 in re2::RE2::RE2(re2::StringPiece const&, re2::RE2::Options const&) /src/re2/re2/re2.cc:118:3
#7 0x523377 in Test(re2::StringPiece, re2::RE2::Options const&, re2::StringPiece) /src/re2/re2/fuzzing/re2_fuzzer.cc:21:7
#8 0x5257d6 in LLVMFuzzerTestOneInput /src/re2/re2/fuzzing/re2_fuzzer.cc:85:3
#9 0x45aa71 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:556:15
#10 0x45a1b5 in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool*) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:470:3
#11 0x45c77a in fuzzer::Fuzzer::ReadAndExecuteSeedCorpora(std::__Fuzzer::vector<fuzzer::SizedFile, fuzzer::fuzzer_allocator<fuzzer::SizedFile> >&) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:748:5
#12 0x45ca09 in fuzzer::Fuzzer::Loop(std::__Fuzzer::vector<fuzzer::SizedFile, fuzzer::fuzzer_allocator<fuzzer::SizedFile> >&) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:794:3
#13 0x44bcde in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:826:6
#14 0x4744b2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:19:10
#15 0x7f972438b82f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
SUMMARY: MemorySanitizer: use-of-uninitialized-value /src/re2/./util/sparse_set.h:134:52 in contains
Unique heap origins: 60
Stack depot allocated bytes: 7224
Unique origin histories: 8
History depot allocated bytes: 192
Exiting
MS: 0 ; base unit: 0000000000000000000000000000000000000000
0xa,
\x0a
artifact_prefix='./'; Test unit written to ./crash-adc83b19e793491b1c6ea0fd8b46cd9f32e592fc
Base64: Cg==
【问题复现】
python3 infra/helper.py reproduce re2 re2_fuzzer crash-adc83b19e793491b1c6ea0fd8b46cd9f32e592fc
原因:使用了一些未初始化的变量,导致报错
解决方案:re2可以升级到2020-08-01版本,没有检测出fuzz问题
此处可能存在不合适展示的内容,页面不予展示。您可通过相关编辑功能自查并修改。
如您确认内容无涉及 不当用语 / 纯广告导流 / 暴力 / 低俗色情 / 侵权 / 盗版 / 虚假 / 无价值内容或违法国家有关法律法规的内容,可点击提交进行申诉,我们将尽快为您处理。
本次升级涉及分支关联PR:
master分支: !4:upgrade to 20200801:upgrade to 20200801
20.09分支: !5:upgrade to 20200801:upgrade to 20200801
20.03-LTS分支: !6:upgrade to 20200801:upgrade to 20200801
20.03-LTS-Next分支: !7:upgrade to 20200801:upgrade to 20200801
20.03-LTS-SP1分支: !8:upgrade to 20200801:upgrade to 20200801
登录 后才可以发表评论