登录
注册
开源
企业版
高校版
搜索
帮助中心
使用条款
关于我们
开源
企业版
高校版
私有云
模力方舟
AI 队友
登录
注册
Gitee 年度开源项目评选中~
代码拉取完成,页面将自动刷新
仓库状态说明
捐赠
捐赠前请先登录
取消
前往登录
扫描微信二维码支付
取消
支付完成
支付提示
将跳转至支付宝完成支付
确定
取消
Watch
不关注
关注所有动态
仅关注版本发行动态
关注但不提醒动态
123
Star
0
Fork
13
src-openEuler
/
sleuthkit
关闭
代码
Issues
1
Pull Requests
2
Wiki
统计
流水线
服务
JavaDoc
PHPDoc
质量分析
Jenkins for Gitee
腾讯云托管
腾讯云 Serverless
悬镜安全
阿里云 SAE
Codeblitz
SBOM
我知道了,不再自动展开
更新失败,请稍后重试!
移除标识
内容风险标识
本任务被
标识为内容中包含有代码安全 Bug 、隐私泄露等敏感信息,仓库外成员不可访问
【fuzz】sleuthkit --sanitizer undefined runtime error
已验收
#I4UQPN
缺陷
wangxiaoya
创建于
2022-02-22 15:10
环境信息】 x86 【测试版本】 Name: sleuthkit Version: 4.6.7 【注意事项】 受影响版本排查(受影响/不受影响) 1、master 2、openEuler-20.03-LTS-SP3 3、openEuler-20.03-LTS-SP1 4、openEuler-20.03-LTS-SP2 5、openEuler-20.03-LTS 6、openEuler-21.03 7、openEuler-20.03-LTS-Next 8、openEuler-21.09 9、openEuler-22.03-LTS 10、openEuler-22.03-LTS-Next 11、openEuler-20.09 12、wzs 一、【测试步骤】 1、编译 python3 infra/helper.py build_fuzzers --sanitizer undefined sleuthkit 2、执行 python3 infra/helper.py run_fuzzer sleuthkit sleuthkit_fls_ext_fuzzer 【报错信息】 img_io.c:155:22: runtime error: index 601295421464 out of bounds for type 'char [65536]' #0 0x525b77 in tsk_img_read /src/sleuthkit/tsk/img/img_io.c:155:22 #1 0x56642d in tsk_fs_read /src/sleuthkit/tsk/fs/fs_io.c:116:16 #2 0x52b7a6 in ext2fs_open /src/sleuthkit/tsk/fs/ext2fs.c:3239:11 #3 0x4b8a16 in tsk_fs_open_img /src/sleuthkit/tsk/fs/fs_open.c:169:16 #4 0x4b07a6 in LLVMFuzzerTestOneInput /src/sleuthkit_fls_fuzzer.cc:33:8 #5 0x4418f1 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:556:15 #6 0x441035 in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool*) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:470:3 #7 0x443107 in fuzzer::Fuzzer::MutateAndTestOne() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:698:19 #8 0x443b85 in fuzzer::Fuzzer::Loop(std::__Fuzzer::vector<fuzzer::SizedFile, fuzzer::fuzzer_allocator<fuzzer::SizedFile> >&) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:832:5 #9 0x432b5e in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:826:6 #10 0x45b332 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:19:10 #11 0x7fa244e0782f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f) #12 0x407268 in _start (/out/sleuthkit_fls_ext_fuzzer+0x407268) SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior img_io.c:155:22 in MS: 2 ShuffleBytes-CrossOver-; base unit: 63ee93b5530284da978e14655ec975d8943c8fd6 artifact_prefix='./'; Test unit written to ./crash-45df8589f294bca60ef5b5c7aaa06599dd1b5ac7 【预期结果】 运行无异常 【实际结果】 runtime error: index 601295421464 out of bounds for type 'char [65536]' 二、【测试步骤】 1、编译 python3 infra/helper.py build_fuzzers --sanitizer undefined sleuthkit 2、执行 python3 infra/helper.py run_fuzzer sleuthkit sleuthkit_fls_fat_fuzzer 【报错信息】 img_io.c:155:22: runtime error: index 12884901892 out of bounds for type 'char [65536]' #0 0x525b77 in tsk_img_read /src/sleuthkit/tsk/img/img_io.c:155:22 #1 0x56642d in tsk_fs_read /src/sleuthkit/tsk/fs/fs_io.c:116:16 #2 0x53dc3a in fatfs_open /src/sleuthkit/tsk/fs/fatfs.c:92:22 #3 0x4b8804 in tsk_fs_open_img /src/sleuthkit/tsk/fs/fs_open.c:163:16 #4 0x4b07a6 in LLVMFuzzerTestOneInput /src/sleuthkit_fls_fuzzer.cc:33:8 #5 0x4418f1 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:556:15 #6 0x441035 in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool*) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:470:3 #7 0x443107 in fuzzer::Fuzzer::MutateAndTestOne() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:698:19 #8 0x443b85 in fuzzer::Fuzzer::Loop(std::__Fuzzer::vector<fuzzer::SizedFile, fuzzer::fuzzer_allocator<fuzzer::SizedFile> >&) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:832:5 #9 0x432b5e in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:826:6 #10 0x45b332 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:19:10 #11 0x7f8de7d0282f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f) #12 0x407268 in _start (/out/sleuthkit_fls_fat_fuzzer+0x407268) SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior img_io.c:155:22 in MS: 5 CopyPart-ChangeBinInt-CopyPart-InsertRepeatedBytes-CrossOver-; base unit: 9f955d5ffbcbf53359e4266d0b644af7c07d6543 artifact_prefix='./'; Test unit written to ./crash-4bab17d23bcee642d2f199df77479546bf25f9b6 【预期结果】 运行无异常 【实际结果】 runtime error: index 601295421464 out of bounds for type 'char [65536]' 【复现步骤】 python3 infra/helper.py reproduce sleuthkit sleuthkit_fls_fat_fuzzer crash-4bab17d23bcee642d2f199df77479546bf25f9b6 【复现步骤】 python3 infra/helper.py reproduce sleuthkit sleuthkit_fls_ext_fuzzer crash-45df8589f294bca60ef5b5c7aaa06599dd1b5ac7 三、【测试步骤】 1、编译 python3 infra/helper.py build_fuzzers --sanitizer undefined sleuthkit 2、执行 python3 infra/helper.py run_fuzzer sleuthkit sleuthkit_fls_hfs_fuzzer 【报错信息】 img_io.c:155:22: runtime error: index 12884902912 out of bounds for type 'char [65536]' #0 0x525b77 in tsk_img_read /src/sleuthkit/tsk/img/img_io.c:155:22 #1 0x56642d in tsk_fs_read /src/sleuthkit/tsk/fs/fs_io.c:116:16 #2 0x4b8d3f in hfs_checked_read_random /src/sleuthkit/tsk/fs/hfs.c:241:9 #3 0x4bcc5a in hfs_open /src/sleuthkit/tsk/fs/hfs.c:6560:9 #4 0x4b8af8 in tsk_fs_open_img /src/sleuthkit/tsk/fs/fs_open.c:172:16 #5 0x4b07a6 in LLVMFuzzerTestOneInput /src/sleuthkit_fls_fuzzer.cc:33:8 #6 0x4418f1 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:556:15 #7 0x441035 in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool*) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:470:3 #8 0x443107 in fuzzer::Fuzzer::MutateAndTestOne() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:698:19 #9 0x443b85 in fuzzer::Fuzzer::Loop(std::__Fuzzer::vector<fuzzer::SizedFile, fuzzer::fuzzer_allocator<fuzzer::SizedFile> >&) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:832:5 #10 0x432b5e in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:826:6 #11 0x45b332 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:19:10 #12 0x7fcd8b0a882f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f) #13 0x407268 in _start (/out/sleuthkit_fls_hfs_fuzzer+0x407268) SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior img_io.c:155:22 in MS: 5 PersAutoDict-ChangeBinInt-ChangeASCIIInt-InsertRepeatedBytes-CrossOver- DE: "\x00\x04\x00\x00\x00\x00\x00\x00"-; base unit: b866a669f132b2fef175dce4599c2685d52bab18 artifact_prefix='./'; Test unit written to ./crash-2ab96f4d66cbf11777046866c8cb600fcd31f0f7 【预期结果】 运行无异常 【实际结果】 runtime error: index 601295421464 out of bounds for type 'char [65536]' 【复现步骤】 python3 infra/helper.py reproduce sleuthkit sleuthkit_fls_hfs_fuzzer crash-2ab96f4d66cbf11777046866c8cb600fcd31f0f7 四、【测试步骤】 1、编译 python3 infra/helper.py build_fuzzers --sanitizer undefined sleuthkit 2、执行 python3 infra/helper.py run_fuzzer sleuthkit sleuthkit_fls_ntfs_fuzzer 【报错信息】 img_io.c:155:22: runtime error: index 4105988733976 out of bounds for type 'char [65536]' #0 0x525b77 in tsk_img_read /src/sleuthkit/tsk/img/img_io.c:155:22 #1 0x56642d in tsk_fs_read /src/sleuthkit/tsk/fs/fs_io.c:116:16 #2 0x4dfc34 in ntfs_open /src/sleuthkit/tsk/fs/ntfs.c:4991:11 #3 0x4b887a in tsk_fs_open_img /src/sleuthkit/tsk/fs/fs_open.c:160:16 #4 0x4b07a6 in LLVMFuzzerTestOneInput /src/sleuthkit_fls_fuzzer.cc:33:8 #5 0x4418f1 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:556:15 #6 0x441035 in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool*) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:470:3 #7 0x443107 in fuzzer::Fuzzer::MutateAndTestOne() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:698:19 #8 0x443b85 in fuzzer::Fuzzer::Loop(std::__Fuzzer::vector<fuzzer::SizedFile, fuzzer::fuzzer_allocator<fuzzer::SizedFile> >&) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:832:5 #9 0x432b5e in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:826:6 #10 0x45b332 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:19:10 #11 0x7f610eeb482f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f) #12 0x407268 in _start (/out/sleuthkit_fls_ntfs_fuzzer+0x407268) SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior img_io.c:155:22 in MS: 2 CMP-CrossOver- DE: "\xff\x1f"-; base unit: 4712db02a1234f9ee477ca5589e28001b12615d5 0xf3,0xff,0xff,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0xa,0x1,0x2,0x0,0x0,0x0,0xa,0x0,0x0,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0x35,0xa,0x21,0xff,0xff,0xff,0xff,0xff,0xff,0x81,0x1,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xb0,0xb0,0xb0,0xb0,0xb0,0x81,0xb0,0xb0,0x26,0xb0,0xb0,0xb0,0xb0,0xb0,0xb0,0xb0,0xb0,0x0,0x0,0x0,0xb0,0xb0,0xb0,0xb0,0xb0,0xb0,0xb0,0xb0,0xb0,0xb0,0xb0,0xb0,0xb0,0x1,0x0,0xf3,0xb0,0xb0,0x0,0x0,0x0,0x81,0x81,0x0,0x8d,0x0,0x0,0x1,0x0,0x1,0x1,0x0,0x1,0xf3,0xff,0xff,0xff,0x81,0x36,0x3f,0xa,0x0,0x0,0x0,0xb0,0x0,0x81,0xa,0x1,0x81,0x35,0x81,0x1,0x3f,0xa,0x81,0xa,0x1,0x81,0x1,0x35,0x81,0x35,0xf3,0x81,0xa,0xa,0x1,0x1,0x1,0x81,0x0,0x0,0x81,0x35,0x35,0x81,0x1,0x81,0x26,0x81,0x0,0x81,0xa,0xa,0x1,0x0,0x0,0x81,0x0,0x0,0x1,0x0,0x0,0xf3,0x35,0xf3,0xff,0xff,0xff,0x81,0x35,0x3f,0xa,0x0,0x1,0xb0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0, \xf3\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0a\x01\x02\x00\x00\x00\x0a\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff5\x0a!\xff\xff\xff\xff\xff\xff\x81\x01\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xb0\xb0\xb0\xb0\xb0\x81\xb0\xb0&\xb0\xb0\xb0\xb0\xb0\xb0\xb0\xb0\x00\x00\x00\xb0\xb0\xb0\xb0\xb0\xb0\xb0\xb0\xb0\xb0\xb0\xb0\xb0\x01\x00\xf3\xb0\xb0\x00\x00\x00\x81\x81\x00\x8d\x00\x00\x01\x00\x01\x01\x00\x01\xf3\xff\xff\xff\x816?\x0a\x00\x00\x00\xb0\x00\x81\x0a\x01\x815\x81\x01?\x0a\x81\x0a\x01\x81\x015\x815\xf3\x81\x0a\x0a\x01\x01\x01\x81\x00\x00\x8155\x81\x01\x81&\x81\x00\x81\x0a\x0a\x01\x00\x00\x81\x00\x00\x01\x00\x00\xf35\xf3\xff\xff\xff\x815?\x0a\x00\x01\xb0\x00\x00\x00\x00\x00\x00\x00\x00 artifact_prefix='./'; Test unit written to ./crash-969de07f4cb5df9b3b27ef0914033d407613fb1e Base64: 8///AAAAAAAAAAAAAAAAAAAAAAAKAQIAAAAKAAD/////////////////////////////NQoh////////gQH/////////////////////////////sLCwsLCBsLAmsLCwsLCwsLAAAACwsLCwsLCwsLCwsLCwAQDzsLAAAACBgQCNAAABAAEBAAHz////gTY/CgAAALAAgQoBgTWBAT8KgQoBgQE1gTXzgQoKAQEBgQAAgTU1gQGBJoEAgQoKAQAAgQAAAQAA8zXz////gTU/CgABsAAAAAAAAAAA 【预期结果】 运行无异常 【实际结果】 UndefinedBehaviorSanitizer 【复现步骤】 python3 infra/helper.py reproduce sleuthkit sleuthkit_fls_ntfs_fuzzer crash-969de07f4cb5df9b3b27ef0914033d407613fb1e 五、【测试步骤】 1、编译 python3 infra/helper.py build_fuzzers --sanitizer undefined sleuthkit 2、执行 python3 infra/helper.py run_fuzzer sleuthkit sleuthkit_mmls_dos_fuzzer 【报错信息】 img_io.c:155:22: runtime error: index 7541745597169641898 out of bounds for type 'char [65536]' #0 0x4bdfb7 in tsk_img_read /src/sleuthkit/tsk/img/img_io.c:155:22 #1 0x4bb9ab in tsk_vs_read_block /src/sleuthkit/tsk/vs/mm_io.c:42:12 #2 0x4b57c8 in dos_load_prim_table /src/sleuthkit/tsk/vs/dos.c:858:11 #3 0x4b55b8 in tsk_vs_dos_open /src/sleuthkit/tsk/vs/dos.c:1097:9 #4 0x4b05dc in tsk_vs_open /src/sleuthkit/tsk/vs/mm_open.c:188:20 #5 0x4b0125 in LLVMFuzzerTestOneInput /src/sleuthkit_mmls_fuzzer.cc:38:8 #6 0x441271 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:556:15 #7 0x4409b5 in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool*) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:470:3 #8 0x442a87 in fuzzer::Fuzzer::MutateAndTestOne() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:698:19 #9 0x443505 in fuzzer::Fuzzer::Loop(std::__Fuzzer::vector<fuzzer::SizedFile, fuzzer::fuzzer_allocator<fuzzer::SizedFile> >&) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:832:5 #10 0x4324de in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:826:6 #11 0x45acb2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:19:10 #12 0x7fb2c3c9d82f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f) #13 0x406be8 in _start (/out/sleuthkit_mmls_dos_fuzzer+0x406be8) SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior img_io.c:155:22 in MS: 1 CrossOver-; base unit: a1c522175c05e622008a35f9474b2ef44b2ba585 artifact_prefix='./'; Test unit written to ./crash-a23e73c0f662735503f12fdb53a7ddd3b59e4c0 【预期结果】 运行无异常 【实际结果】 UndefinedBehaviorSanitizer 【复现步骤】 python3 infra/helper.py reproduce sleuthkit sleuthkit_mmls_dos_fuzzer crash-a23e73c0f662735503f12fdb53a7ddd3b59e4c0 六、【测试步骤】 1、编译 python3 infra/helper.py build_fuzzers --sanitizer undefined sleuthkit 2、执行 python3 infra/helper.py run_fuzzer sleuthkit sleuthkit_mmls_gpt_fuzzer 【报错信息】 img_io.c:155:22: runtime error: index 20847771253784 out of bounds for type 'char [65536]' #0 0x4bdfb7 in tsk_img_read /src/sleuthkit/tsk/img/img_io.c:155:22 #1 0x4bb9ab in tsk_vs_read_block /src/sleuthkit/tsk/vs/mm_io.c:42:12 #2 0x4b893a in gpt_load_table /src/sleuthkit/tsk/vs/gpt.c:59:15 #3 0x4b8360 in tsk_vs_gpt_open /src/sleuthkit/tsk/vs/gpt.c:340:9 #4 0x4b0597 in tsk_vs_open /src/sleuthkit/tsk/vs/mm_open.c:196:20 #5 0x4b0125 in LLVMFuzzerTestOneInput /src/sleuthkit_mmls_fuzzer.cc:38:8 #6 0x441271 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:556:15 #7 0x4409b5 in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool*) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:470:3 #8 0x442a87 in fuzzer::Fuzzer::MutateAndTestOne() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:698:19 #9 0x443505 in fuzzer::Fuzzer::Loop(std::__Fuzzer::vector<fuzzer::SizedFile, fuzzer::fuzzer_allocator<fuzzer::SizedFile> >&) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:832:5 #10 0x4324de in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:826:6 #11 0x45acb2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:19:10 #12 0x7f748f98b82f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f) #13 0x406be8 in _start (/out/sleuthkit_mmls_gpt_fuzzer+0x406be8) SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior img_io.c:155:22 in MS: 5 ChangeBit-CopyPart-PersAutoDict-InsertByte-CrossOver- DE: "\x01\x00"-; base unit: 117af31b8af4b8578e12b34f8b2d473428a92a67 0x0,0x0,0xff,0x0,0xa,0x0,0x0,0xfe,0xff,0x9,0x9,0x9,0xff,0x0,0x0,0x0,0x5,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0xff,0x0,0xa,0x0,0x0,0x9,0xff,0x0,0x9,0x9,0x9,0xff,0xff,0xff,0x0,0x0,0x0,0x0,0x0,0xff,0xff,0xff,0xff,0x0,0x0,0xff,0x9,0x0,0xff,0xff,0xff,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0, \x00\x00\xff\x00\x0a\x00\x00\xfe\xff\x09\x09\x09\xff\x00\x00\x00\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\x00\x0a\x00\x00\x09\xff\x00\x09\x09\x09\xff\xff\xff\x00\x00\x00\x00\x00\xff\xff\xff\xff\x00\x00\xff\x09\x00\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00 artifact_prefix='./'; Test unit written to ./crash-1ed78f389a5a83ccbc32515ab2bc256d5864e0e2 Base64: AAD/AAoAAP7/CQkJ/wAAAAUAAAAAAAAAAAAAAAAAAAD/AAoAAAn/AAkJCf///wAAAAAA/////wAA/wkA////AAAAAAAAAAAAAAA= 【预期结果】 运行无异常 【实际结果】 UndefinedBehaviorSanitizer 【复现步骤】 python3 infra/helper.py reproduce sleuthkit sleuthkit_mmls_gpt_fuzzer crash-1ed78f389a5a83ccbc32515ab2bc256d5864e0e2 七、【测试步骤】 1、编译 python3 infra/helper.py build_fuzzers --sanitizer undefined sleuthkit 2、执行 python3 infra/helper.py run_fuzzer sleuthkit sleuthkit_mmls_mac_fuzzer 【报错信息】 img_io.c:155:22: runtime error: index 4294964326 out of bounds for type 'char [65536]' #0 0x4bdfb7 in tsk_img_read /src/sleuthkit/tsk/img/img_io.c:155:22 #1 0x4bb9ab in tsk_vs_read_block /src/sleuthkit/tsk/vs/mm_io.c:42:12 #2 0x4bb0e5 in mac_load_table /src/sleuthkit/tsk/vs/mac.c:58:15 #3 0x4bacb8 in tsk_vs_mac_open /src/sleuthkit/tsk/vs/mac.c:228:9 #4 0x4b0610 in tsk_vs_open /src/sleuthkit/tsk/vs/mm_open.c:190:20 #5 0x4b0125 in LLVMFuzzerTestOneInput /src/sleuthkit_mmls_fuzzer.cc:38:8 #6 0x441271 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:556:15 #7 0x4409b5 in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool*) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:470:3 #8 0x442a87 in fuzzer::Fuzzer::MutateAndTestOne() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:698:19 #9 0x443505 in fuzzer::Fuzzer::Loop(std::__Fuzzer::vector<fuzzer::SizedFile, fuzzer::fuzzer_allocator<fuzzer::SizedFile> >&) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:832:5 #10 0x4324de in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:826:6 #11 0x45acb2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:19:10 #12 0x7f3d666d482f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f) #13 0x406be8 in _start (/out/sleuthkit_mmls_mac_fuzzer+0x406be8) SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior img_io.c:155:22 in MS: 1 CrossOver-; base unit: 645e2d1d5221bf7837df1f3b2bd8807f3a5be672 artifact_prefix='./'; Test unit written to ./crash-dc97812393400f2e20cad0fc5795f6f38bca8837 【预期结果】 运行无异常 【实际结果】 UndefinedBehaviorSanitizer 【复现步骤】 python3 infra/helper.py reproduce sleuthkit sleuthkit_mmls_mac_fuzzer crash-dc97812393400f2e20cad0fc5795f6f38bca8837 八、【测试步骤】 1、编译 python3 infra/helper.py build_fuzzers --sanitizer undefined sleuthkit 2、执行 python3 infra/helper.py run_fuzzer sleuthkit sleuthkit_mmls_sun_fuzzer 【报错信息】 img_io.c:155:22: runtime error: index 28316719384507 out of bounds for type 'char [65536]' #0 0x4bdfb7 in tsk_img_read /src/sleuthkit/tsk/img/img_io.c:155:22 #1 0x4bb9ab in tsk_vs_read_block /src/sleuthkit/tsk/vs/mm_io.c:42:12 #2 0x4b1a99 in sun_load_table /src/sleuthkit/tsk/vs/sun.c:250:11 #3 0x4b1890 in tsk_vs_sun_open /src/sleuthkit/tsk/vs/sun.c:386:9 #4 0x4b05f6 in tsk_vs_open /src/sleuthkit/tsk/vs/mm_open.c:194:20 #5 0x4b0125 in LLVMFuzzerTestOneInput /src/sleuthkit_mmls_fuzzer.cc:38:8 #6 0x441271 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:556:15 #7 0x4409b5 in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool*) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:470:3 #8 0x442a87 in fuzzer::Fuzzer::MutateAndTestOne() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:698:19 #9 0x443505 in fuzzer::Fuzzer::Loop(std::__Fuzzer::vector<fuzzer::SizedFile, fuzzer::fuzzer_allocator<fuzzer::SizedFile> >&) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:832:5 #10 0x4324de in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:826:6 #11 0x45acb2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:19:10 #12 0x7ff1c256982f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f) #13 0x406be8 in _start (/out/sleuthkit_mmls_sun_fuzzer+0x406be8) SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior img_io.c:155:22 in MS: 2 ChangeBit-CrossOver-; base unit: da4b9237bacccdf19c0760cab7aec4a8359010b0 0x2c,0xa,0xff,0x2d,0x0,0x2c,0xa,0x78,0x0,0xa,0x78,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0x78,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xff,0xff,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf2,0xff,0xff,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0x4,0x0,0x2c,0xd,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0x4,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0x2d,0x0,0x2c,0xa,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xff,0xff,0xff,0xff,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xe,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xff,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xa,0xf0,0xf0,0xf0,0xf0,0xe,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xfc,0x0,0xe,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0, ,\x0a\xff-\x00,\x0ax\x00\x0ax\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0x\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xff\xff\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf2\xff\xff\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\x04\x00,\x0d\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\x04\xff\xff\xff\xff\xff\xff\xff\xff\xff-\x00,\x0a\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xff\xff\xff\xff\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\x0e\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xff\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\x0a\xf0\xf0\xf0\xf0\x0e\xf0\xf0\xf0\xf0\xf0\xf0\xfc\x00\x0e\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00 artifact_prefix='./'; Test unit written to ./crash-e3aae5be525f9ceb2b0a3220ec957c74b16a9672 Base64: LAr/LQAsCngACnjw8PDw8PDw8PB48PDw8PDw8PDw8PDw8PDw8PDw8PDw8PDw8PDw8PDw8PDw///w8PDw8PDw8PDy///w8PDw8PDw8PDw8PDw8PDw8PAEACwN8PDw8PDw8PDw8PDwBP///////////y0ALArw8PDw8PDw8PDw//////Dw8PDw8PDw8PDw8PDw8PDw8PDw8PAO8PDw8PDw8PDw8PDw8PDw8PDw8PDw8PDw8PDw8PDw//Dw8PDw8PDw8Arw8PDwDvDw8PDw8PwADgAAAAAAAAAAAAAA 【预期结果】 运行无异常 【实际结果】 UndefinedBehaviorSanitizer 【复现步骤】 python3 infra/helper.py reproduce sleuthkit sleuthkit_mmls_sun_fuzzer crash-e3aae5be525f9ceb2b0a3220ec957c74b16a9672
环境信息】 x86 【测试版本】 Name: sleuthkit Version: 4.6.7 【注意事项】 受影响版本排查(受影响/不受影响) 1、master 2、openEuler-20.03-LTS-SP3 3、openEuler-20.03-LTS-SP1 4、openEuler-20.03-LTS-SP2 5、openEuler-20.03-LTS 6、openEuler-21.03 7、openEuler-20.03-LTS-Next 8、openEuler-21.09 9、openEuler-22.03-LTS 10、openEuler-22.03-LTS-Next 11、openEuler-20.09 12、wzs 一、【测试步骤】 1、编译 python3 infra/helper.py build_fuzzers --sanitizer undefined sleuthkit 2、执行 python3 infra/helper.py run_fuzzer sleuthkit sleuthkit_fls_ext_fuzzer 【报错信息】 img_io.c:155:22: runtime error: index 601295421464 out of bounds for type 'char [65536]' #0 0x525b77 in tsk_img_read /src/sleuthkit/tsk/img/img_io.c:155:22 #1 0x56642d in tsk_fs_read /src/sleuthkit/tsk/fs/fs_io.c:116:16 #2 0x52b7a6 in ext2fs_open /src/sleuthkit/tsk/fs/ext2fs.c:3239:11 #3 0x4b8a16 in tsk_fs_open_img /src/sleuthkit/tsk/fs/fs_open.c:169:16 #4 0x4b07a6 in LLVMFuzzerTestOneInput /src/sleuthkit_fls_fuzzer.cc:33:8 #5 0x4418f1 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:556:15 #6 0x441035 in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool*) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:470:3 #7 0x443107 in fuzzer::Fuzzer::MutateAndTestOne() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:698:19 #8 0x443b85 in fuzzer::Fuzzer::Loop(std::__Fuzzer::vector<fuzzer::SizedFile, fuzzer::fuzzer_allocator<fuzzer::SizedFile> >&) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:832:5 #9 0x432b5e in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:826:6 #10 0x45b332 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:19:10 #11 0x7fa244e0782f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f) #12 0x407268 in _start (/out/sleuthkit_fls_ext_fuzzer+0x407268) SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior img_io.c:155:22 in MS: 2 ShuffleBytes-CrossOver-; base unit: 63ee93b5530284da978e14655ec975d8943c8fd6 artifact_prefix='./'; Test unit written to ./crash-45df8589f294bca60ef5b5c7aaa06599dd1b5ac7 【预期结果】 运行无异常 【实际结果】 runtime error: index 601295421464 out of bounds for type 'char [65536]' 二、【测试步骤】 1、编译 python3 infra/helper.py build_fuzzers --sanitizer undefined sleuthkit 2、执行 python3 infra/helper.py run_fuzzer sleuthkit sleuthkit_fls_fat_fuzzer 【报错信息】 img_io.c:155:22: runtime error: index 12884901892 out of bounds for type 'char [65536]' #0 0x525b77 in tsk_img_read /src/sleuthkit/tsk/img/img_io.c:155:22 #1 0x56642d in tsk_fs_read /src/sleuthkit/tsk/fs/fs_io.c:116:16 #2 0x53dc3a in fatfs_open /src/sleuthkit/tsk/fs/fatfs.c:92:22 #3 0x4b8804 in tsk_fs_open_img /src/sleuthkit/tsk/fs/fs_open.c:163:16 #4 0x4b07a6 in LLVMFuzzerTestOneInput /src/sleuthkit_fls_fuzzer.cc:33:8 #5 0x4418f1 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:556:15 #6 0x441035 in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool*) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:470:3 #7 0x443107 in fuzzer::Fuzzer::MutateAndTestOne() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:698:19 #8 0x443b85 in fuzzer::Fuzzer::Loop(std::__Fuzzer::vector<fuzzer::SizedFile, fuzzer::fuzzer_allocator<fuzzer::SizedFile> >&) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:832:5 #9 0x432b5e in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:826:6 #10 0x45b332 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:19:10 #11 0x7f8de7d0282f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f) #12 0x407268 in _start (/out/sleuthkit_fls_fat_fuzzer+0x407268) SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior img_io.c:155:22 in MS: 5 CopyPart-ChangeBinInt-CopyPart-InsertRepeatedBytes-CrossOver-; base unit: 9f955d5ffbcbf53359e4266d0b644af7c07d6543 artifact_prefix='./'; Test unit written to ./crash-4bab17d23bcee642d2f199df77479546bf25f9b6 【预期结果】 运行无异常 【实际结果】 runtime error: index 601295421464 out of bounds for type 'char [65536]' 【复现步骤】 python3 infra/helper.py reproduce sleuthkit sleuthkit_fls_fat_fuzzer crash-4bab17d23bcee642d2f199df77479546bf25f9b6 【复现步骤】 python3 infra/helper.py reproduce sleuthkit sleuthkit_fls_ext_fuzzer crash-45df8589f294bca60ef5b5c7aaa06599dd1b5ac7 三、【测试步骤】 1、编译 python3 infra/helper.py build_fuzzers --sanitizer undefined sleuthkit 2、执行 python3 infra/helper.py run_fuzzer sleuthkit sleuthkit_fls_hfs_fuzzer 【报错信息】 img_io.c:155:22: runtime error: index 12884902912 out of bounds for type 'char [65536]' #0 0x525b77 in tsk_img_read /src/sleuthkit/tsk/img/img_io.c:155:22 #1 0x56642d in tsk_fs_read /src/sleuthkit/tsk/fs/fs_io.c:116:16 #2 0x4b8d3f in hfs_checked_read_random /src/sleuthkit/tsk/fs/hfs.c:241:9 #3 0x4bcc5a in hfs_open /src/sleuthkit/tsk/fs/hfs.c:6560:9 #4 0x4b8af8 in tsk_fs_open_img /src/sleuthkit/tsk/fs/fs_open.c:172:16 #5 0x4b07a6 in LLVMFuzzerTestOneInput /src/sleuthkit_fls_fuzzer.cc:33:8 #6 0x4418f1 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:556:15 #7 0x441035 in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool*) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:470:3 #8 0x443107 in fuzzer::Fuzzer::MutateAndTestOne() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:698:19 #9 0x443b85 in fuzzer::Fuzzer::Loop(std::__Fuzzer::vector<fuzzer::SizedFile, fuzzer::fuzzer_allocator<fuzzer::SizedFile> >&) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:832:5 #10 0x432b5e in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:826:6 #11 0x45b332 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:19:10 #12 0x7fcd8b0a882f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f) #13 0x407268 in _start (/out/sleuthkit_fls_hfs_fuzzer+0x407268) SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior img_io.c:155:22 in MS: 5 PersAutoDict-ChangeBinInt-ChangeASCIIInt-InsertRepeatedBytes-CrossOver- DE: "\x00\x04\x00\x00\x00\x00\x00\x00"-; base unit: b866a669f132b2fef175dce4599c2685d52bab18 artifact_prefix='./'; Test unit written to ./crash-2ab96f4d66cbf11777046866c8cb600fcd31f0f7 【预期结果】 运行无异常 【实际结果】 runtime error: index 601295421464 out of bounds for type 'char [65536]' 【复现步骤】 python3 infra/helper.py reproduce sleuthkit sleuthkit_fls_hfs_fuzzer crash-2ab96f4d66cbf11777046866c8cb600fcd31f0f7 四、【测试步骤】 1、编译 python3 infra/helper.py build_fuzzers --sanitizer undefined sleuthkit 2、执行 python3 infra/helper.py run_fuzzer sleuthkit sleuthkit_fls_ntfs_fuzzer 【报错信息】 img_io.c:155:22: runtime error: index 4105988733976 out of bounds for type 'char [65536]' #0 0x525b77 in tsk_img_read /src/sleuthkit/tsk/img/img_io.c:155:22 #1 0x56642d in tsk_fs_read /src/sleuthkit/tsk/fs/fs_io.c:116:16 #2 0x4dfc34 in ntfs_open /src/sleuthkit/tsk/fs/ntfs.c:4991:11 #3 0x4b887a in tsk_fs_open_img /src/sleuthkit/tsk/fs/fs_open.c:160:16 #4 0x4b07a6 in LLVMFuzzerTestOneInput /src/sleuthkit_fls_fuzzer.cc:33:8 #5 0x4418f1 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:556:15 #6 0x441035 in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool*) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:470:3 #7 0x443107 in fuzzer::Fuzzer::MutateAndTestOne() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:698:19 #8 0x443b85 in fuzzer::Fuzzer::Loop(std::__Fuzzer::vector<fuzzer::SizedFile, fuzzer::fuzzer_allocator<fuzzer::SizedFile> >&) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:832:5 #9 0x432b5e in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:826:6 #10 0x45b332 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:19:10 #11 0x7f610eeb482f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f) #12 0x407268 in _start (/out/sleuthkit_fls_ntfs_fuzzer+0x407268) SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior img_io.c:155:22 in MS: 2 CMP-CrossOver- DE: "\xff\x1f"-; base unit: 4712db02a1234f9ee477ca5589e28001b12615d5 0xf3,0xff,0xff,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0xa,0x1,0x2,0x0,0x0,0x0,0xa,0x0,0x0,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0x35,0xa,0x21,0xff,0xff,0xff,0xff,0xff,0xff,0x81,0x1,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xb0,0xb0,0xb0,0xb0,0xb0,0x81,0xb0,0xb0,0x26,0xb0,0xb0,0xb0,0xb0,0xb0,0xb0,0xb0,0xb0,0x0,0x0,0x0,0xb0,0xb0,0xb0,0xb0,0xb0,0xb0,0xb0,0xb0,0xb0,0xb0,0xb0,0xb0,0xb0,0x1,0x0,0xf3,0xb0,0xb0,0x0,0x0,0x0,0x81,0x81,0x0,0x8d,0x0,0x0,0x1,0x0,0x1,0x1,0x0,0x1,0xf3,0xff,0xff,0xff,0x81,0x36,0x3f,0xa,0x0,0x0,0x0,0xb0,0x0,0x81,0xa,0x1,0x81,0x35,0x81,0x1,0x3f,0xa,0x81,0xa,0x1,0x81,0x1,0x35,0x81,0x35,0xf3,0x81,0xa,0xa,0x1,0x1,0x1,0x81,0x0,0x0,0x81,0x35,0x35,0x81,0x1,0x81,0x26,0x81,0x0,0x81,0xa,0xa,0x1,0x0,0x0,0x81,0x0,0x0,0x1,0x0,0x0,0xf3,0x35,0xf3,0xff,0xff,0xff,0x81,0x35,0x3f,0xa,0x0,0x1,0xb0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0, \xf3\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0a\x01\x02\x00\x00\x00\x0a\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff5\x0a!\xff\xff\xff\xff\xff\xff\x81\x01\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xb0\xb0\xb0\xb0\xb0\x81\xb0\xb0&\xb0\xb0\xb0\xb0\xb0\xb0\xb0\xb0\x00\x00\x00\xb0\xb0\xb0\xb0\xb0\xb0\xb0\xb0\xb0\xb0\xb0\xb0\xb0\x01\x00\xf3\xb0\xb0\x00\x00\x00\x81\x81\x00\x8d\x00\x00\x01\x00\x01\x01\x00\x01\xf3\xff\xff\xff\x816?\x0a\x00\x00\x00\xb0\x00\x81\x0a\x01\x815\x81\x01?\x0a\x81\x0a\x01\x81\x015\x815\xf3\x81\x0a\x0a\x01\x01\x01\x81\x00\x00\x8155\x81\x01\x81&\x81\x00\x81\x0a\x0a\x01\x00\x00\x81\x00\x00\x01\x00\x00\xf35\xf3\xff\xff\xff\x815?\x0a\x00\x01\xb0\x00\x00\x00\x00\x00\x00\x00\x00 artifact_prefix='./'; Test unit written to ./crash-969de07f4cb5df9b3b27ef0914033d407613fb1e Base64: 8///AAAAAAAAAAAAAAAAAAAAAAAKAQIAAAAKAAD/////////////////////////////NQoh////////gQH/////////////////////////////sLCwsLCBsLAmsLCwsLCwsLAAAACwsLCwsLCwsLCwsLCwAQDzsLAAAACBgQCNAAABAAEBAAHz////gTY/CgAAALAAgQoBgTWBAT8KgQoBgQE1gTXzgQoKAQEBgQAAgTU1gQGBJoEAgQoKAQAAgQAAAQAA8zXz////gTU/CgABsAAAAAAAAAAA 【预期结果】 运行无异常 【实际结果】 UndefinedBehaviorSanitizer 【复现步骤】 python3 infra/helper.py reproduce sleuthkit sleuthkit_fls_ntfs_fuzzer crash-969de07f4cb5df9b3b27ef0914033d407613fb1e 五、【测试步骤】 1、编译 python3 infra/helper.py build_fuzzers --sanitizer undefined sleuthkit 2、执行 python3 infra/helper.py run_fuzzer sleuthkit sleuthkit_mmls_dos_fuzzer 【报错信息】 img_io.c:155:22: runtime error: index 7541745597169641898 out of bounds for type 'char [65536]' #0 0x4bdfb7 in tsk_img_read /src/sleuthkit/tsk/img/img_io.c:155:22 #1 0x4bb9ab in tsk_vs_read_block /src/sleuthkit/tsk/vs/mm_io.c:42:12 #2 0x4b57c8 in dos_load_prim_table /src/sleuthkit/tsk/vs/dos.c:858:11 #3 0x4b55b8 in tsk_vs_dos_open /src/sleuthkit/tsk/vs/dos.c:1097:9 #4 0x4b05dc in tsk_vs_open /src/sleuthkit/tsk/vs/mm_open.c:188:20 #5 0x4b0125 in LLVMFuzzerTestOneInput /src/sleuthkit_mmls_fuzzer.cc:38:8 #6 0x441271 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:556:15 #7 0x4409b5 in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool*) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:470:3 #8 0x442a87 in fuzzer::Fuzzer::MutateAndTestOne() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:698:19 #9 0x443505 in fuzzer::Fuzzer::Loop(std::__Fuzzer::vector<fuzzer::SizedFile, fuzzer::fuzzer_allocator<fuzzer::SizedFile> >&) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:832:5 #10 0x4324de in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:826:6 #11 0x45acb2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:19:10 #12 0x7fb2c3c9d82f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f) #13 0x406be8 in _start (/out/sleuthkit_mmls_dos_fuzzer+0x406be8) SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior img_io.c:155:22 in MS: 1 CrossOver-; base unit: a1c522175c05e622008a35f9474b2ef44b2ba585 artifact_prefix='./'; Test unit written to ./crash-a23e73c0f662735503f12fdb53a7ddd3b59e4c0 【预期结果】 运行无异常 【实际结果】 UndefinedBehaviorSanitizer 【复现步骤】 python3 infra/helper.py reproduce sleuthkit sleuthkit_mmls_dos_fuzzer crash-a23e73c0f662735503f12fdb53a7ddd3b59e4c0 六、【测试步骤】 1、编译 python3 infra/helper.py build_fuzzers --sanitizer undefined sleuthkit 2、执行 python3 infra/helper.py run_fuzzer sleuthkit sleuthkit_mmls_gpt_fuzzer 【报错信息】 img_io.c:155:22: runtime error: index 20847771253784 out of bounds for type 'char [65536]' #0 0x4bdfb7 in tsk_img_read /src/sleuthkit/tsk/img/img_io.c:155:22 #1 0x4bb9ab in tsk_vs_read_block /src/sleuthkit/tsk/vs/mm_io.c:42:12 #2 0x4b893a in gpt_load_table /src/sleuthkit/tsk/vs/gpt.c:59:15 #3 0x4b8360 in tsk_vs_gpt_open /src/sleuthkit/tsk/vs/gpt.c:340:9 #4 0x4b0597 in tsk_vs_open /src/sleuthkit/tsk/vs/mm_open.c:196:20 #5 0x4b0125 in LLVMFuzzerTestOneInput /src/sleuthkit_mmls_fuzzer.cc:38:8 #6 0x441271 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:556:15 #7 0x4409b5 in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool*) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:470:3 #8 0x442a87 in fuzzer::Fuzzer::MutateAndTestOne() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:698:19 #9 0x443505 in fuzzer::Fuzzer::Loop(std::__Fuzzer::vector<fuzzer::SizedFile, fuzzer::fuzzer_allocator<fuzzer::SizedFile> >&) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:832:5 #10 0x4324de in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:826:6 #11 0x45acb2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:19:10 #12 0x7f748f98b82f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f) #13 0x406be8 in _start (/out/sleuthkit_mmls_gpt_fuzzer+0x406be8) SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior img_io.c:155:22 in MS: 5 ChangeBit-CopyPart-PersAutoDict-InsertByte-CrossOver- DE: "\x01\x00"-; base unit: 117af31b8af4b8578e12b34f8b2d473428a92a67 0x0,0x0,0xff,0x0,0xa,0x0,0x0,0xfe,0xff,0x9,0x9,0x9,0xff,0x0,0x0,0x0,0x5,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0xff,0x0,0xa,0x0,0x0,0x9,0xff,0x0,0x9,0x9,0x9,0xff,0xff,0xff,0x0,0x0,0x0,0x0,0x0,0xff,0xff,0xff,0xff,0x0,0x0,0xff,0x9,0x0,0xff,0xff,0xff,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0, \x00\x00\xff\x00\x0a\x00\x00\xfe\xff\x09\x09\x09\xff\x00\x00\x00\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\x00\x0a\x00\x00\x09\xff\x00\x09\x09\x09\xff\xff\xff\x00\x00\x00\x00\x00\xff\xff\xff\xff\x00\x00\xff\x09\x00\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00 artifact_prefix='./'; Test unit written to ./crash-1ed78f389a5a83ccbc32515ab2bc256d5864e0e2 Base64: AAD/AAoAAP7/CQkJ/wAAAAUAAAAAAAAAAAAAAAAAAAD/AAoAAAn/AAkJCf///wAAAAAA/////wAA/wkA////AAAAAAAAAAAAAAA= 【预期结果】 运行无异常 【实际结果】 UndefinedBehaviorSanitizer 【复现步骤】 python3 infra/helper.py reproduce sleuthkit sleuthkit_mmls_gpt_fuzzer crash-1ed78f389a5a83ccbc32515ab2bc256d5864e0e2 七、【测试步骤】 1、编译 python3 infra/helper.py build_fuzzers --sanitizer undefined sleuthkit 2、执行 python3 infra/helper.py run_fuzzer sleuthkit sleuthkit_mmls_mac_fuzzer 【报错信息】 img_io.c:155:22: runtime error: index 4294964326 out of bounds for type 'char [65536]' #0 0x4bdfb7 in tsk_img_read /src/sleuthkit/tsk/img/img_io.c:155:22 #1 0x4bb9ab in tsk_vs_read_block /src/sleuthkit/tsk/vs/mm_io.c:42:12 #2 0x4bb0e5 in mac_load_table /src/sleuthkit/tsk/vs/mac.c:58:15 #3 0x4bacb8 in tsk_vs_mac_open /src/sleuthkit/tsk/vs/mac.c:228:9 #4 0x4b0610 in tsk_vs_open /src/sleuthkit/tsk/vs/mm_open.c:190:20 #5 0x4b0125 in LLVMFuzzerTestOneInput /src/sleuthkit_mmls_fuzzer.cc:38:8 #6 0x441271 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:556:15 #7 0x4409b5 in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool*) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:470:3 #8 0x442a87 in fuzzer::Fuzzer::MutateAndTestOne() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:698:19 #9 0x443505 in fuzzer::Fuzzer::Loop(std::__Fuzzer::vector<fuzzer::SizedFile, fuzzer::fuzzer_allocator<fuzzer::SizedFile> >&) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:832:5 #10 0x4324de in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:826:6 #11 0x45acb2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:19:10 #12 0x7f3d666d482f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f) #13 0x406be8 in _start (/out/sleuthkit_mmls_mac_fuzzer+0x406be8) SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior img_io.c:155:22 in MS: 1 CrossOver-; base unit: 645e2d1d5221bf7837df1f3b2bd8807f3a5be672 artifact_prefix='./'; Test unit written to ./crash-dc97812393400f2e20cad0fc5795f6f38bca8837 【预期结果】 运行无异常 【实际结果】 UndefinedBehaviorSanitizer 【复现步骤】 python3 infra/helper.py reproduce sleuthkit sleuthkit_mmls_mac_fuzzer crash-dc97812393400f2e20cad0fc5795f6f38bca8837 八、【测试步骤】 1、编译 python3 infra/helper.py build_fuzzers --sanitizer undefined sleuthkit 2、执行 python3 infra/helper.py run_fuzzer sleuthkit sleuthkit_mmls_sun_fuzzer 【报错信息】 img_io.c:155:22: runtime error: index 28316719384507 out of bounds for type 'char [65536]' #0 0x4bdfb7 in tsk_img_read /src/sleuthkit/tsk/img/img_io.c:155:22 #1 0x4bb9ab in tsk_vs_read_block /src/sleuthkit/tsk/vs/mm_io.c:42:12 #2 0x4b1a99 in sun_load_table /src/sleuthkit/tsk/vs/sun.c:250:11 #3 0x4b1890 in tsk_vs_sun_open /src/sleuthkit/tsk/vs/sun.c:386:9 #4 0x4b05f6 in tsk_vs_open /src/sleuthkit/tsk/vs/mm_open.c:194:20 #5 0x4b0125 in LLVMFuzzerTestOneInput /src/sleuthkit_mmls_fuzzer.cc:38:8 #6 0x441271 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:556:15 #7 0x4409b5 in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool*) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:470:3 #8 0x442a87 in fuzzer::Fuzzer::MutateAndTestOne() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:698:19 #9 0x443505 in fuzzer::Fuzzer::Loop(std::__Fuzzer::vector<fuzzer::SizedFile, fuzzer::fuzzer_allocator<fuzzer::SizedFile> >&) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:832:5 #10 0x4324de in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:826:6 #11 0x45acb2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:19:10 #12 0x7ff1c256982f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f) #13 0x406be8 in _start (/out/sleuthkit_mmls_sun_fuzzer+0x406be8) SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior img_io.c:155:22 in MS: 2 ChangeBit-CrossOver-; base unit: da4b9237bacccdf19c0760cab7aec4a8359010b0 0x2c,0xa,0xff,0x2d,0x0,0x2c,0xa,0x78,0x0,0xa,0x78,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0x78,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xff,0xff,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf2,0xff,0xff,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0x4,0x0,0x2c,0xd,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0x4,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0x2d,0x0,0x2c,0xa,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xff,0xff,0xff,0xff,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xe,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xff,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xa,0xf0,0xf0,0xf0,0xf0,0xe,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xfc,0x0,0xe,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0, ,\x0a\xff-\x00,\x0ax\x00\x0ax\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0x\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xff\xff\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf2\xff\xff\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\x04\x00,\x0d\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\x04\xff\xff\xff\xff\xff\xff\xff\xff\xff-\x00,\x0a\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xff\xff\xff\xff\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\x0e\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xff\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\xf0\x0a\xf0\xf0\xf0\xf0\x0e\xf0\xf0\xf0\xf0\xf0\xf0\xfc\x00\x0e\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00 artifact_prefix='./'; Test unit written to ./crash-e3aae5be525f9ceb2b0a3220ec957c74b16a9672 Base64: LAr/LQAsCngACnjw8PDw8PDw8PB48PDw8PDw8PDw8PDw8PDw8PDw8PDw8PDw8PDw8PDw8PDw///w8PDw8PDw8PDy///w8PDw8PDw8PDw8PDw8PDw8PAEACwN8PDw8PDw8PDw8PDwBP///////////y0ALArw8PDw8PDw8PDw//////Dw8PDw8PDw8PDw8PDw8PDw8PDw8PAO8PDw8PDw8PDw8PDw8PDw8PDw8PDw8PDw8PDw8PDw//Dw8PDw8PDw8Arw8PDwDvDw8PDw8PwADgAAAAAAAAAAAAAA 【预期结果】 运行无异常 【实际结果】 UndefinedBehaviorSanitizer 【复现步骤】 python3 infra/helper.py reproduce sleuthkit sleuthkit_mmls_sun_fuzzer crash-e3aae5be525f9ceb2b0a3220ec957c74b16a9672
附件
crash-e3aae5be525f9ceb2b0a3220ec957c74b16a9672
(219 Bytes)
下载
wangxiaoya
2022-02-22 16:19
crash-dc97812393400f2e20cad0fc5795f6f38bca8837
(4.00 KB)
下载
wangxiaoya
2022-02-22 16:19
crash-a23e73c0f662735503f12fdb53a7ddd3b59e4c05
(670 Bytes)
下载
wangxiaoya
2022-02-22 16:19
crash-969de07f4cb5df9b3b27ef0914033d407613fb1e
(219 Bytes)
下载
wangxiaoya
2022-02-22 16:19
crash-45df8589f294bca60ef5b5c7aaa06599dd1b5ac7
(1.73 KB)
下载
wangxiaoya
2022-02-22 16:19
crash-4bab17d23bcee642d2f199df77479546bf25f9b6
(4.00 KB)
下载
wangxiaoya
2022-02-22 16:19
crash-2ab96f4d66cbf11777046866c8cb600fcd31f0f7
(1.80 KB)
下载
wangxiaoya
2022-02-22 16:19
crash-1ed78f389a5a83ccbc32515ab2bc256d5864e0e2
(74 Bytes)
下载
wangxiaoya
2022-02-22 16:19
评论 (
1
)
登录
后才可以发表评论
状态
已验收
待办的
已挂起
修复中
已确认
已完成
已验收
已取消
负责人
未设置
small_leek
small_leek
负责人
协作者
+负责人
+协作者
wangxiaoya
ryuo
负责人
协作者
+负责人
+协作者
标签
sig/Programming-lang
未设置
项目
未立项任务
未立项任务
里程碑
openEuler-22.03-LTS-round-1
未关联里程碑
Pull Requests
未关联
未关联
关联的 Pull Requests 被合并后可能会关闭此 issue
分支
未关联
分支 (29)
标签 (27)
master
openEuler-22.03-LTS-SP4
openEuler-22.03-LTS-SP3
openEuler-20.03-LTS-SP4
openEuler-24.03-LTS
openEuler-24.03-LTS-Next
openEuler-24.03-LTS-SP2
openEuler-24.03-LTS-SP3
openEuler-24.03-LTS-SP1
openEuler-24.09
openEuler-25.03
openEuler-25.09
sync-pr49-openEuler-22.09-to-master
openEuler-22.09
openEuler-23.03
openEuler-23.09
openEuler-22.03-LTS-Next
openEuler-22.03-LTS-SP1
openEuler-22.03-LTS-SP2
openEuler-22.03-LTS
openEuler-20.03-LTS-SP3
openEuler-20.03-LTS-SP1
openEuler-20.03-LTS-SP2
openEuler-20.03-LTS
openEuler-21.03
openEuler-20.03-LTS-Next
openEuler-21.09
openEuler-20.09
wzs
openEuler-25.09-release
openEuler-20.03-LTS-SP4-update-20250905
openEuler-22.03-LTS-SP3-update-20250905
openEuler-22.03-LTS-SP4-update-20250905
openEuler-24.03-LTS-SP2-release
openEuler-25.03-release
openEuler-24.03-LTS-SP1-release
openEuler-22.03-LTS-SP4-release
openEuler-24.09-release
openEuler-24.03-LTS-release
openEuler-22.03-LTS-SP3-release
openEuler-23.09-rc5
openEuler-22.03-LTS-SP1-release
openEuler-22.09-release
openEuler-22.09-rc5
openEuler-22.09-20220829
openEuler-22.03-LTS-20220331
openEuler-22.03-LTS-round5
openEuler-22.03-LTS-round3
openEuler-22.03-LTS-round2
openEuler-22.03-LTS-round1
openEuler-20.03-LTS-SP3-release
openEuler-20.03-LTS-SP2-20210624
openEuler-21.03-20210330
openEuler-20.09-20200929
openEuler-20.03-LTS-20200606
openEuler-20.03-LTS-tag
开始日期 - 截止日期
-
置顶选项
不置顶
置顶等级:高
置顶等级:中
置顶等级:低
优先级
不指定
严重
主要
次要
不重要
预计工期
(小时)
参与者(1)
1
https://gitee.com/src-openeuler/sleuthkit.git
git@gitee.com:src-openeuler/sleuthkit.git
src-openeuler
sleuthkit
sleuthkit
点此查找更多帮助
搜索帮助
Git 命令在线学习
如何在 Gitee 导入 GitHub 仓库
Git 仓库基础操作
企业版和社区版功能对比
SSH 公钥设置
如何处理代码冲突
仓库体积过大,如何减小?
如何找回被删除的仓库数据
Gitee 产品配额说明
GitHub仓库快速导入Gitee及同步更新
什么是 Release(发行版)
将 PHP 项目自动发布到 packagist.org
仓库举报
回到顶部
登录提示
该操作需登录 Gitee 帐号,请先登录后再操作。
立即登录
没有帐号,去注册
