环境信息】
x86
【测试版本】
Name: sleuthkit
Version: 4.6.7

【注意事项】
受影响版本排查（受影响/不受影响）
1、master
2、openEuler-20.03-LTS-SP3
3、openEuler-20.03-LTS-SP1
4、openEuler-20.03-LTS-SP2
5、openEuler-20.03-LTS
6、openEuler-21.03
7、openEuler-20.03-LTS-Next
8、openEuler-21.09
9、openEuler-22.03-LTS
10、openEuler-22.03-LTS-Next
11、openEuler-20.09
12、wzs
一、【测试步骤】
1、编译
python3 infra/helper.py build_fuzzers --sanitizer address sleuthkit
2、执行
python3 infra/helper.py run_fuzzer sleuthkit sleuthkit_fls_hfs_fuzzer

【报错信息】
==11==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x61e00001668a at pc 0x00000058cbb7 bp 0x7ffe26c7a680 sp 0x7ffe26c7a678
READ of size 1 at 0x61e00001668a thread T0
SCARINESS: 12 (1-byte-read-heap-buffer-overflow)
#0 0x58cbb6 in hfs_find_highest_inum_cb /src/sleuthkit/tsk/fs/hfs.c:1778:28
#1 0x56014d in hfs_cat_traverse /src/sleuthkit/tsk/fs/hfs.c:1129:21
#2 0x575575 in hfs_find_highest_inum /src/sleuthkit/tsk/fs/hfs.c:1792:9
#3 0x56793c in hfs_open /src/sleuthkit/tsk/fs/hfs.c:6810:21
#4 0x55e58d in tsk_fs_open_img /src/sleuthkit/tsk/fs/fs_open.c:172:16
#5 0x5508a5 in LLVMFuzzerTestOneInput /src/sleuthkit_fls_fuzzer.cc:33:8
#6 0x4589c1 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:556:15
#7 0x458105 in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool*) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:470:3
#8 0x45a1d7 in fuzzer::Fuzzer::MutateAndTestOne() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:698:19
#9 0x45ac55 in fuzzer::Fuzzer::Loop(std::__Fuzzer::vector<fuzzer::SizedFile, fuzzer::fuzzer_allocatorfuzzer::SizedFile >&) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:832:5
#10 0x449c2e in fuzzer::FuzzerDriver(int*, char***, int ()(unsigned char const, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:826:6
#11 0x472402 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:19:10
#12 0x7f2e5b34182f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
#13 0x41e338 in _start (/out/sleuthkit_fls_hfs_fuzzer+0x41e338)

0x61e00001668a is located 0 bytes to the right of 2570-byte region [0x61e000015c80,0x61e00001668a)
allocated by thread T0 here:
#0 0x51e07d in malloc /src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:145:3
#1 0x60ae79 in tsk_malloc /src/sleuthkit/tsk/base/mymalloc.c:32:16
#2 0x55eff2 in hfs_cat_traverse /src/sleuthkit/tsk/fs/hfs.c:870:26
#3 0x575575 in hfs_find_highest_inum /src/sleuthkit/tsk/fs/hfs.c:1792:9
#4 0x56793c in hfs_open /src/sleuthkit/tsk/fs/hfs.c:6810:21
#5 0x55e58d in tsk_fs_open_img /src/sleuthkit/tsk/fs/fs_open.c:172:16
#6 0x5508a5 in LLVMFuzzerTestOneInput /src/sleuthkit_fls_fuzzer.cc:33:8
#7 0x4589c1 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:556:15
#8 0x458105 in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool*) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:470:3
#9 0x45a1d7 in fuzzer::Fuzzer::MutateAndTestOne() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:698:19
#10 0x45ac55 in fuzzer::Fuzzer::Loop(std::__Fuzzer::vector<fuzzer::SizedFile, fuzzer::fuzzer_allocatorfuzzer::SizedFile >&) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:832:5
#11 0x449c2e in fuzzer::FuzzerDriver(int*, char***, int ()(unsigned char const, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:826:6
#12 0x472402 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:19:10
#13 0x7f2e5b34182f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)

SUMMARY: AddressSanitizer: heap-buffer-overflow /src/sleuthkit/tsk/fs/hfs.c:1778:28 in hfs_find_highest_inum_cb
Shadow bytes around the buggy address:
0x0c3c7fffac80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c3c7fffac90: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c3c7fffaca0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c3c7fffacb0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c3c7fffacc0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0c3c7fffacd0: 00[02]fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c3c7ffface0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c3c7fffacf0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c3c7fffad00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c3c7fffad10: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c3c7fffad20: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
==11==ABORTING
MS: 2 ShuffleBytes-CopyPart-; base unit: f64e531b5fe727c05856ef0e836d4180b9454092
artifact_prefix='./'; Test unit written to ./crash-cdff9a3162823e34d63c04591442071ff1a9df72
【预期结果】
运行无异常

【实际结果】
timeout

【复现步骤】
python3 infra/helper.py reproduce sleuthkit sleuthkit_fls_hfs_fuzzer crash-cdff9a3162823e34d63c04591442071ff1a9df72