Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

flatbuffers_scalar_fuzzer assertion failure with OOM condition #8007

Closed
catenacyber opened this issue Jun 20, 2023 · 2 comments
Closed

flatbuffers_scalar_fuzzer assertion failure with OOM condition #8007

catenacyber opened this issue Jun 20, 2023 · 2 comments
Labels
stale

Comments

@catenacyber
Copy link
Contributor

Hi @aardappel

I found an assertion failure with Nallocfuzz (fuzzing engine with allocation failures google/oss-fuzz#9902) with scalar_fuzzer
(other targets look resistant)

flatbuffers/tests/fuzzer/flatbuffers_scalar_fuzzer.cc

Line 341 in 23922e7

if (orig_done) { TEST_EQ_STR(fix_back.c_str(), orig_back.c_str()); }

Input is -\03733333333333331666666666666666

Stack trace is

EXPECTED: "{"Y": 33333333834915540662556295168.0}"
VALUE: "{"Y": }"
TEST FAILED: /src/flatbuffers/tests/fuzzer/flatbuffers_scalar_fuzzer.cc:341, 'fix_back.c_str()' != 'orig_back.c_str()' in 
AddressSanitizer:DEADLYSIGNAL
=================================================================
==12==ERROR: AddressSanitizer: ILL on unknown address 0x0000003d1139 (pc 0x0000003d1139 bp 0x7ffe4a3ab5f0 sp 0x7ffe4a3ab5f0 T0)
SCARINESS: 10 (signal)
    #0 0x3d1139 in OneTimeTestInit::TestFailListener(char const*, char const*, char const*, char const*, int, char const*) /src/flatbuffers/tests/fuzzer/test_init.h:23:5
    #1 0x5a1e7d in TestFail(char const*, char const*, char const*, char const*, int, char const*) /src/flatbuffers/tests/test_assert.cpp:22:23
    #2 0x5a1f40 in TestEqStr(char const*, char const*, char const*, char const*, int, char const*) /src/flatbuffers/tests/test_assert.cpp:30:5
    #3 0x3c46fe in LLVMFuzzerTestOneInput /src/flatbuffers/tests/fuzzer/flatbuffers_scalar_fuzzer.cc:341:24
    #4 0x5a2638 in NaloFuzzerTestOneInput (/out/scalar_fuzzer+0x5a2638)
    #5 0x5c1ea3 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:611:15
    #6 0x5c168a in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool, bool*) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:514:3
    #7 0x5c2d59 in fuzzer::Fuzzer::MutateAndTestOne() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:757:19
    #8 0x5c3a25 in fuzzer::Fuzzer::Loop(std::__Fuzzer::vector<fuzzer::SizedFile, std::__Fuzzer::allocator<fuzzer::SizedFile> >&) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:895:5
    #9 0x5b213f in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:912:6
@github-actions GitHub Actions
Copy link
Contributor

This issue is stale because it has been open 6 months with no activity. Please comment or label not-stale, or this will be closed in 14 days.

@github-actions github-actions bot added the stale label Dec 19, 2023
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Jan 2, 2024

This issue was automatically closed due to no activity for 6 months plus the 14 day notice period.

@github-actions github-actions bot closed this as not planned Won't fix, can't repro, duplicate, stale Jan 2, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
stale
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@catenacyber