Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use-of-uninitialized-value (OSS-Fuzz issue 347) #409

Closed
nlohmann opened this issue Dec 29, 2016 · 1 comment
Closed

Use-of-uninitialized-value (OSS-Fuzz issue 347) #409

nlohmann opened this issue Dec 29, 2016 · 1 comment
Assignees
@nlohmann
Labels
confirmed kind: bug
Milestone
Release 2.0.10

Comments

@nlohmann
Copy link
Owner

The library is continuously fuzz tested by Google's OSS-Fuzz. Today, an error was reported:

Detailed report: https://clusterfuzz-external.appspot.com/testcase?key=6240782075822080

Project: json
Fuzzer: libFuzzer_json_fuzzer-parse_msgpack
Fuzz target binary: fuzzer-parse_msgpack
Job Type: libfuzzer_msan_json
Platform Id: linux

Crash Type: Use-of-uninitialized-value
Crash Address: 
Crash State:
std::__1::char_traits<char>::compare
nlohmann::operator==
_start

Recommended Security Severity: Medium


Minimized Testcase (0.25 Kb): https://clusterfuzz-external.appspot.com/download/AMIfv94z1zLLkKnFP000oNMxeOAENBZKbWPmCdd5VTOLC7sRv6D03OH1FiqBTqgDeYAVbeUqki98vM1nXPEMPmIqvCNX43sCp6u-En4GNFxunbHr_DBoJ1eXXhdFO9pmftkYy4wtQQpioimz3cXNQXEg-NfqyRKy77jI6MfFtuGc0K89O20baCOoQ18kz5Hj1y8Q432hDgRZNM_DuStH0zDr_e7xNnXm0SAKNBQME7tpUZMjApnsb9XJu0A8TKefxgdiGe0mvlTocd1nmZ8BX3sYcsfyeoh_y7Dblf9sLZYfgFtJuOPl6du0ZlSEzq5q-xZqGeB_FzPiNz0x65zhOnobut36P-8g29OyV1vJeHCYpUvE-TTHbFEZtZAuFAacJqYoxvjuNtjL?testcase_id=6240782075822080

Issue filed automatically.

See https://github.com/google/oss-fuzz/blob/master/docs/reproducing.md for more information.

This bug is subject to a 90 day disclosure deadline. If 90 days elapse
without an upstream patch, then the bug report will automatically
become visible to the public.

test case: fuzz-3-json_fuzzer-parse_msgpack.zip

==1==WARNING: MemorySanitizer: use-of-uninitialized-value
==1==WARNING: invalid path to external symbolizer!
==1==WARNING: Failed to use and restart external symbolizer!
#0 0x4dc651 in std::__1::char_traits<char>::compare(char const*, char const*, unsigned long) /usr/local/include/c++/v1/__string:211:32
#1 0x49d92f in bool std::__1::operator==<std::__1::allocator<char> >(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&) /usr/local/include/c++/v1/string:3510:16
#2 0x49d92f in nlohmann::operator==(nlohmann::basic_json<std::__1::map, std::__1::vector, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >, bool, long, unsigned long, double, std::__1::allocator> const&, nlohmann::basic_json<std::__1::map, std::__1::vector, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >, bool, long, unsigned long, double, std::__1::allocator> const&) /src/json/src/json.hpp:5567
@nlohmann nlohmann self-assigned this Dec 29, 2016
@nlohmann
Copy link
Owner Author

Should be fixed with #405.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@nlohmann nlohmann

Labels
confirmed kind: bug
Projects
None yet
Milestone
Release 2.0.10
Development

No branches or pull requests
1 participant
@nlohmann