Linux x1-1 5.11.0-43-generic #47~20.04.2-Ubuntu SMP Mon Dec 13 11:06:56 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
poc https://github.com/gtt1995/poc/blob/main/kamailio/148907.testcase
==2350==ERROR: AddressSanitizer: SEGV on unknown address 0x608000010000 (pc 0x7f8ec09469c3 bp 0x7ffd84505c90 sp 0x7ffd84505718 T0)
==2350==The signal is caused by a READ memory access.
SCARINESS: 20 (wild-addr-read)
#0 0x7f8ec09469c3 in libc.so.6
#1 0x7f8ec0835209 in libc.so.6
#2 0x7f8ec08d5f32 in libc.so.6
#3 0x7f8ec08d63e9 in syslog
#4 0x64a045 in parse_identityinfo /src/kamailio/src/core/parser/parse_identityinfo.c:315:3
#5 0x64b29b in parse_identityinfo_header /src/kamailio/src/core/parser/parse_identityinfo.c:346:2
#6 0x576467 in LLVMFuzzerTestOneInput /src/kamailio/misc/fuzz/fuzz_parse_msg.c:53:5
#7 0x456e73 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) cxa_noexception.cpp:0
#8 0x45665a in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool, bool*) cxa_noexception.cpp:0
#9 0x457efb in fuzzer::Fuzzer::MutateAndTestOne() cxa_noexception.cpp:0
#10 0x4589e5 in fuzzer::Fuzzer::Loop(std::__Fuzzer::vector<fuzzer::SizedFile, std::__Fuzzer::allocator<fuzzer::SizedFile> >&) cxa_noexception.cpp:0
#11 0x44812d in fuzzer::FuzzerDriver(int*, char***, int ()(unsigned char const, unsigned long)) cxa_noexception.cpp:0
#12 0x471172 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10
#13 0x7f8ec07e20b2 in __libc_start_main
#14 0x41fa0d in _start
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV (/lib/x86_64-linux-gnu/libc.so.6+0x18b9c3)
==2350==ABORTING
MS: 3 ChangeBinInt-ShuffleBytes-EraseBytes-; base unit: ae3912c98bceb907c57e00fbcb572ff78ca2f12c
0x2d,0x2d,0x32,0x32,0x52,0x52,0x41,0x52,0xec,0x53,0x52,0x52,0x20,0x73,0x2d,0x34,0x38,0x39,0x31,0x36,0x9,0x48,0x48,0x48,0x1a,0xa,0x50,0x72,0x69,0x76,0x61,0x63,0x79,0x3a,0xa,0x20,0x73,0x32,0xa,0x49,0x64,0x65,0x6e,0x74,0x69,0x74,0x79,0x2d,0x49,0x6e,0x66,0x6f,0x3a,0x3c,0x3a,0x3a,0x3a,0x3a,0xff,0xea,0xea,0xea,0xea,0xea,0xea,0xea,0xea,0xea,0xea,0xea,0xea,0xea,0xea,0xea,0xea,0xea,0xea,0xea,0xea,0xa,0xa,0xff,0xff,0xff,0xff,0xff,
--22RRAR\354SRR s-48916\011HHH\032\012Privacy:\012 s2\012Identity-Info:<::::\377\352\352\352\352\352\352\352\352\352\352\352\352\352\352\352\352\352\352\352\352\012\012\377\377\377\377\377
artifact_prefix='/clusterfuzz/run_bot/clusterfuzz/bot/inputs/fuzzer-testcases/'; Test unit written to /clusterfuzz/run_bot/clusterfuzz/bot/inputs/fuzzer-testcases/crash-9886d78e9acf21b875f4e58d2d14222a4ed1e86f
Base64: LS0yMlJSQVLsU1JSIHMtNDg5MTYJSEhIGgpQcml2YWN5OgogczIKSWRlbnRpdHktSW5mbzo8Ojo6Ov/q6urq6urq6urq6urq6urq6urq6goK//////8=
stat::number_of_executed_units: 14639
stat::average_exec_per_sec: 1219
stat::new_units_added: 1293
stat::slowest_unit_time_sec: 0
stat::peak_rss_mb: 142
INFO: exiting: 77 time: 85s
+----------------------------------------Release Build Unsymbolized Stacktrace (diff)----------------------------------------+
==2350==The signal is caused by a READ memory access.
SCARINESS: 20 (wild-addr-read)
#0 0x7f8ec09469c3 (/lib/x86_64-linux-gnu/libc.so.6+0x18b9c3)
#1 0x7f8ec0835209 (/lib/x86_64-linux-gnu/libc.so.6+0x7a209)
#2 0x7f8ec08d5f32 (/lib/x86_64-linux-gnu/libc.so.6+0x11af32)
#3 0x7f8ec08d63e9 (/lib/x86_64-linux-gnu/libc.so.6+0x11b3e9)
#4 0x64a045 (/clusterfuzz/run_bot/clusterfuzz/bot/builds/kamailio_libfuzzer_asan/custom/fuzz_parse_msg+0x64a045)
#5 0x64b29b (/clusterfuzz/run_bot/clusterfuzz/bot/builds/kamailio_libfuzzer_asan/custom/fuzz_parse_msg+0x64b29b)
#6 0x576467 (/clusterfuzz/run_bot/clusterfuzz/bot/builds/kamailio_libfuzzer_asan/custom/fuzz_parse_msg+0x576467)
#7 0x456e73 (/clusterfuzz/run_bot/clusterfuzz/bot/builds/kamailio_libfuzzer_asan/custom/fuzz_parse_msg+0x456e73)
#8 0x45665a (/clusterfuzz/run_bot/clusterfuzz/bot/builds/kamailio_libfuzzer_asan/custom/fuzz_parse_msg+0x45665a)
#9 0x457efb (/clusterfuzz/run_bot/clusterfuzz/bot/builds/kamailio_libfuzzer_asan/custom/fuzz_parse_msg+0x457efb)
#10 0x4589e5 (/clusterfuzz/run_bot/clusterfuzz/bot/builds/kamailio_libfuzzer_asan/custom/fuzz_parse_msg+0x4589e5)
#11 0x44812d (/clusterfuzz/run_bot/clusterfuzz/bot/builds/kamailio_libfuzzer_asan/custom/fuzz_parse_msg+0x44812d)
#12 0x471172 (/clusterfuzz/run_bot/clusterfuzz/bot/builds/kamailio_libfuzzer_asan/custom/fuzz_parse_msg+0x471172)
#13 0x7f8ec07e20b2 (/lib/x86_64-linux-gnu/libc.so.6+0x270b2)
#14 0x41fa0d (/clusterfuzz/run_bot/clusterfuzz/bot/builds/kamailio_libfuzzer_asan/custom/fuzz_parse_msg+0x41fa0d)
—
Reply to this email directly, view it on GitHub, or unsubscribe.
Triage notifications on the go with GitHub Mobile for iOS or Android.
You are receiving this because you are subscribed to this thread.