Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

StampJSON Segfault #10

Open
Eusgor opened this issue Sep 25, 2024 · 0 comments
Open

StampJSON Segfault #10

Eusgor opened this issue Sep 25, 2024 · 0 comments

Comments

@Eusgor
Copy link

Eusgor commented Sep 25, 2024

Hi!
I am interested in your project. I tried to use it for fuzzing.
I got a segfault when I ran pulp2json with a file containing "<M(hg".

[user@alty-10 console_demo]$ ./pulp2json input 
Ошибка сегментирования
[user@alty-10 console_demo]$ cat input
<M(hg

If I compile blobstamper with ASAN, I get this:

[user@alty-10 console_demo]$ ./pulp2json buf 
AddressSanitizer:DEADLYSIGNAL
=================================================================
==3995==ERROR: AddressSanitizer: SEGV on unknown address (pc 0x562e6cc62018 bp 0x7fff622a69a0 sp 0x7fff622a6940 T0)
==3995==The signal is caused by a READ memory access.
==3995==Hint: this fault was caused by a dereference of a high value address (see register values below).  Dissassemble the provided pc to learn which register was used.
    #0 0x562e6cc62018 in __gnu_cxx::__exchange_and_add(int volatile*, int) /usr/include/c++/10/ext/atomicity.h:50
    #1 0x562e6cc62018 in __gnu_cxx::__exchange_and_add_dispatch(int*, int) /usr/include/c++/10/ext/atomicity.h:84
    #2 0x562e6cc62018 in std::_Sp_counted_base<(__gnu_cxx::_Lock_policy)2>::_M_release() /usr/include/c++/10/bits/shared_ptr_base.h:155
    #3 0x562e6cc618fd in std::__shared_count<(__gnu_cxx::_Lock_policy)2>::~__shared_count() /usr/include/c++/10/bits/shared_ptr_base.h:736
    #4 0x562e6cc90c1f in std::__shared_ptr<StampJSONHashEl, (__gnu_cxx::_Lock_policy)2>::~__shared_ptr() /usr/include/c++/10/bits/shared_ptr_base.h:1188
    #5 0x562e6cc94a0b in std::__shared_ptr<StampJSONHashEl, (__gnu_cxx::_Lock_policy)2>::operator=(std::__shared_ptr<StampJSONHashEl, (__gnu_cxx::_Lock_policy)2>&&) /usr/include/c++/10/bits/shared_ptr_base.h:1284
    #6 0x562e6cc92517 in std::shared_ptr<StampJSONHashEl>::operator=(std::shared_ptr<StampJSONHashEl>&&) /usr/include/c++/10/bits/shared_ptr.h:384
    #7 0x562e6cc90e1f in StampJSONHash::StampJSONHash(std::shared_ptr<PoolPickerStamp>) blobstamper/stamp_json.h:92
    #8 0x562e6cca34e7 in void __gnu_cxx::new_allocator<StampJSONHash>::construct<StampJSONHash, std::shared_ptr<StampJSON> >(StampJSONHash*, std::shared_ptr<StampJSON>&&) /usr/include/c++/10/ext/new_allocator.h:156
    #9 0x562e6cca15e1 in void std::allocator_traits<std::allocator<StampJSONHash> >::construct<StampJSONHash, std::shared_ptr<StampJSON> >(std::allocator<StampJSONHash>&, StampJSONHash*, std::shared_ptr<StampJSON>&&) /usr/include/c++/10/bits/alloc_traits.h:512
    #10 0x562e6cca0791 in std::_Sp_counted_ptr_inplace<StampJSONHash, std::allocator<StampJSONHash>, (__gnu_cxx::_Lock_policy)2>::_Sp_counted_ptr_inplace<std::shared_ptr<StampJSON> >(std::allocator<StampJSONHash>, std::shared_ptr<StampJSON>&&) /usr/include/c++/10/bits/shared_ptr_base.h:551
    #11 0x562e6cc9e3ec in std::__shared_count<(__gnu_cxx::_Lock_policy)2>::__shared_count<StampJSONHash, std::allocator<StampJSONHash>, std::shared_ptr<StampJSON> >(StampJSONHash*&, std::_Sp_alloc_shared_tag<std::allocator<StampJSONHash> >, std::shared_ptr<StampJSON>&&) /usr/include/c++/10/bits/shared_ptr_base.h:682
    #12 0x562e6cc9be01 in std::__shared_ptr<StampJSONHash, (__gnu_cxx::_Lock_policy)2>::__shared_ptr<std::allocator<StampJSONHash>, std::shared_ptr<StampJSON> >(std::_Sp_alloc_shared_tag<std::allocator<StampJSONHash> >, std::shared_ptr<StampJSON>&&) /usr/include/c++/10/bits/shared_ptr_base.h:1376
    #13 0x562e6cc995e0 in std::shared_ptr<StampJSONHash>::shared_ptr<std::allocator<StampJSONHash>, std::shared_ptr<StampJSON> >(std::_Sp_alloc_shared_tag<std::allocator<StampJSONHash> >, std::shared_ptr<StampJSON>&&) /usr/include/c++/10/bits/shared_ptr.h:408
    #14 0x562e6cc96a42 in std::shared_ptr<StampJSONHash> std::allocate_shared<StampJSONHash, std::allocator<StampJSONHash>, std::shared_ptr<StampJSON> >(std::allocator<StampJSONHash> const&, std::shared_ptr<StampJSON>&&) /usr/include/c++/10/bits/shared_ptr.h:862
    #15 0x562e6cc93df9 in std::shared_ptr<StampJSONHash> std::make_shared<StampJSONHash, std::shared_ptr<StampJSON> >(std::shared_ptr<StampJSON>&&) /usr/include/c++/10/bits/shared_ptr.h:878
    #16 0x562e6cc8cc52 in StampJSON::StampJSON() blobstamper/stamp_json.cpp:163
    #17 0x562e6cc64bb2 in void __gnu_cxx::new_allocator<StampJSON>::construct<StampJSON>(StampJSON*) (/home/user/libblobstamper/console_demo/pulp2json+0x15bb2)
    #18 0x562e6cc648ea in void std::allocator_traits<std::allocator<StampJSON> >::construct<StampJSON>(std::allocator<StampJSON>&, StampJSON*) (/home/user/libblobstamper/console_demo/pulp2json+0x158ea)
    #19 0x562e6cc643fa in std::_Sp_counted_ptr_inplace<StampJSON, std::allocator<StampJSON>, (__gnu_cxx::_Lock_policy)2>::_Sp_counted_ptr_inplace<>(std::allocator<StampJSON>) (/home/user/libblobstamper/console_demo/pulp2json+0x153fa)
    #20 0x562e6cc639be in std::__shared_count<(__gnu_cxx::_Lock_policy)2>::__shared_count<StampJSON, std::allocator<StampJSON>>(StampJSON*&, std::_Sp_alloc_shared_tag<std::allocator<StampJSON> >) (/home/user/libblobstamper/console_demo/pulp2json+0x149be)
    #21 0x562e6cc63334 in std::__shared_ptr<StampJSON, (__gnu_cxx::_Lock_policy)2>::__shared_ptr<std::allocator<StampJSON>>(std::_Sp_alloc_shared_tag<std::allocator<StampJSON> >) (/home/user/libblobstamper/console_demo/pulp2json+0x14334)
    #22 0x562e6cc62d59 in std::shared_ptr<StampJSON>::shared_ptr<std::allocator<StampJSON>>(std::_Sp_alloc_shared_tag<std::allocator<StampJSON> >) (/home/user/libblobstamper/console_demo/pulp2json+0x13d59)
    #23 0x562e6cc6270f in std::shared_ptr<StampJSON> std::allocate_shared<StampJSON, std::allocator<StampJSON>>(std::allocator<StampJSON> const&) (/home/user/libblobstamper/console_demo/pulp2json+0x1370f)
    #24 0x562e6cc61e4b in std::shared_ptr<StampJSON> std::make_shared<StampJSON>() (/home/user/libblobstamper/console_demo/pulp2json+0x12e4b)
    #25 0x562e6cc60f55 in main (/home/user/libblobstamper/console_demo/pulp2json+0x11f55)
    #26 0x7f6f0704eefc in __libc_start_main (/lib64/libc.so.6+0x27efc)
    #27 0x562e6cc606d9 in _start (/home/user/libblobstamper/console_demo/pulp2json+0x116d9)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /usr/include/c++/10/ext/atomicity.h:50 in __gnu_cxx::__exchange_and_add(int volatile*, int)
==3995==ABORTING

Reproduced in Alt Linux p10

Linux 6.1.49-un-def-alt1 #1 SMP PREEMPT_DYNAMIC Sun Aug 27 21:19:35 UTC 2023 x86_64 GNU/Linux
gcc version 10.3.1 20210703 (ALT Sisyphus 10.3.1-alt2) (GCC)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Eusgor