Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SEGV in wabt::Module::operator= #2445

Open
renatahodovan opened this issue Jul 23, 2024 · 0 comments
Open

SEGV in wabt::Module::operator= #2445

renatahodovan opened this issue Jul 23, 2024 · 0 comments

Comments

@renatahodovan
Copy link

GIT revision: ed1ce97
Built with USE_ASAN=ON
Run: ./build/wat2wasm test.wat
Test:

(module quote "\7c")

Backtrace:

AddressSanitizer:DEADLYSIGNAL
=================================================================
==1100246==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7f5a434be881 bp 0x7ffcc43aba80 sp 0x7ffcc43ab238 T0)
==1100246==The signal is caused by a READ memory access.
==1100246==Hint: address points to the zero page.
    #0 0x7f5a434be881 in memcpy string/../sysdeps/x86_64/multiarch/memmove-vec-unaligned-erms.S:222
    #1 0x55ab4a3b93c4 in __asan_memcpy (wabt/bin/wat2wasm+0x1823c4) (BuildId: a5f593cb6819aa12ce15795bdae38dd1e63c168d)
    #2 0x55ab4a5467b5 in wabt::Module::operator=(wabt::Module&&) (wabt/bin/wat2wasm+0x30f7b5) (BuildId: a5f593cb6819aa12ce15795bdae38dd1e63c168d)
    #3 0x55ab4a508c3c in wabt::WastParser::ParseModuleCommand(wabt::Script*, std::unique_ptr<wabt::Command, std::default_delete<wabt::Command>>*) (wabt/bin/wat2wasm+0x2d1c3c) (BuildId: a5f593cb6819aa12ce15795bdae38dd1e63c168d)
    #4 0x55ab4a506fdc in wabt::WastParser::ParseModule(std::unique_ptr<wabt::Module, std::default_delete<wabt::Module>>*) (wabt/bin/wat2wasm+0x2cffdc) (BuildId: a5f593cb6819aa12ce15795bdae38dd1e63c168d)
    #5 0x55ab4a53d611 in wabt::ParseWatModule(wabt::WastLexer*, std::unique_ptr<wabt::Module, std::default_delete<wabt::Module>>*, std::vector<wabt::Error, std::allocator<wabt::Error>>*, wabt::WastParseOptions*) (wabt/bin/wat2wasm+0x306611) (BuildId: a5f593cb6819aa12ce15795bdae38dd1e63c168d)
    #6 0x55ab4a3fa8f9 in ProgramMain(int, char**) (wabt/bin/wat2wasm+0x1c38f9) (BuildId: a5f593cb6819aa12ce15795bdae38dd1e63c168d)
    #7 0x55ab4a3fc2c1 in main (wabt/bin/wat2wasm+0x1c52c1) (BuildId: a5f593cb6819aa12ce15795bdae38dd1e63c168d)
    #8 0x7f5a43423d8f in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16
    #9 0x7f5a43423e3f in __libc_start_main csu/../csu/libc-start.c:392:3
    #10 0x55ab4a31f194 in _start (wabt/bin/wat2wasm+0xe8194) (BuildId: a5f593cb6819aa12ce15795bdae38dd1e63c168d)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV string/../sysdeps/x86_64/multiarch/memmove-vec-unaligned-erms.S:222 in memcpy
==1100246==ABORTING

The issue was found by libFuzzer with a Grammarinator-based custom mutator.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@renatahodovan