[Bug libstdc++/79135] New: null pointer dereference in std::_Bit_reference::operator=(bool) (stl_bvector.h:87)

Wed, 18 Jan 2017 10:42:36 -0800 

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=79135

            Bug ID: 79135
           Summary: null pointer dereference in
                    std::_Bit_reference::operator=(bool)
                    (stl_bvector.h:87)
           Product: gcc
           Version: 6.2.1
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: libstdc++
          Assignee: unassigned at gcc dot gnu.org
          Reporter: brian.carpenter at gmail dot com
  Target Milestone: ---

Created attachment 40538
  --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=40538&action=edit
crashing test case

While fuzzing draco by Google (https://github.com/google/draco) with American
Fuzzy Lop, I was able to trigger a null pointer dereference and segfault in
libstdc++ v6.2.1.

./draco_decoder -i test012

ASAN:DEADLYSIGNAL
=================================================================
==15020==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc
0x0000005c2b24 bp 0x000000000000 sp 0x7fff9aa895a0 T0)
    #0 0x5c2b23 in std::_Bit_reference::operator=(bool)
/usr/bin/../lib/gcc/x86_64-linux-gnu/6.2.1/../../../../include/c++/6.2.1/bits/stl_bvector.h:87:8
    #1 0x5c2b23 in
draco::MeshAttributeCornerTable::AddSeamEdge(draco::IndexType<int,
draco::CornerIndex_tag_type_>)
/root/draco/mesh/mesh_attribute_corner_table.cc:102
    #2 0x51dda7 in
draco::MeshEdgeBreakerDecoderImpl<draco::MeshEdgeBreakerTraversalDecoder>::DecodeConnectivity()
/root/draco/compression/mesh/mesh_edgebreaker_decoder_impl.cc:291:7
    #3 0x5661d9 in draco::PointCloudDecoder::Decode(draco::DecoderBuffer*,
draco::PointCloud*)
/root/draco/compression/point_cloud/point_cloud_decoder.cc:28:8
    #4 0x513573 in draco::DecodeMeshFromBuffer(draco::DecoderBuffer*)
/root/draco/compression/decode.cc:117:8
    #5 0x50f9de in main /root/draco/tools/draco_decoder.cc:93:44
    #6 0x7f5730a492b0 in __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x202b0)
    #7 0x43c9e9 in _start (/root/draco/build/draco_decoder+0x43c9e9)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV
/usr/bin/../lib/gcc/x86_64-linux-gnu/6.2.1/../../../../include/c++/6.2.1/bits/stl_bvector.h:87:8
in std::_Bit_reference::operator=(bool)
==15020==ABORTING

Reply via email to