https://bugs.openldap.org/show_bug.cgi?id=10400
Issue ID: 10400
Summary: NULL pointer deref in ldap_parse_result
Product: OpenLDAP
Version: 2.6.10
Hardware: All
OS: All
Status: UNCONFIRMED
Keywords: needs_review
Severity: normal
Priority: ---
Component: libraries
Assignee: [email protected]
Reporter: [email protected]
Target Milestone: ---
Report from curl project. Full info here
https://gist.github.com/bagder/8aae731b05bf423205db3d71aaedf18c
Relevant stack trace:
[Environment] ASAN_OPTIONS=exitcode=77
+----------------------------------------Release Build
Stacktrace----------------------------------------+
Command: /mnt/scratch0/clusterfuzz/resources/platform/linux/unshare -c
-n
/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds_curl_d1a7f12cc2e5055727a9c66d5eca203f3c8f5a6c/revisions/curl_fuzzer_ldap
-rss_limit_mb=2560 -timeout=60 -runs=100
/mnt/scratch0/clusterfuzz/bot/inputs/fuzzer-testcases/crash-0f193edf6a069aa877a89a9f31c6b4d0c47ff028
Time ran: 0.0964963436126709
INFO: Running with entropic power schedule (0xFF, 100).
INFO: Seed: 2389202903
INFO: Loaded 1 modules (166249 inline 8-bit counters): 166249
[0x55ca1b31da20, 0x55ca1b346389),
INFO: Loaded 1 PC tables (166249 PCs): 166249
[0x55ca1b346390,0x55ca1b5cfa20),
/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds_curl_d1a7f12cc2e5055727a9c66d5eca203f3c8f5a6c/revisions/curl_fuzzer_ldap:
Running 1 inputs 100 time(s) each.
Running:
/mnt/scratch0/clusterfuzz/bot/inputs/fuzzer-testcases/crash-0f193edf6a069aa877a89a9f31c6b4d0c47ff028
AddressSanitizer:DEADLYSIGNAL
=================================================================
==402==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000
(pc 0x55ca1ae33b22 bp 0x7ffd8c148e00 sp 0x7ffd8c148d00 T0)
==402==The signal is caused by a READ memory access.
==402==Hint: address points to the zero page.
#0 0x55ca1ae33b22 in ldap_parse_result
curl_fuzzer/build/openldap/src/openldap_external/libraries/libldap/error.c:264:26
#1 0x55ca1a3c0b45 in oldap_connecting curl/lib/openldap.c:844:10
#2 0x55ca1a25c34f in protocol_connecting curl/lib/multi.c:1794:14
#3 0x55ca1a25c34f in multi_runsingle curl/lib/multi.c:2510:16
#4 0x55ca1a25a985 in curl_multi_perform curl/lib/multi.c:2791:18
#5 0x55ca1a20c048 in fuzz_handle_transfer(fuzz_data*)
curl_fuzzer/curl_fuzzer.cc:419:5
#6 0x55ca1a20afd7 in LLVMFuzzerTestOneInput
curl_fuzzer/curl_fuzzer.cc:97:3
#7 0x55ca1a0a854d in fuzzer::Fuzzer::ExecuteCallback(unsigned char
const*, unsigned long)
/src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13
#8 0x55ca1a0932c2 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char
const*, unsigned long)
/src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:329:6
#9 0x55ca1a099190 in fuzzer::FuzzerDriver(int*, char***, int
(*)(unsigned char const*, unsigned long))
/src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:865:9
#10 0x55ca1a0c4cc2 in main
/src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10
#11 0x7d3b976eb082 in __libc_start_main
/build/glibc-LcI20x/glibc-2.31/csu/libc-start.c:308:16
#12 0x55ca1a08c3ad in _start
==402==Register values:
rax = 0x0000000000000000 rbx = 0x00007ffd8c148d00 rcx =
0x0000799b969e0e00 rdx = 0x0000000000000000
rdi = 0x0000799b969e0e00 rsi = 0x0000793b959d5920 rbp =
0x00007ffd8c148e00 rsp = 0x00007ffd8c148d00
r8 = 0x000055ca1b751a00 r9 = 0x00007fffffffff01 r10 =
0x00007fffffffff01 r11 = 0x0000000000000001
r12 = 0x0000793b956d2800 r13 = 0x0000000000000000 r14 =
0x0000000000000000 r15 = 0x0000000000000000
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV
(/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds_curl_d1a7f12cc2e5055727a9c66d5eca203f3c8f5a6c/revisions/curl_fuzzer_ldap+0x1411b22)
==402==ABORTING
--
You are receiving this mail because:
You are on the CC list for the issue.
