https://bugs.openldap.org/show_bug.cgi?id=10401
Issue ID: 10401
Summary: liblber: undefined shift of -1 in ber_decode_int()
Product: OpenLDAP
Version: 2.6.10
Hardware: All
OS: All
Status: UNCONFIRMED
Keywords: needs_review
Severity: normal
Priority: ---
Component: libraries
Assignee: [email protected]
Reporter: [email protected]
Target Milestone: ---
Report from curl project. Full info here
https://gist.github.com/bagder/44a0711fa1989951f2a2395fe992530e
Relevant stack trace:
[Environment]
UBSAN_OPTIONS=exitcode=77:print_stacktrace=1:silence_unsigned_overflow=1
+----------------------------------------Release Build
Stacktrace----------------------------------------+
Command: /mnt/scratch0/clusterfuzz/resources/platform/linux/unshare -c
-n
/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds_curl_4cc8f5a06444eef5b5b6682762bec8608d45b81b/revisions/curl_fuzzer_ldap
-rss_limit_mb=2560 -timeout=60 -runs=100
/mnt/scratch0/clusterfuzz/bot/inputs/fuzzer-testcases/crash-1364ab2dfa120fe4460381a08f4f158f8d47a30c
Time ran: 0.14911556243896484
INFO: Running with entropic power schedule (0xFF, 100).
INFO: Seed: 1947994398
INFO: Loaded 1 modules (211579 inline 8-bit counters): 211579
[0x559e5bb87a40, 0x559e5bbbb4bb),
INFO: Loaded 1 PC tables (211579 PCs): 211579
[0x559e5bbbb4c0,0x559e5bef5c70),
/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds_curl_4cc8f5a06444eef5b5b6682762bec8608d45b81b/revisions/curl_fuzzer_ldap:
Running 1 inputs 100 time(s) each.
Running:
/mnt/scratch0/clusterfuzz/bot/inputs/fuzzer-testcases/crash-1364ab2dfa120fe4460381a08f4f158f8d47a30c
decode.c:316:21: runtime error: left shift of negative value -1
#0 0x559e5b730e08 in ber_decode_int
curl_fuzzer/build/openldap/src/openldap_external/libraries/liblber/decode.c:316:21
#1 0x559e5b730c5d in ber_get_int
curl_fuzzer/build/openldap/src/openldap_external/libraries/liblber/decode.c:293:9
#2 0x559e5b6e60f3 in try_read1msg
curl_fuzzer/build/openldap/src/openldap_external/libraries/libldap/result.c:592:7
#3 0x559e5b6e60f3 in wait4msg
curl_fuzzer/build/openldap/src/openldap_external/libraries/libldap/result.c:393:12
#4 0x559e5b6e60f3 in ldap_result
curl_fuzzer/build/openldap/src/openldap_external/libraries/libldap/result.c:120:7
#5 0x559e5af804d6 in oldap_connecting curl/lib/openldap.c:826:10
#6 0x559e5aead984 in protocol_connecting curl/lib/multi.c:1794:14
#7 0x559e5aead984 in multi_runsingle curl/lib/multi.c:2510:16
#8 0x559e5aeacd4f in curl_multi_perform curl/lib/multi.c:2791:18
#9 0x559e5ae7fb38 in fuzz_handle_transfer(fuzz_data*)
curl_fuzzer/curl_fuzzer.cc:419:5
#10 0x559e5ae7eff0 in LLVMFuzzerTestOneInput
curl_fuzzer/curl_fuzzer.cc:97:3
#11 0x559e5add608d in fuzzer::Fuzzer::ExecuteCallback(unsigned char
const*, unsigned long)
/src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13
#12 0x559e5adc0e02 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char
const*, unsigned long)
/src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:329:6
#13 0x559e5adc6cd0 in fuzzer::FuzzerDriver(int*, char***, int
(*)(unsigned char const*, unsigned long))
/src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:865:9
#14 0x559e5adf2802 in main
/src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10
#15 0x7c4beb5b7082 in __libc_start_main
/build/glibc-LcI20x/glibc-2.31/csu/libc-start.c:308:16
#16 0x559e5adb9eed in _start
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior decode.c:316:21
--
You are receiving this mail because:
You are on the CC list for the issue.
