Open skorpion98 opened 2 months ago
djb-rwth
commented
1 month ago Hi @skorpion98,
Thank you for creating this issue.
All the above mentioned bugs/vulnerabilities along with the newly opened Google oss-fuzz issues will be addressed in forthcoming version(s) of InChI.
BTW, we have started using AFL++ on Ubuntu 22.04 LTS only recently, but please feel free to track down any bug/security issue which might have been overlooked at our end.
djb-rwth
commented
3 weeks ago Hi @skorpion98,
Unfortunately, the four issues mentioned in this post could not be reproduced as Valgrind cannot show full stack traces, most likely due to the missing debug info.
Please be so kind as to amend this according to the following instructions: The stack traces given by Memcheck (or another tool) aren't helpful. ... and/or Memcheck's uninitialised value errors are hard to track down, ... .
Thank you in advance.
Summary
Several use-of-uninitialised-memory bugs have been found after testing one of the harnesses provided on the OSS-Fuzz repository (inchi_input_fuzzer).
During our tests we found:
OrigAtData_RemoveHalfBond()GetBaseCanonRanking()InChILine2Data()CompareReversedINChI3()Steps to reproduce
In the following archive, you will find:
bugscontaining the several inputs that caused the aforementioned bugs and their respective Valgrind logs, enumerated as the list aboveTo reproduce the errors, a memory safety tool is required to expose the bug. Run the given binary with the testcase files inside Valgrind with a command like
valgrind ./inchi_input_fuzzer /path_to_testcases/inputThe program has been tested on the standard Docker image provided on OSS-Fuzz using Ubuntu 20.04, providing AFL++ as fuzzing engine and build flag
--sanitizer=none.The hash commit used to perform the tests is
8477339.Environment