Open Asteriska001 opened 1 year ago
A SEGV fault was discovered in function clip::plotgen::labels_draw()
Version 5fca358 (Lastest commit)
Ubuntu 18.04, 64bit
Command
git clone the Lastest Version firstly. make ./clip -e a.svg ./poc
POC file at the bottom of this report.
==943==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x55d78ff6ed09 bp 0x7fff857330f0 sp 0x7fff85732c1 0 T0) ==943==The signal is caused by a READ memory access. ==943==Hint: address points to the zero page. #0 0x55d78ff6ed09 in clip::plotgen::labels_draw(clip::Context*, clip::PlotConfig*, clip::plotgen::PlotLabelsConfig*) (/A FLplusplus/my_test/clip-master/val/clip+0x2c0d09) #1 0x55d78ff72806 in clip::plotgen::labels_draw(clip::Context*, clip::PlotConfig*, clip::Expr const*) (/AFLplusplus/my_t est/clip-master/val/clip+0x2c4806) #2 0x55d78ff85526 in clip::ReturnCode std::__invoke_impl<clip::ReturnCode, clip::ReturnCode (*&)(clip::Context*, clip::P lotConfig*, clip::Expr const*), clip::Context*&, clip::PlotConfig*&, clip::Expr const*>(std::__invoke_other, clip::ReturnCod e (*&)(clip::Context*, clip::PlotConfig*, clip::Expr const*), clip::Context*&, clip::PlotConfig*&, clip::Expr const*&&) (/AF Lplusplus/my_test/clip-master/val/clip+0x2d7526) #3 0x55d78ff85225 in std::__invoke_result<clip::ReturnCode (*&)(clip::Context*, clip::PlotConfig*, clip::Expr const*), c lip::Context*&, clip::PlotConfig*&, clip::Expr const*>::type std::__invoke<clip::ReturnCode (*&)(clip::Context*, clip::PlotC onfig*, clip::Expr const*), clip::Context*&, clip::PlotConfig*&, clip::Expr const*>(clip::ReturnCode (*&)(clip::Context*, cl ip::PlotConfig*, clip::Expr const*), clip::Context*&, clip::PlotConfig*&, clip::Expr const*&&) (/AFLplusplus/my_test/clip-ma ster/val/clip+0x2d7225) #4 0x55d78ff84df3 in clip::ReturnCode std::_Bind<clip::ReturnCode (*(clip::Context*, clip::PlotConfig*, std::_Placeholde r<1>))(clip::Context*, clip::PlotConfig*, clip::Expr const*)>::__call<clip::ReturnCode, clip::Expr const*&&, 0ul, 1ul, 2ul>( std::tuple<clip::Expr const*&&>&&, std::_Index_tuple<0ul, 1ul, 2ul>) (/AFLplusplus/my_test/clip-master/val/clip+0x2d6df3) #5 0x55d78ff849b8 in clip::ReturnCode std::_Bind<clip::ReturnCode (*(clip::Context*, clip::PlotConfig*, std::_Placeholde r<1>))(clip::Context*, clip::PlotConfig*, clip::Expr const*)>::operator()<clip::Expr const*, clip::ReturnCode>(clip::Expr co nst*&&) (/AFLplusplus/my_test/clip-master/val/clip+0x2d69b8) #6 0x55d78ff84302 in clip::ReturnCode std::__invoke_impl<clip::ReturnCode, std::_Bind<clip::ReturnCode (*(clip::Context* , clip::PlotConfig*, std::_Placeholder<1>))(clip::Context*, clip::PlotConfig*, clip::Expr const*)>&, clip::Expr const*>(std: :__invoke_other, std::_Bind<clip::ReturnCode (*(clip::Context*, clip::PlotConfig*, std::_Placeholder<1>))(clip::Context*, cl ip::PlotConfig*, clip::Expr const*)>&, clip::Expr const*&&) (/AFLplusplus/my_test/clip-master/val/clip+0x2d6302) #7 0x55d78ff83d99 in std::enable_if<is_invocable_r_v<clip::ReturnCode, std::_Bind<clip::ReturnCode (*(clip::Context*, cl ip::PlotConfig*, std::_Placeholder<1>))(clip::Context*, clip::PlotConfig*, clip::Expr const*)>&, clip::Expr const*>, clip::R eturnCode>::type std::__invoke_r<clip::ReturnCode, std::_Bind<clip::ReturnCode (*(clip::Context*, clip::PlotConfig*, std::_P laceholder<1>))(clip::Context*, clip::PlotConfig*, clip::Expr const*)>&, clip::Expr const*>(std::_Bind<clip::ReturnCode (*(c lip::Context*, clip::PlotConfig*, std::_Placeholder<1>))(clip::Context*, clip::PlotConfig*, clip::Expr const*)>&, clip::Expr const*&&) (/AFLplusplus/my_test/clip-master/val/clip+0x2d5d99) #8 0x55d78ff83756 in std::_Function_handler<clip::ReturnCode (clip::Expr const*), std::_Bind<clip::ReturnCode (*(clip::C ontext*, clip::PlotConfig*, std::_Placeholder<1>))(clip::Context*, clip::PlotConfig*, clip::Expr const*)> >::_M_invoke(std:: _Any_data const&, clip::Expr const*&&) (/AFLplusplus/my_test/clip-master/val/clip+0x2d5756) #9 0x55d78ffddee1 in std::function<clip::ReturnCode (clip::Expr const*)>::operator()(clip::Expr const*) const (/AFLplusp lus/my_test/clip-master/val/clip+0x32fee1) #10 0x55d78ffdb472 in clip::expr_walk_map(clip::Expr const*, std::unique_ptr<clip::Expr, std::function<void (clip::Expr* )> >*, std::unordered_map<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::function<cli p::ReturnCode (clip::Expr const*)>, std::hash<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::equal_to<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::allocator<std::pa ir<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, std::function<clip::ReturnCode (cl ip::Expr const*)> > > > const&) (/AFLplusplus/my_test/clip-master/val/clip+0x32d472) #11 0x55d78ff7e326 in clip::plot_draw(clip::Context*, clip::PlotConfig*, clip::Expr const*) (/AFLplusplus/my_test/clip-m aster/val/clip+0x2d0326) #12 0x55d78ff7f4da in clip::plot_eval(clip::Context*, clip::Expr const*) (/AFLplusplus/my_test/clip-master/val/clip+0x2d 14da) #13 0x55d78fe258a4 in clip::ReturnCode std::__invoke_impl<clip::ReturnCode, clip::ReturnCode (*&)(clip::Context*, clip:: Expr const*), clip::Context*, clip::Expr const*>(std::__invoke_other, clip::ReturnCode (*&)(clip::Context*, clip::Expr const *), clip::Context*&&, clip::Expr const*&&) (/AFLplusplus/my_test/clip-master/val/clip+0x1778a4) #14 0x55d78fe24f33 in std::enable_if<is_invocable_r_v<clip::ReturnCode, clip::ReturnCode (*&)(clip::Context*, clip::Expr const*), clip::Context*, clip::Expr const*>, clip::ReturnCode>::type std::__invoke_r<clip::ReturnCode, clip::ReturnCode (*& )(clip::Context*, clip::Expr const*), clip::Context*, clip::Expr const*>(clip::ReturnCode (*&)(clip::Context*, clip::Expr co nst*), clip::Context*&&, clip::Expr const*&&) (/AFLplusplus/my_test/clip-master/val/clip+0x176f33) #15 0x55d78fe2445a in std::_Function_handler<clip::ReturnCode (clip::Context*, clip::Expr const*), clip::ReturnCode (*)( clip::Context*, clip::Expr const*)>::_M_invoke(std::_Any_data const&, clip::Context*&&, clip::Expr const*&&) (/AFLplusplus/m y_test/clip-master/val/clip+0x17645a) #16 0x55d78fe242a2 in std::function<clip::ReturnCode (clip::Context*, clip::Expr const*)>::operator()(clip::Context*, cl ip::Expr const*) const (/AFLplusplus/my_test/clip-master/val/clip+0x1762a2) #17 0x55d78fe22573 in clip::eval(clip::Context*, clip::Expr const*) (/AFLplusplus/my_test/clip-master/val/clip+0x174573) #18 0x55d78fe22c87 in clip::eval(clip::Context*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator <char> > const&) (/AFLplusplus/my_test/clip-master/val/clip+0x174c87) #19 0x55d78fd3530a in main (/AFLplusplus/my_test/clip-master/val/clip+0x8730a) #20 0x7f5478a78082 in __libc_start_main ../csu/libc-start.c:308 #21 0x55d78fd339fd in _start (/AFLplusplus/my_test/clip-master/val/clip+0x859fd) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV (/AFLplusplus/my_test/clip-master/val/clip+0x2c0d09) in clip::plotgen::labels_draw(clip::Con text*, clip::PlotConfig*, clip::plotgen::PlotLabelsConfig*) ==943==ABORTING
id_000011,sig_11,src_000968,time_12498701,op_havoc,rep_8.zip
Any issue plz contact with me: asteriska001@gmail.com OR: twitter: @Asteriska8
Description
A SEGV fault was discovered in function clip::plotgen::labels_draw()
Version
Version 5fca358 (Lastest commit)
Environment
Ubuntu 18.04, 64bit
Reproduce
Command
POC file at the bottom of this report.
ASAN Report
POC
id_000011,sig_11,src_000968,time_12498701,op_havoc,rep_8.zip
Any issue plz contact with me: asteriska001@gmail.com OR: twitter: @Asteriska8