search

danmar / simplecpp

C++ preprocessor
BSD Zero Clause License
204 stars 80 forks source link

fuzzing crash in `simplecpp::preprocess()` #344

Open firewave opened 7 months ago

firewave commented 7 months ago 
#/**/include <>
simplecpp.cpp:3436:66: runtime error: member access within null pointer of type 'const Token'
    #0 0x61489cfd2109 in simplecpp::preprocess(simplecpp::TokenList&, simplecpp::TokenList const&, std::__1::vector<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>>, std::__1::allocator<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>>>>&, std::__1::map<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>>, simplecpp::TokenList*, std::__1::less<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>>>, std::__1::allocator<std::__1::pair<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>> const, simplecpp::TokenList*>>>&, simplecpp::DUI const&, std::__1::list<simplecpp::Output, std::__1::allocator<simplecpp::Output>>*, std::__1::list<simplecpp::MacroUsage, std::__1::allocator<simplecpp::MacroUsage>>*, std::__1::list<simplecpp::IfCond, std::__1::allocator<simplecpp::IfCond>>*) /home/user/CLionProjects/simplecpp-rider/simplecpp.cpp:3436:66
    #1 0x61489d052e61 in LLVMFuzzerTestOneInput /home/user/CLionProjects/simplecpp-rider/fuzz.cpp:31:5
    #2 0x61489ce39168 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/home/user/CLionProjects/simplecpp-rider/fuzz+0xd3168) (BuildId: c67f7ae0ae4f90bce06e963fc0d95c2c7f3417a7)
    #3 0x61489ce39866 in fuzzer::Fuzzer::MinimizeCrashLoop(std::vector<unsigned char, std::allocator<unsigned char>> const&) (/home/user/CLionProjects/simplecpp-rider/fuzz+0xd3866) (BuildId: c67f7ae0ae4f90bce06e963fc0d95c2c7f3417a7)
    #4 0x61489ce0fa8b in fuzzer::MinimizeCrashInputInternalStep(fuzzer::Fuzzer*, fuzzer::InputCorpus*) (/home/user/CLionProjects/simplecpp-rider/fuzz+0xa9a8b) (BuildId: c67f7ae0ae4f90bce06e963fc0d95c2c7f3417a7)
    #5 0x61489ce1c198 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/home/user/CLionProjects/simplecpp-rider/fuzz+0xb6198) (BuildId: c67f7ae0ae4f90bce06e963fc0d95c2c7f3417a7)
    #6 0x61489ce03947 in main (/home/user/CLionProjects/simplecpp-rider/fuzz+0x9d947) (BuildId: c67f7ae0ae4f90bce06e963fc0d95c2c7f3417a7)
    #7 0x774a5ff55ccf  (/usr/lib/libc.so.6+0x29ccf) (BuildId: 0865c4b9ba13e0094e8b45b78dfc7a2971f536d2)
    #8 0x774a5ff55d89 in __libc_start_main (/usr/lib/libc.so.6+0x29d89) (BuildId: 0865c4b9ba13e0094e8b45b78dfc7a2971f536d2)
    #9 0x61489ce05f84 in _start (/home/user/CLionProjects/simplecpp-rider/fuzz+0x9ff84) (BuildId: c67f7ae0ae4f90bce06e963fc0d95c2c7f3417a7)

SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior simplecpp.cpp:3436:66 in