Open xsscx opened 3 years ago
Hi, thanks for the report; I can confirm that this example also fails on my machine. I'll see if I can fix it. Update: it does not fail when running in Debug mode, which would point towards non-initialized variables.
Out of curiosity, how did you arrive at that example? Would any non-existant command also produce the issue?
Hi,
I'm using an Apple Security Research Device and working outward to points of impact. Then, I'm running the Reproducer on retail Run Targets to Confirm & Report.
Yes, I noted this in my updated Feedback to Apple. I am now making Reports downstream to IOS Projects where the Community can evaluate the issues transparently and I can cull the Results.
-Out of curiosity, how did you arrive at that example? Would any non-existant command also produce the issue
The PoC was found circa 2015 in LLDB Bug Reports from myself and others, I was not the original Reporter, but performed significant Fuzzing at that time which still has a Corpus that delivers PoC Crashers across the XNU ecosystem. I too am looking at the non-existant command issue. Apple so far is No-Fix on this issue so I am now Reporting the Issue to Downstream Projects.
The Feedback Case == FB9591834 with Subject == 20G95 | 13A5212g | clang-1300.0.29.3 | Logic Bug | PoC | Segmentation fault: 11
Please let me know if I can provide any additional information.
Thank You!
New
Hello-
Here is another Crasher PoC. It will need to be run a few times to generate the Crash. This is another circa 2015 CLANG Crasher that has been won't fix like the other PoC. I've tested this on iPad 12 Pro, iPhone 12 Pro both running Retail iOS15, and also verified on SRD running iOS 15.1 Beta.
echo "g34( struct Yunsignedp char32_t=char32_t_35==ZcregisterZtypename&&S=4autobitand8 &&or* xor{static_cast&char32_t&welseconst auto" | clang -x c++ -
Are you saying this an llvm bug that has been public since 2015? Are you able to link to any other or older reports?
I do not get websearch results for your feedback case.
The bug looks real.
Hello -
@xloem Sorry for slow reply.
The Original Bug is at URL https://bugs.llvm.org/show_bug.cgi?id=23057
A number of those Reports originate from URL https://web.archive.org/web/20160305095849/http://sli.dy.fi/~sliedes/clang-triage/triage_report.xhtml as noted in the Bug Report.
Over time I've tried to keep filing same bug or variant(s). There are many variants of the original bugs on X86_64, with similar issues in arm64e.
Best;
-D
Hello-
Crasher PoC: printf 'k80x&::((**\ne::' | clang -x c++ -
Hardware Model: iPad8,12 OS Version: iPhone OS 14.7.1 (18G82)
Run Twice, See Seg Fault 11
A few comments:
Hopefully this is enough info to be able to reproduce the Crash.
If I should Report this Issue elsewhere, please let me know.
Thank You