When a malicious testcase is input into test driver, the program exits by SEGV signal. UndefinedBehaviorSanitizer provided information as below:
UndefinedBehaviorSanitizer:DEADLYSIGNAL
==18512==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x000000000008 (pc 0x00000043248e bp 0x7fff694ee6f0 sp 0x7fff694ee610 T18512)
==18512==The signal is caused by a READ memory access.
==18512==Hint: address points to the zero page.
#0 0x43248d in config_setting_set_string /home/fengyutong/libconfig/lib/libconfig.c:1178
#1 0x429d7a in main /home/fengyutong/libconfig/examples/c/afl2.c:71:3
#2 0x7f8445767b96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310
#3 0x4049e8 in _start (/home/jin/Documents/tmp/crash_summary/crash_summary/libconfig_summary/honggfuzzer2+0x4049e8)
UndefinedBehaviorSanitizer can not provide additional info.
==18512==ABORTING
Undefined behavior in config_setting_set_string (libconfig.c:1178)
There is a undefined-behavior vulnerability in libconfig (git repository: https://github.com/hyperrealm/libconfig, Latest commit f53e5de on Dec 20, 2019).
When a malicious testcase is input into test driver, the program exits by SEGV signal. UndefinedBehaviorSanitizer provided information as below:
test driver
attack vector