fast_matcher OOB? - Githubissues

il-steffen commented 1 year ago
fast_matcher is choking on some input?
(.venv) steffens@tdxsim33:ccc$ RUST_BACKTRACE=full USE_FAST_MATCHER=1 fuzz.sh smatch /home/steffens/data/test-pipeline-linux-next2/BOOT_DO_BASIC/workdir_dh8535wk/
[...]
Processing: "/home/steffens/data/test-pipeline-linux-next2/BOOT_DO_BASIC/workdir_dh8535wk/traces/fuzz_00208.lst.lz4"
Processing: "/home/steffens/data/test-pipeline-linux-next2/BOOT_DO_BASIC/workdir_dh8535wk/traces/fuzz_00209.lst.lz4"
Processing: "/home/steffens/data/test-pipeline-linux-next2/BOOT_DO_BASIC/workdir_dh8535wk/traces/fuzz_00210.lst.lz4"
Processing: "/home/steffens/data/test-pipeline-linux-next2/BOOT_DO_BASIC/workdir_dh8535wk/traces/fuzz_00211.lst.lz4"
thread '<unnamed>' panicked at 'index out of bounds: the len is 1 but the index is 1', src/main.rs:173:43
stack backtrace:
   0:     0x55563da1acdc - std::backtrace_rs::backtrace::libunwind::trace::h4f7e6efa76dce8a2
                               at /build/rustc-8kCV4J/rustc-1.61.0+dfsg1~llvm/library/std/src/../../backtrace/src/backtrace/libunwind.rs:93:5
   1:     0x55563da1acdc - std::backtrace_rs::backtrace::trace_unsynchronized::hfd3fb3f24f83e846
                               at /build/rustc-8kCV4J/rustc-1.61.0+dfsg1~llvm/library/std/src/../../backtrace/src/backtrace/mod.rs:66:5
   2:     0x55563da1acdc - std::sys_common::backtrace::_print_fmt::h82538af9e683b729
                               at /build/rustc-8kCV4J/rustc-1.61.0+dfsg1~llvm/library/std/src/sys_common/backtrace.rs:66:5
   3:     0x55563da1acdc - <std::sys_common::backtrace::_print::DisplayBacktrace as core::fmt::Display>::fmt::had12b8ebc27ab529
                               at /build/rustc-8kCV4J/rustc-1.61.0+dfsg1~llvm/library/std/src/sys_common/backtrace.rs:45:22
   4:     0x55563da3d6be - core::fmt::write::hcef9c23bf27d039c
                               at /build/rustc-8kCV4J/rustc-1.61.0+dfsg1~llvm/library/core/src/fmt/mod.rs:1194:17
   5:     0x55563da05451 - std::io::Write::write_fmt::h91d3c48a0b4c64c6
                               at /build/rustc-8kCV4J/rustc-1.61.0+dfsg1~llvm/library/std/src/io/mod.rs:1655:15
   6:     0x55563da08425 - std::sys_common::backtrace::_print::h792686924b255848
                               at /build/rustc-8kCV4J/rustc-1.61.0+dfsg1~llvm/library/std/src/sys_common/backtrace.rs:48:5
   7:     0x55563da08425 - std::sys_common::backtrace::print::ha62ed1347274eaea
                               at /build/rustc-8kCV4J/rustc-1.61.0+dfsg1~llvm/library/std/src/sys_common/backtrace.rs:35:9
   8:     0x55563da08425 - std::panicking::default_hook::{{closure}}::hc107e5bad7c99d87
                               at /build/rustc-8kCV4J/rustc-1.61.0+dfsg1~llvm/library/std/src/panicking.rs:295:22
   9:     0x55563da080d9 - std::panicking::default_hook::h38856b877e172286
                               at /build/rustc-8kCV4J/rustc-1.61.0+dfsg1~llvm/library/std/src/panicking.rs:314:9
  10:     0x55563da08a6f - std::panicking::rust_panic_with_hook::h66309baf5235212f
                               at /build/rustc-8kCV4J/rustc-1.61.0+dfsg1~llvm/library/std/src/panicking.rs:698:17
  11:     0x55563da1b017 - std::panicking::begin_panic_handler::{{closure}}::h3a147548aa082356
                               at /build/rustc-8kCV4J/rustc-1.61.0+dfsg1~llvm/library/std/src/panicking.rs:588:13
  12:     0x55563da1adf4 - std::sys_common::backtrace::__rust_end_short_backtrace::hcc62583c733bef84
                               at /build/rustc-8kCV4J/rustc-1.61.0+dfsg1~llvm/library/std/src/sys_common/backtrace.rs:138:18
  13:     0x55563da08582 - rust_begin_unwind
                               at /build/rustc-8kCV4J/rustc-1.61.0+dfsg1~llvm/library/std/src/panicking.rs:584:5
  14:     0x55563d8ee973 - core::panicking::panic_fmt::h8531284c14f462dc
                               at /build/rustc-8kCV4J/rustc-1.61.0+dfsg1~llvm/library/core/src/panicking.rs:143:14
  15:     0x55563d8ee8b2 - core::panicking::panic_bounds_check::h9f510d970d59f22d
                               at /build/rustc-8kCV4J/rustc-1.61.0+dfsg1~llvm/library/core/src/panicking.rs:84:5
  16:     0x55563d8feacf - <fast_matcher::TraceFileIter as core::iter::traits::iterator::Iterator>::next::h5aa952cbe32e5bff
  17:     0x55563d8ff425 - fast_matcher::read_trace_file_get_ranges::hc3b401607fe4efaa
  18:     0x55563d91463f - std::sys_common::backtrace::__rust_begin_short_backtrace::hbdd86ee55c653b1e
  19:     0x55563d8f9dda - core::ops::function::FnOnce::call_once{{vtable.shim}}::h7ac58c52996f9834
  20:     0x55563da10c23 - <alloc::boxed::Box<F,A> as core::ops::function::FnOnce<Args>>::call_once::h7a33e384811e97c3
                               at /build/rustc-8kCV4J/rustc-1.61.0+dfsg1~llvm/library/alloc/src/boxed.rs:1861:9
  21:     0x55563da10c23 - <alloc::boxed::Box<F,A> as core::ops::function::FnOnce<Args>>::call_once::hb1bfedf78e9247f9
                               at /build/rustc-8kCV4J/rustc-1.61.0+dfsg1~llvm/library/alloc/src/boxed.rs:1861:9
  22:     0x55563da10c23 - std::sys::unix::thread::Thread::new::thread_start::hf16678870390ec65
                               at /build/rustc-8kCV4J/rustc-1.61.0+dfsg1~llvm/library/std/src/sys/unix/thread.rs:108:17
  23:     0x7f6c9111a609 - start_thread
                               at /build/glibc-SzIz7B/glibc-2.31/nptl/pthread_create.c:477:8
  24:     0x7f6c91039133 - clone
                               at /build/glibc-SzIz7B/glibc-2.31/misc/../sysdeps/unix/sysv/linux/x86_64/clone.S:95
  25:                0x0 - <unknown>
Done parsing traces... Now finding reached lines.
FOUND 6818 matches with /home/steffens/data/test-pipeline-linux-next2/BOOT_DO_BASIC/workdir_dh8535wk/target/smatch_warns.txt
sirmc commented 1 year ago
Seems like a malformatted fuzz_XXX.lst.lz4 file. Basically a line that does not follow the pattern A,B. I'll push some better error handling which prints the line that's causing the issue.
il-steffen commented 1 year ago
Fixed in #52.
intel / ccc-linux-guest-hardening

fast_matcher OOB? #51
