Open asarubbo opened 7 years ago
When snzip tries to read a malfomed archive, it fail to allocate the memory. Output:
Ȥ�==12351==WARNING: AddressSanitizer failed to allocate 0xffffffffc8617364 bytes ==12351==AddressSanitizer's allocator is terminating the process instead of returning 0 ==12351==If you don't like this behavior set allocator_may_return_null=1 ==12351==AddressSanitizer CHECK failed: /var/tmp/portage/sys-devel/llvm-3.8.1-r2/work/llvm-3.8.1.src/projects/compiler-rt/lib/sanitizer_common/sanitizer_allocator.cc:147 "((0)) != (0)" (0x0, 0x0) #0 0x4ca7ed in AsanCheckFailed /var/tmp/portage/sys-devel/llvm-3.8.1-r2/work/llvm-3.8.1.src/projects/compiler-rt/lib/asan/asan_rtl.cc:67 #1 0x4d1323 in __sanitizer::CheckFailed(char const*, int, char const*, unsigned long long, unsigned long long) /var/tmp/portage/sys-devel/llvm-3.8.1-r2/work/llvm-3.8.1.src/projects/compiler-rt/lib/sanitizer_common/sanitizer_common.cc:159 #2 0x4cf076 in __sanitizer::ReportAllocatorCannotReturnNull() /var/tmp/portage/sys-devel/llvm-3.8.1-r2/work/llvm-3.8.1.src/projects/compiler-rt/lib/sanitizer_common/sanitizer_allocator.cc:147 #3 0x424896 in __sanitizer::CombinedAllocator<__sanitizer::SizeClassAllocator64<105553116266496ul, 4398046511104ul, 0ul, __sanitizer::SizeClassMap<17ul, 128ul, 16ul>, __asan::AsanMapUnmapCallback>, __sanitizer::SizeClassAllocatorLocalCache<__sanitizer::SizeClassAllocator64<105553116266496ul, 4398046511104ul, 0ul, __sanitizer::SizeClassMap<17ul, 128ul, 16ul>, __asan::AsanMapUnmapCallback> >, __sanitizer::LargeMmapAllocator<__asan::AsanMapUnmapCallback> >::ReturnNullOrDie() /var/tmp/portage/sys-devel/llvm-3.8.1-r2/work/llvm-3.8.1.src/projects/compiler-rt/lib/asan/../sanitizer_common/sanitizer_allocator.h:1317 #4 0x424896 in __asan::Allocator::Allocate(unsigned long, unsigned long, __sanitizer::BufferedStackTrace*, __asan::AllocType, bool) /var/tmp/portage/sys-devel/llvm-3.8.1-r2/work/llvm-3.8.1.src/projects/compiler-rt/lib/asan/asan_allocator.cc:359 #5 0x4205bd in __asan::Allocator::Reallocate(void*, unsigned long, __sanitizer::BufferedStackTrace*) /var/tmp/portage/sys-devel/llvm-3.8.1-r2/work/llvm-3.8.1.src/projects/compiler-rt/lib/asan/asan_allocator.cc:539 #6 0x4205bd in __asan::asan_realloc(void*, unsigned long, __sanitizer::BufferedStackTrace*) /var/tmp/portage/sys-devel/llvm-3.8.1-r2/work/llvm-3.8.1.src/projects/compiler-rt/lib/asan/asan_allocator.cc:732 #7 0x4c1231 in realloc /var/tmp/portage/sys-devel/llvm-3.8.1-r2/work/llvm-3.8.1.src/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:79 #8 0x4fe72c in work_buffer_resize /tmp/portage/app-arch/snzip-1.0.3/work/snzip-1.0.3/snzip.c:584:13 #9 0x51667b in snappy_java_uncompress /tmp/portage/app-arch/snzip-1.0.3/work/snzip-1.0.3/snappy-java-format.c:193:7 #10 0x4f68ea in main /tmp/portage/app-arch/snzip-1.0.3/work/snzip-1.0.3/snzip.c:401:11 #11 0x7fcbabbd261f in __libc_start_main /var/tmp/portage/sys-libs/glibc-2.22-r4/work/glibc-2.22/csu/libc-start.c:289 #12 0x419988 in _init (/usr/bin/snzip+0x419988)
Attaching the testcase which causes the failure: 10.crashes.zip
When snzip tries to read a malfomed archive, it fail to allocate the memory. Output:
Attaching the testcase which causes the failure: 10.crashes.zip