I am an undergraduate student exploring automatic harness generation for open source API's. I found a segmentation fault that occurs in list_empty upon a malformed input. The program this occurs in is below:
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /home/gabesherman/harness_test/AutoHarn-Evaluation/fyaml/lib_asan/src/lib/fy-doc.c:1368:51 in
AddressSanitizer:DEADLYSIGNAL
=================================================================
==3364649==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000050 (pc 0x55555572142b bp 0x000000000001 sp 0x7fffffffbb70 T0)
==3364649==The signal is caused by a READ memory access.
==3364649==Hint: address points to the zero page.
#0 0x55555572142b in list_empty /home/gabesherman/harness_test/AutoHarn-Evaluation/fyaml/lib_asan/src/util/fy-list.h:198:20
#1 0x55555572142b in fy_node_pair_list_empty /home/gabesherman/harness_test/AutoHarn-Evaluation/fyaml/lib_asan/src/lib/fy-doc.h:54:1
#2 0x55555572142b in fy_node_pair_list_head /home/gabesherman/harness_test/AutoHarn-Evaluation/fyaml/lib_asan/src/lib/fy-doc.h:54:1
#3 0x55555572537c in fy_node_mapping_get_pair_index /home/gabesherman/harness_test/AutoHarn-Evaluation/fyaml/lib_asan/src/lib/fy-doc.c:1368:22
#4 0x5555557233e7 in fy_node_mapping_sort_cmp_default /home/gabesherman/harness_test/AutoHarn-Evaluation/fyaml/lib_asan/src/lib/fy-doc.c:5825:10
#5 0x5555556badbb in qsort_r (/home/gabesherman/harness_test/AutoHarn-Results/fyaml/autoharn-01/harness+0x166dbb) (BuildId: 738b775c2033ed05aecfab23edb7345df370ad68)
#6 0x55555572450e in fy_node_mapping_perform_sort /home/gabesherman/harness_test/AutoHarn-Evaluation/fyaml/lib_asan/src/lib/fy-doc.c:5875:2
#7 0x5555557227da in fy_node_compare_user /home/gabesherman/harness_test/AutoHarn-Evaluation/fyaml/lib_asan/src/lib/fy-doc.c:1244:3
#8 0x5555557251c8 in fy_node_compare /home/gabesherman/harness_test/AutoHarn-Evaluation/fyaml/lib_asan/src/lib/fy-doc.c:1284:9
#9 0x5555557251c8 in fy_node_mapping_lookup_pair /home/gabesherman/harness_test/AutoHarn-Evaluation/fyaml/lib_asan/src/lib/fy-doc.c:1353:8
#10 0x555555757a6c in fy_node_mapping_key_is_duplicate /home/gabesherman/harness_test/AutoHarn-Evaluation/fyaml/lib_asan/src/lib/fy-doc.c:1380:9
#11 0x555555757a6c in fy_parse_document_load_mapping /home/gabesherman/harness_test/AutoHarn-Evaluation/fyaml/lib_asan/src/lib/fy-doc.c:1647:16
#12 0x555555726b9b in fy_parse_document_load_node /home/gabesherman/harness_test/AutoHarn-Evaluation/fyaml/lib_asan/src/lib/fy-doc.c:1769:9
#13 0x555555741a6b in fy_document_load_node /home/gabesherman/harness_test/AutoHarn-Evaluation/fyaml/lib_asan/src/lib/fy-doc.c:5082:7
#14 0x555555741a6b in fy_node_build_internal /home/gabesherman/harness_test/AutoHarn-Evaluation/fyaml/lib_asan/src/lib/fy-doc.c:5132:8
#15 0x55555574260c in fy_node_build_from_file /home/gabesherman/harness_test/AutoHarn-Evaluation/fyaml/lib_asan/src/lib/fy-doc.c:5197:9
#16 0x555555717215 in main /home/gabesherman/harness_test/AutoHarn-Results/fyaml/autoharn-01/harness.c:18:50
#17 0x7ffff7c29d8f in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16
#18 0x7ffff7c29e3f in __libc_start_main csu/../csu/libc-start.c:392:3
#19 0x5555556593e4 in _start (/home/gabesherman/harness_test/AutoHarn-Results/fyaml/autoharn-01/harness+0x1053e4) (BuildId: 738b775c2033ed05aecfab23edb7345df370ad68)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /home/gabesherman/harness_test/AutoHarn-Evaluation/fyaml/lib_asan/src/util/fy-list.h:198:20 in list_empty
==3364649==ABORTING
I am an undergraduate student exploring automatic harness generation for open source API's. I found a segmentation fault that occurs in list_empty upon a malformed input. The program this occurs in is below:
Test Environment
Ubuntu 22.04, 64bit
How to trigger
./filename poc
Version
Latest: 1f520e6717113136763cd4485bebfb51fde6a41e
POC File
https://github.com/FuturesLab/POC/blob/main/fyaml/poc-01
Address Sanitizer Output