Closed Halcy0nic closed 6 days ago
Thank you for your comment. I unzipped the ZIP file, but the file could not be read. Please send it again.
Hi @sasagawa888
Similar to #75, if you unzip the file it should have a folder inside named reproduction:
$ wget https://github.com/sasagawa888/nprolog/files/11793855/reproduction.zip
$ unzip reproduction.zip
$ cd reproduction
$ ls
add_data.pl b_consult_null_deref.pl deref-crash.pl null-pointer-deref.pl o_define_crash.pl prove_all_crash.pl
The contents of the script may not be human readable, because the actual bytes were modified by the fuzzer. The scripts can still be executed by running the following:
$ npl -s [any file in the reproduction directory]
For example:
$ cat null-pointer-deref.pl
:-@;f>jlD.
$ xxd null-pointer-deref.pl
00000000: 3a2d 0040 3b66 3e6a 6c44 2e0a :-.@;f>jlD.
$ ./npl -s null-pointer-deref.pl
==3736178==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x000000000000 bp 0x00000000001c sp 0x7ffe8d907a68 T0)
==3736178==Hint: pc points to the zero page.
==3736178==The signal is caused by a READ memory access.
==3736178==Hint: address points to the zero page.
#0 0x0 (<unknown module>)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV (<unknown module>)
==3736178==ABORTING
Let me know if that helps. Thanks!
I see. I will try.
Most of the bugs have been fixed.
Hi @sasagawa888!
I compiled the most recent version of nprolog (Ver 1.94) and added it to my fuzz tests. It looks like there are a couple memory corruption issues at various locations. I have attached a zip archive named reproduction.zip for replication:
reproduction.zip
Note: Here is the Makefile I used to compile npl with address sanitizer for debugging
Out-of-bounds read in add_data at data.c
Reproduction
GDB Output
GDB Backtrace
ASAN Output
Out of bounds read in prove_all at main.c
Reproduction
GDB Output
GDB Backtrace
ASAN Output
Stack overflow in deref at data.c
Reproduction
GDB Output
GDB Backtrace
ASAN Output
Null pointer dereference in prove at main.c
Reproduction
GDB Output
GDB Backtrace
ASAN Output
Null pointer dereference in b_consult at builtin.c
Reproduction
GDB Output
GDB Backtrace
ASAN Output
Out-of-bounds read in o_define at builtin.c
Reproduction
GDB Output
GDB Backtrace
ASAN Output