Closed schwehr closed 1 year ago
I have an idea where this could come from, but could you clarify how you are able to provide 3e844 as input? This is not a value that can be represented by a double. (or is it a typo and dit you mean 3e84?)
Never mind. This is of course the parsing from text to number by HARP itself. I will look into it.
This should be fixed with 2fc80f33612850eb01117e7d1df86563f0ca5018. Let me know if this is the case.
Thanks! That particular issue is resolved. And then it trips up on something else.
==9594==WARNING: MemorySanitizer: use-of-uninitialized-value
#0 0x563bc839f35f in vector3d_apply_euler_transformation libharp/harp-geometry-sphere-euler.c:233:13
#1 0x563bc839f35f in harp_spherical_point_apply_euler_transformation libharp/harp-geometry-sphere-euler.c:292:5
#2 0x563bc839d413 in harp_spherical_line_begin libharp/harp-geometry-sphere-line.c:142:5
#3 0x563bc839d413 in harp_spherical_line_spherical_line_relationship libharp/harp-geometry-sphere-line.c:202:5
#4 0x563bc8398917 in harp_spherical_polygon_check libharp/harp-geometry-sphere-polygon.c:236:28
#5 0x563bc839c5df in harp_spherical_polygon_from_latitude_longitude_bounds libharp/harp-geometry-sphere-polygon.c:1186:13
#6 0x563bc838dcd5 in add_latitude_longitude_bounds_to_area_mask libharp/harp-operation.c:114:13
#7 0x563bc838d9db in harp_operation_area_covers_area_filter_new libharp/harp-operation.c:1464:13
#8 0x563bc837a293 in harp_operation_parser_parse libharp/harp-operation-parser.y:612:17
#9 0x563bc837fb91 in harp_program_from_string libharp/harp-operation-parser.y:1702:9
The fuzzer code is super basic.
extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
const std::string operations(reinterpret_cast<const char *>(data), size);
harp_init();
auto done = absl::MakeCleanup([] { harp_done(); });
harp_program *program = nullptr;
if (harp_program_from_string(operations.c_str(), &program) != 0) {
return 0;
}
harp_program_delete(program);
return 0;
}
Should be fixed in e9936e24a5f4760cbd7cc5c4b3586677383c37c5
That's all of them. Much appreciated
This is just a sign that something isn't being error checked that should. The fuzzer derived junk input is:
Stack trace: