search

uNetworking / uWebSockets

Simple, secure & standards compliant web server for the most demanding of applications
Apache License 2.0
17.44k stars 1.76k forks source link

Fix fuzzing build #1798

Open uNetworkingAB opened 3 weeks ago

uNetworkingAB commented 3 weeks ago

Fails build check on oss-fuzz but runs fine here on GH actions

uNetworkingAB commented 3 weeks ago

Step #31 - "build-check-libfuzzer-undefined-x86_64": Broken fuzz targets 3 Step #31 - "build-check-libfuzzer-undefined-x86_64": ('/tmp/not-out/tmp41mq4di0/EpollHelloWorld', CompletedProcess(args=['bad_build_check', '/tmp/not-out/tmp41mq4di0/EpollHelloWorld'], returncode=1, stdout=b"BAD BUILD: /tmp/not-out/tmp41mq4di0/EpollHelloWorld seems to have either startup crash or exit:\nvm.mmap_rnd_bits = 28\n/tmp/not-out/tmp41mq4di0/EpollHelloWorld -rss_limit_mb=2560 -timeout=25 -seed=1337 -runs=4 -dict=EpollHelloWorld.dict < /dev/null\nDictionary: 12 entries\nINFO: Running with entropic power schedule (0xFF, 100).\nINFO: Seed: 1337\nINFO: Loaded 1 modules (6321 inline 8-bit counters): 6321 [0x55cccd59c648, 0x55cccd59def9), \nINFO: Loaded 1 PC tables (6321 PCs): 6321 [0x55cccd59df00,0x55cccd5b6a10), \nINFO: -max_len is not provided; libFuzzer will not generate inputs larger than 4096 bytes\nEpollHelloWorld.cpp:20:20: runtime error: upcast of address 0x7ffcee3b6668 with insufficient space for an object of type 'uWS::CachingApp'\n0x7ffcee3b6668: note: pointer points here\n 00 00 00 00 40 ed 5b ce cc 55 00 00 f0 ff 5b ce cc 55 00 00 10 00 5c ce cc 55 00 00 10 00 5c ce\n ^ \n #0 0x55cccd47534a in test() /src/uWebSockets/fuzzing/EpollHelloWorld.cpp:20:20\n #1 0x55cccd4730ad in LLVMFuzzerTestOneInput /src/uWebSockets/fuzzing/./libEpollFuzzer/epoll_fuzzer.h:740:2\n #2 0x55cccd3d5690 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:614:13\n #3 0x55cccd3d6ba1 in fuzzer::Fuzzer::ReadAndExecuteSeedCorpora(std::Fuzzer::vector<fuzzer::SizedFile, std::Fuzzer::allocator>&) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:807:3\n #4 0x55cccd3d7132 in fuzzer::Fuzzer::Loop(std::Fuzzer::vector<fuzzer::SizedFile, std::Fuzzer::allocator>&) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:867:3\n #5 0x55cccd3c626b in fuzzer::FuzzerDriver(int, char**, int ()(unsigned char const, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:914:6\n #6 0x55cccd3f1642 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10\n #7 0x7f5b840ce082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 0702430aef5fa3dda43986563e9ffcc47efbd75e)\n #8 0x55cccd3b8aed in _start (/tmp/not-out/tmp41mq4di0/EpollHelloWorld+0x5faed)\n\nDEDUP_TOKEN: test()--LLVMFuzzerTestOneInput--fuzzer::Fuzzer::ExecuteCallback(unsigned char const, unsigned long)\nSUMMARY: UndefinedBehaviorSanitizer: undefined-behavior EpollHelloWorld.cpp:20:20 \nMS: 0 ; base unit: 0000000000000000000000000000000000000000\n\n\nartifact_prefix='./'; Test unit written to ./crash-da39a3ee5e6b4b0d3255bfef95601890afd80709\nBase64: \n", stderr=b'')) Step #31 - "build-check-libfuzzer-undefined-x86_64": BAD BUILD: /tmp/not-out/tmp41mq4di0/EpollHelloWorld seems to have either startup crash or exit: Step #31 - "build-check-libfuzzer-undefined-x86_64": vm.mmap_rnd_bits = 28 Step #31 - "build-check-libfuzzer-undefined-x86_64": /tmp/not-out/tmp41mq4di0/EpollHelloWorld -rss_limit_mb=2560 -timeout=25 -seed=1337 -runs=4 -dict=EpollHelloWorld.dict < /dev/null

uNetworkingAB commented 3 weeks ago

UndefinedBehaviorSanitizer is freaking out about EpollHelloWorld.cpp:20:20: runtime error: upcast of address 0x7ffcee3b6668 with insufficient space for an object of type 'uWS::CachingApp'\n0x7ffcee3b6668: note: pointer points here\n 00 00 00 00 40 ed 5b ce cc 55 00 00 f0 ff 5b ce cc 55 00 00 10 00 5c ce cc 55 00 00 10 00 5c ce\n ^ \n #0 0x55cccd47534a in test() /src/uWebSockets/fuzzing/EpollHelloWorld.cpp:20:20