The above input file leads to a segfault in c2m update_call_arg_area_offset.
Found while fuzzing d51b45f6c76d2ca03a5b2e1968c195b867eaed30, verified with cf3c9c106afdda59c402bdd40e61241aa20a755d
AddressSanitizer:DEADLYSIGNAL
=================================================================
==1447396==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000020 (pc 0x55a3bc63b869 bp 0x000000000001 sp 0x7fd4e3afb7c0 T1)
==1447396==The signal is caused by a READ memory access.
==1447396==Hint: address points to the zero page.
#0 0x55a3bc63b868 in update_call_arg_area_offset c2mir/c2mir.c:8125
#1 0x55a3bc6bf7b6 in check c2mir/c2mir.c:9065
#2 0x55a3bc6d5a35 in create_decl c2mir/c2mir.c:7798
#3 0x55a3bc6b35c7 in check c2mir/c2mir.c:9159
#4 0x55a3bc6b6b1f in check c2mir/c2mir.c:8286
#5 0x55a3bc6b6099 in check c2mir/c2mir.c:9431
#6 0x55a3bc6f9314 in do_context c2mir/c2mir.c:9697
#7 0x55a3bc6f9314 in c2mir_compile c2mir/c2mir.c:13481
#8 0x55a3bc6fcd6a in compile c2mir/c2mir-driver.c:498
#9 0x7fd4e7154608 in start_thread /build/glibc-SzIz7B/glibc-2.31/nptl/pthread_create.c:477
#10 0x7fd4e7079132 in __clone (/lib/x86_64-linux-gnu/libc.so.6+0x11f132)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV c2mir/c2mir.c:8125 in update_call_arg_area_offset
Thread T1 created by T0 here:
#0 0x7fd4e72fe815 in __interceptor_pthread_create ../../../../src/libsanitizer/asan/asan_interceptors.cc:208
#1 0x55a3bc6116f8 in init_compilers c2mir/c2mir-driver.c:540
#2 0x55a3bc6116f8 in main c2mir/c2mir-driver.c:656
==1447396==ABORTING
vnmakarov
commented
11 months ago
The above input file leads to a segfault in c2m
update_call_arg_area_offset. Found while fuzzing d51b45f6c76d2ca03a5b2e1968c195b867eaed30, verified with cf3c9c106afdda59c402bdd40e61241aa20a755d