search

vnmakarov / mir

A lightweight JIT compiler based on MIR (Medium Internal Representation) and C11 JIT compiler and interpreter based on MIR
MIT License
2.24k stars 145 forks source link

Segfault in `classify_node` #362

Open clesmian opened 11 months ago

clesmian commented 11 months ago

When executing c2m on poc.txt, a segfault occurs

POC

n(){
   char* p;
   int m={};
}

ASAN Output

poc:3:16: warning -- empty initializer list                                                                                                AddressSanitizer:DEADLYSIGNAL
=================================================================
==1993431==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x55747d0e3b5f bp 0x0ff417ddcb05 sp 0x7fa0beee1270 T1)                                                                       ==1993431==The signal is caused by a READ memory access.
==1993431==Hint: address points to the zero page.                                                         #0 0x55747d0e3b5e in classify_node c2mir/c2mir.c:8137
    #1 0x55747d0e3b5e in gen c2mir/c2mir.c:11622                                                          #2 0x55747d0fec30 in gen_initializer c2mir/c2mir.c:11376
    #3 0x55747d0fa5bb in gen c2mir/c2mir.c:12364                                                          #4 0x55747d0e9e85 in gen c2mir/c2mir.c:11631
    #5 0x55747d0ea86e in gen c2mir/c2mir.c:12492
    #6 0x55747d0efca2 in gen c2mir/c2mir.c:12454                                                          #7 0x55747d0e9e85 in gen c2mir/c2mir.c:11631                                                          #8 0x55747d0ea86e in gen c2mir/c2mir.c:12492
    #9 0x55747d103e24 in top_gen c2mir/c2mir.c:10551
    #10 0x55747d103e24 in gen_mir c2mir/c2mir.c:12881
    #11 0x55747d103e24 in c2mir_compile c2mir/c2mir.c:13492
    #12 0x55747d108d6a in compile c2mir/c2mir-driver.c:498
    #13 0x7fa0c255f608 in start_thread /build/glibc-SzIz7B/glibc-2.31/nptl/pthread_create.c:477
    #14 0x7fa0c2484132 in __clone (/lib/x86_64-linux-gnu/libc.so.6+0x11f132)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV c2mir/c2mir.c:8137 in classify_node
Thread T1 created by T0 here:
    #0 0x7fa0c2709815 in __interceptor_pthread_create ../../../../src/libsanitizer/asan/asan_interceptors.cc:208                                                                                                #1 0x55747d01d6f8 in init_compilers c2mir/c2mir-driver.c:540
    #2 0x55747d01d6f8 in main c2mir/c2mir-driver.c:656
                                                                                                      ==1993431==ABORTING

Found while fuzzing https://github.com/vnmakarov/mir/commit/d51b45f6c76d2ca03a5b2e1968c195b867eaed30, verified with https://github.com/vnmakarov/mir/commit/cf3c9c106afdda59c402bdd40e61241aa20a755d

vnmakarov commented 11 months ago

I fixed this one by https://github.com/vnmakarov/mir/commit/61b7add1470c00346685fa2ddb47947e681beac8