Comments (8)
kcc
commented on May 4, 2024
Hi,
Your code does not look like a fuzz target.
https://github.com/google/fuzzing/blob/master/docs/good-fuzz-target.md
from fuzzing.
akhikolla
commented on May 4, 2024
That's is a minimal reproducible example. I am using google like testharness making a call to the functions that have issues like use after free, use after deallocate, uninitialized values, read and write out of bound.
If you notice trace number 8 makes a call to LLVMFuzzerTestOneInput
#8 0x5659ea in LLVMFuzzerTestOneInput (/home/akhila/RcppDeepStateTest/rinside/inst/examples/standard/rinside_sample0+0x5659ea)
#5 0x55de16 in DeepState_Test_testSAN_deepstate_test_rcpp_read_out_of_bound_test() /home/akhila/RcppDeepStateTest/rinside/inst/examples/standard/rinside_sample0.cpp:26:5
#6 0x55816a in DeepState_Run_testSAN_deepstate_test_rcpp_read_out_of_bound_test() /home/akhila/RcppDeepStateTest/rinside/inst/examples/standard/rinside_sample0.cpp:19:1
#7 0x565bd7 in DeepState_RunTestNoFork (/home/akhila/RcppDeepStateTest/rinside/inst/examples/standard/rinside_sample0+0x565bd7)
#8 0x5659ea in LLVMFuzzerTestOneInput (/home/akhila/RcppDeepStateTest/rinside/inst/examples/standard/rinside_sample0+0x5659ea)
#9 0x4605c1 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/home/akhila/RcppDeepStateTest/rinside/inst/examples/standard/rinside_sample0+0x4605c1)
The issue is with a call to RInside(RInside R;). I don't under why libfuzzer finds an error here.
from fuzzing.
akhikolla
commented on May 4, 2024
When I make a call to the below testharness
#include <RInside.h>
#include <iostream>
#include <DeepState.hpp>
TEST(testSAN_deepstate_test,rcpp_read_out_of_bound_test){
//RInside R; //this is needed to interface with R
int *stack_array = new int[100];
std::cout << "Issue :" << stack_array[101] << std::endl;
}
This code works fine without any issues(RInside stack trace) giving me the output of read memory access as expected.
But when I run the code using the RInside R; it shows the above trace which I posted without showing me an exact error.
> RcppDeepStateTools::deepstate_pkg_create_LibFuzzer(path)
[1] "rm -f *.o && make -f /home/akhila/R/x86_64-pc-linux-gnu-library/3.6/RcppDeepState/testpkgs/testSAN/inst/testfiles/rcpp_read_out_of_bound/libfuzz.Makefile"
clang++ -g -fsanitize=address,fuzzer -I/usr/share/R/include -I/home/akhila/R/x86_64-pc-linux-gnu-library/3.6/Rcpp/include -I/home/akhila/R/x86_64-pc-linux-gnu-library/3.6/RcppArmadillo/include -I/home/akhila/R/x86_64-pc-linux-gnu-library/3.6/qs/include -I/home/akhila/R/x86_64-pc-linux-gnu-library/3.6/RInside/include -I/home/akhila/R/x86_64-pc-linux-gnu-library/3.6/RcppDeepState/include /home/akhila/R/x86_64-pc-linux-gnu-library/3.6/RcppDeepState/testpkgs/testSAN/inst/testfiles/rcpp_read_out_of_bound/rcpp_read_out_of_bound_DeepState_TestHarness.cpp -o /home/akhila/R/x86_64-pc-linux-gnu-library/3.6/RcppDeepState/testpkgs/testSAN/inst/testfiles/rcpp_read_out_of_bound/rcpp_read_out_of_bound_DeepState_TestHarness_LF.o -c
clang++ -g -fsanitize=address,fuzzer -o /home/akhila/R/x86_64-pc-linux-gnu-library/3.6/RcppDeepState/testpkgs/testSAN/inst/testfiles/rcpp_read_out_of_bound/rcpp_read_out_of_bound_DeepState_TestHarness_LF /home/akhila/R/x86_64-pc-linux-gnu-library/3.6/RcppDeepState/testpkgs/testSAN/inst/testfiles/rcpp_read_out_of_bound/rcpp_read_out_of_bound_DeepState_TestHarness_LF.o -I/home/akhila/R/x86_64-pc-linux-gnu-library/3.6/RcppDeepState/include -I/home/akhila/.RcppDeepState/deepstate-master/build_libfuzzer -I/home/akhila/.RcppDeepState/deepstate-master/src/include -L/home/akhila/R/x86_64-pc-linux-gnu-library/3.6/RInside/lib -Wl,-rpath=/home/akhila/R/x86_64-pc-linux-gnu-library/3.6/RInside/lib -L/usr/share/R/lib -Wl,-rpath=/usr/share/R/lib -L/home/akhila/.RcppDeepState/deepstate-master/build_libfuzzer -Wl,-rpath=/home/akhila/.RcppDeepState/deepstate-master/build_libfuzzer -lR -lRInside -ldeepstate -ldeepstate_LF -I/usr/share/R/include -I/home/akhila/R/x86_64-pc-linux-gnu-library/3.6/Rcpp/include -I/home/akhila/R/x86_64-pc-linux-gnu-library/3.6/RcppArmadillo/include -I/home/akhila/.RcppDeepState/deepstate-master/src/include /home/akhila/R/x86_64-pc-linux-gnu-library/3.6/RcppDeepState/testpkgs/testSAN/src/*.cpp
cd /home/akhila/R/x86_64-pc-linux-gnu-library/3.6/RcppDeepState/testpkgs/testSAN/inst/testfiles/rcpp_read_out_of_bound && ./rcpp_read_out_of_bound_DeepState_TestHarness_LF --fuzz --fuzz_save_passing
DEBUG: INFO: libFuzzer ignores flags that start with '--'
DEBUG: INFO: Seed: 2900772768
DEBUG: INFO: Loaded 1 modules (1721 inline 8-bit counters):
DEBUG: 1721 [6068c0, 606f79),
DEBUG:
DEBUG: INFO: Loaded 1 PC tables (1721 PCs):
DEBUG: 1721 [5b6498,5bd028),
DEBUG:
DEBUG: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 4096 bytes
1604430881 seconds since 01-Jan-1970
input starts
string_files : /home/akhila/R/x86_64-pc-linux-gnu-library/3.6/RcppDeepState/testpkgs/testSAN/inst/testfiles/rcpp_read_out_of_bound/afl_inputs/1604430881_rbound
rbound values: 0
input ends
1604430881 seconds since 01-Jan-1970
input starts
string_files : /home/akhila/R/x86_64-pc-linux-gnu-library/3.6/RcppDeepState/testpkgs/testSAN/inst/testfiles/rcpp_read_out_of_bound/afl_inputs/1604430881_rbound
rbound values: 167772160
input ends
AddressSanitizer:DEADLYSIGNAL
=================================================================
==2255716==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6140000001d4 at pc 0x00000055f756 bp 0x7ffedc6bcc70 sp 0x7ffedc6bcc68
READ of size 4 at 0x6140000001d4 thread T0
#0 0x55f755 in DeepState_Test_testSAN_deepstate_test_rcpp_read_out_of_bound_test() /home/akhila/R/x86_64-pc-linux-gnu-library/3.6/RcppDeepState/testpkgs/testSAN/inst/testfiles/rcpp_read_out_of_bound/rcpp_read_out_of_bound_DeepState_TestHarness.cpp:27:28
#1 0x557db8 in DeepState_Run_testSAN_deepstate_test_rcpp_read_out_of_bound_test() /home/akhila/R/x86_64-pc-linux-gnu-library/3.6/RcppDeepState/testpkgs/testSAN/inst/testfiles/rcpp_read_out_of_bound/rcpp_read_out_of_bound_DeepState_TestHarness.cpp:11:1
#2 0x571c97 in DeepState_RunTestNoFork (/home/akhila/R/x86_64-pc-linux-gnu-library/3.6/RcppDeepState/testpkgs/testSAN/inst/testfiles/rcpp_read_out_of_bound/rcpp_read_out_of_bound_DeepState_TestHarness_LF+0x571c97)
#3 0x571aaa in LLVMFuzzerTestOneInput (/home/akhila/R/x86_64-pc-linux-gnu-library/3.6/RcppDeepState/testpkgs/testSAN/inst/testfiles/rcpp_read_out_of_bound/rcpp_read_out_of_bound_DeepState_TestHarness_LF+0x571aaa)
#4 0x460211 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/home/akhila/R/x86_64-pc-linux-gnu-library/3.6/RcppDeepState/testpkgs/testSAN/inst/testfiles/rcpp_read_out_of_bound/rcpp_read_out_of_bound_DeepState_TestHarness_LF+0x460211)
#5 0x461f4a in fuzzer::Fuzzer::ReadAndExecuteSeedCorpora(std::__Fuzzer::vector<fuzzer::SizedFile, fuzzer::fuzzer_allocator<fuzzer::SizedFile> >&) (/home/akhila/R/x86_64-pc-linux-gnu-library/3.6/RcppDeepState/testpkgs/testSAN/inst/testfiles/rcpp_read_out_of_bound/rcpp_read_out_of_bound_DeepState_TestHarness_LF+0x461f4a)
#6 0x4625d9 in fuzzer::Fuzzer::Loop(std::__Fuzzer::vector<fuzzer::SizedFile, fuzzer::fuzzer_allocator<fuzzer::SizedFile> >&) (/home/akhila/R/x86_64-pc-linux-gnu-library/3.6/RcppDeepState/testpkgs/testSAN/inst/testfiles/rcpp_read_out_of_bound/rcpp_read_out_of_bound_DeepState_TestHarness_LF+0x4625d9)
#7 0x4512ae in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/home/akhila/R/x86_64-pc-linux-gnu-library/3.6/RcppDeepState/testpkgs/testSAN/inst/testfiles/rcpp_read_out_of_bound/rcpp_read_out_of_bound_DeepState_TestHarness_LF+0x4512ae)
#8 0x47a0f2 in main (/home/akhila/R/x86_64-pc-linux-gnu-library/3.6/RcppDeepState/testpkgs/testSAN/inst/testfiles/rcpp_read_out_of_bound/rcpp_read_out_of_bound_DeepState_TestHarness_LF+0x47a0f2)
#9 0x7fdea5f890b2 in __libc_start_main /build/glibc-ZN95T4/glibc-2.31/csu/../csu/libc-start.c:308:16
#10 0x42604d in _start (/home/akhila/R/x86_64-pc-linux-gnu-library/3.6/RcppDeepState/testpkgs/testSAN/inst/testfiles/rcpp_read_out_of_bound/rcpp_read_out_of_bound_DeepState_TestHarness_LF+0x42604d)
0x6140000001d4 is located 4 bytes to the right of 400-byte region [0x614000000040,0x6140000001d0)
allocated by thread T0 here:
#0 0x5555dd in operator new[](unsigned long) (/home/akhila/R/x86_64-pc-linux-gnu-library/3.6/RcppDeepState/testpkgs/testSAN/inst/testfiles/rcpp_read_out_of_bound/rcpp_read_out_of_bound_DeepState_TestHarness_LF+0x5555dd)
#1 0x55f6bd in DeepState_Test_testSAN_deepstate_test_rcpp_read_out_of_bound_test() /home/akhila/R/x86_64-pc-linux-gnu-library/3.6/RcppDeepState/testpkgs/testSAN/inst/testfiles/rcpp_read_out_of_bound/rcpp_read_out_of_bound_DeepState_TestHarness.cpp:26:26
#2 0x557db8 in DeepState_Run_testSAN_deepstate_test_rcpp_read_out_of_bound_test() /home/akhila/R/x86_64-pc-linux-gnu-library/3.6/RcppDeepState/testpkgs/testSAN/inst/testfiles/rcpp_read_out_of_bound/rcpp_read_out_of_bound_DeepState_TestHarness.cpp:11:1
#3 0x571c97 in DeepState_RunTestNoFork (/home/akhila/R/x86_64-pc-linux-gnu-library/3.6/RcppDeepState/testpkgs/testSAN/inst/testfiles/rcpp_read_out_of_bound/rcpp_read_out_of_bound_DeepState_TestHarness_LF+0x571c97)
#4 0x461f4a in fuzzer::Fuzzer::ReadAndExecuteSeedCorpora(std::__Fuzzer::vector<fuzzer::SizedFile, fuzzer::fuzzer_allocator<fuzzer::SizedFile> >&) (/home/akhila/R/x86_64-pc-linux-gnu-library/3.6/RcppDeepState/testpkgs/testSAN/inst/testfiles/rcpp_read_out_of_bound/rcpp_read_out_of_bound_DeepState_TestHarness_LF+0x461f4a)
#5 0x4625d9 in fuzzer::Fuzzer::Loop(std::__Fuzzer::vector<fuzzer::SizedFile, fuzzer::fuzzer_allocator<fuzzer::SizedFile> >&) (/home/akhila/R/x86_64-pc-linux-gnu-library/3.6/RcppDeepState/testpkgs/testSAN/inst/testfiles/rcpp_read_out_of_bound/rcpp_read_out_of_bound_DeepState_TestHarness_LF+0x4625d9)
#6 0x4512ae in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/home/akhila/R/x86_64-pc-linux-gnu-library/3.6/RcppDeepState/testpkgs/testSAN/inst/testfiles/rcpp_read_out_of_bound/rcpp_read_out_of_bound_DeepState_TestHarness_LF+0x4512ae)
#7 0x47a0f2 in main (/home/akhila/R/x86_64-pc-linux-gnu-library/3.6/RcppDeepState/testpkgs/testSAN/inst/testfiles/rcpp_read_out_of_bound/rcpp_read_out_of_bound_DeepState_TestHarness_LF+0x47a0f2)
#8 0x7fdea5f890b2 in __libc_start_main /build/glibc-ZN95T4/glibc-2.31/csu/../csu/libc-start.c:308:16
SUMMARY: AddressSanitizer: heap-buffer-overflow /home/akhila/R/x86_64-pc-linux-gnu-library/3.6/RcppDeepState/testpkgs/testSAN/inst/testfiles/rcpp_read_out_of_bound/rcpp_read_out_of_bound_DeepState_TestHarness.cpp:27:28 in DeepState_Test_testSAN_deepstate_test_rcpp_read_out_of_bound_test()
Shadow bytes around the buggy address:
0x0c287fff7fe0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c287fff7ff0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c287fff8000: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00
0x0c287fff8010: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c287fff8020: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0c287fff8030: 00 00 00 00 00 00 00 00 00 00[fa]fa fa fa fa fa
0x0c287fff8040: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c287fff8050: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c287fff8060: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c287fff8070: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c287fff8080: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
==2255716==ABORTING
make: *** [libfuzz.Makefile:5: /home/akhila/R/x86_64-pc-linux-gnu-library/3.6/RcppDeepState/testpkgs/testSAN/inst/testfiles/rcpp_read_out_of_bound/libfuzzer_rcpp_read_out_of_bound_log] Error 1
can you please explain what does the error trace mean?
#0 0x52ec61 in __sanitizer_print_stack_trace (/home/akhila/RcppDeepStateTest/rinside/inst/examples/standard/rinside_sample0+0x52ec61)
#1 0x479db8 in fuzzer::PrintStackTrace() (/home/akhila/RcppDeepStateTest/rinside/inst/examples/standard/rinside_sample0+0x479db8)
#2 0x45efbc in fuzzer::Fuzzer::ExitCallback() (/home/akhila/RcppDeepStateTest/rinside/inst/examples/standard/rinside_sample0+0x45efbc)
#3 0x7f608b67da26 in __run_exit_handlers /build/glibc-ZN95T4/glibc-2.31/stdlib/exit.c:108:8
#4 0x7f608b67dbdf in exit /build/glibc-ZN95T4/glibc-2.31/stdlib/exit.c:139:3
#5 0x55de16 in DeepState_Test_testSAN_deepstate_test_rcpp_read_out_of_bound_test() /home/akhila/RcppDeepStateTest/rinside/inst/examples/standard/rinside_sample0.cpp:26:5
#6 0x55816a in DeepState_Run_testSAN_deepstate_test_rcpp_read_out_of_bound_test() /home/akhila/RcppDeepStateTest/rinside/inst/examples/standard/rinside_sample0.cpp:19:1
#7 0x565bd7 in DeepState_RunTestNoFork (/home/akhila/RcppDeepStateTest/rinside/inst/examples/standard/rinside_sample0+0x565bd7)
#8 0x5659ea in LLVMFuzzerTestOneInput (/home/akhila/RcppDeepStateTest/rinside/inst/examples/standard/rinside_sample0+0x5659ea)
#9 0x4605c1 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/home/akhila/RcppDeepStateTest/rinside/inst/examples/standard/rinside_sample0+0x4605c1)
#10 0x4622fa in fuzzer::Fuzzer::ReadAndExecuteSeedCorpora(std::__Fuzzer::vector<fuzzer::SizedFile, fuzzer::fuzzer_allocator<fuzzer::SizedFile> >&) (/home/akhila/RcppDeepStateTest/rinside/inst/examples/standard/rinside_sample0+0x4622fa)
#11 0x462989 in fuzzer::Fuzzer::Loop(std::__Fuzzer::vector<fuzzer::SizedFile, fuzzer::fuzzer_allocator<fuzzer::SizedFile> >&) (/home/akhila/RcppDeepStateTest/rinside/inst/examples/standard/rinside_sample0+0x462989)
#12 0x45165e in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/home/akhila/RcppDeepStateTest/rinside/inst/examples/standard/rinside_sample0+0x45165e)
#13 0x47a4a2 in main (/home/akhila/RcppDeepStateTest/rinside/inst/examples/standard/rinside_sample0+0x47a4a2)
#14 0x7f608b65b0b2 in __libc_start_main /build/glibc-ZN95T4/glibc-2.31/csu/../csu/libc-start.c:308:16
#15 0x4263fd in _start (/home/akhila/RcppDeepStateTest/rinside/inst/examples/standard/rinside_sample0+0x4263fd)
from fuzzing.
kcc
commented on May 4, 2024
The code calls exit().
libFuzzer is an in-process fuzzing engine, the fuzz target should not call exit
See https://github.com/google/fuzzing/blob/master/docs/good-fuzz-target.md#basics
from fuzzing.
akhikolla
commented on May 4, 2024
The second testharness I posted doesn't call exit(). But the result has the same trace that points to the RInside class initialize function.
from fuzzing.
akhikolla
commented on May 4, 2024
R is already initialized
#0 0x52e8d1 in __sanitizer_print_stack_trace (/home/akhila/R/x86_64-pc-linux-gnu-library/3.6/RcppDeepState/testpkgs/testSAN/inst/testfiles/rcpp_read_out_of_bound/rcpp_read_out_of_bound_DeepState_TestHarness_LF+0x52e8d1)
#1 0x479a28 in fuzzer::PrintStackTrace() (/home/akhila/R/x86_64-pc-linux-gnu-library/3.6/RcppDeepState/testpkgs/testSAN/inst/testfiles/rcpp_read_out_of_bound/rcpp_read_out_of_bound_DeepState_TestHarness_LF+0x479a28)
#2 0x45ec2c in fuzzer::Fuzzer::ExitCallback() (/home/akhila/R/x86_64-pc-linux-gnu-library/3.6/RcppDeepState/testpkgs/testSAN/inst/testfiles/rcpp_read_out_of_bound/rcpp_read_out_of_bound_DeepState_TestHarness_LF+0x45ec2c)
#3 0x7f59743b4a26 in __run_exit_handlers /build/glibc-ZN95T4/glibc-2.31/stdlib/exit.c:108:8
#4 0x7f59743b4bdf in exit /build/glibc-ZN95T4/glibc-2.31/stdlib/exit.c:139:3
#5 0x7f597498cc2a in Rf_initialize_R (/lib/libR.so+0x269c2a)
#6 0x7f59749874ec in Rf_initEmbeddedR (/lib/libR.so+0x2644ec)
#7 0x7f597471004f in RInside::initialize(int, char const* const*, bool, bool, bool) /tmp/RtmpppBlNo/R.INSTALL1906e07ad5449/RInside/src/RInside.cpp:155:21
#8 0x7f5974710483 in RInside::RInside() /tmp/RtmpppBlNo/R.INSTALL1906e07ad5449/RInside/src/RInside.cpp:61:15
#9 0x55f45e in DeepState_Test_testSAN_deepstate_test_rcpp_read_out_of_bound_test() /home/akhila/R/x86_64-pc-linux-gnu-library/3.6/RcppDeepState/testpkgs/testSAN/inst/testfiles/rcpp_read_out_of_bound/rcpp_read_out_of_bound_DeepState_TestHarness.cpp:12:11
#10 0x557dd8 in DeepState_Run_testSAN_deepstate_test_rcpp_read_out_of_bound_test() /home/akhila/R/x86_64-pc-linux-gnu-library/3.6/RcppDeepState/testpkgs/testSAN/inst/testfiles/rcpp_read_out_of_bound/rcpp_read_out_of_bound_DeepState_TestHarness.cpp:11:1
#11 0x571cf7 in DeepState_RunTestNoFork (/home/akhila/R/x86_64-pc-linux-gnu-library/3.6/RcppDeepState/testpkgs/testSAN/inst/testfiles/rcpp_read_out_of_bound/rcpp_read_out_of_bound_DeepState_TestHarness_LF+0x571cf7)
#12 0x571b0a in LLVMFuzzerTestOneInput (/home/akhila/R/x86_64-pc-linux-gnu-library/3.6/RcppDeepState/testpkgs/testSAN/inst/testfiles/rcpp_read_out_of_bound/rcpp_read_out_of_bound_DeepState_TestHarness_LF+0x571b0a)
#13 0x460231 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/home/akhila/R/x86_64-pc-linux-gnu-library/3.6/RcppDeepState/testpkgs/testSAN/inst/testfiles/rcpp_read_out_of_bound/rcpp_read_out_of_bound_DeepState_TestHarness_LF+0x460231)
#14 0x45f975 in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool*) (/home/akhila/R/x86_64-pc-linux-gnu-library/3.6/RcppDeepState/testpkgs/testSAN/inst/testfiles/rcpp_read_out_of_bound/rcpp_read_out_of_bound_DeepState_TestHarness_LF+0x45f975)
#15 0x462151 in fuzzer::Fuzzer::ReadAndExecuteSeedCorpora(std::__Fuzzer::vector<fuzzer::SizedFile, fuzzer::fuzzer_allocator<fuzzer::SizedFile> >&) (/home/akhila/R/x86_64-pc-linux-gnu-library/3.6/RcppDeepState/testpkgs/testSAN/inst/testfiles/rcpp_read_out_of_bound/rcpp_read_out_of_bound_DeepState_TestHarness_LF+0x462151)
#16 0x4625f9 in fuzzer::Fuzzer::Loop(std::__Fuzzer::vector<fuzzer::SizedFile, fuzzer::fuzzer_allocator<fuzzer::SizedFile> >&) (/home/akhila/R/x86_64-pc-linux-gnu-library/3.6/RcppDeepState/testpkgs/testSAN/inst/testfiles/rcpp_read_out_of_bound/rcpp_read_out_of_bound_DeepState_TestHarness_LF+0x4625f9)
#17 0x4512ce in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/home/akhila/R/x86_64-pc-linux-gnu-library/3.6/RcppDeepState/testpkgs/testSAN/inst/testfiles/rcpp_read_out_of_bound/rcpp_read_out_of_bound_DeepState_TestHarness_LF+0x4512ce)
#18 0x47a112 in main (/home/akhila/R/x86_64-pc-linux-gnu-library/3.6/RcppDeepState/testpkgs/testSAN/inst/testfiles/rcpp_read_out_of_bound/rcpp_read_out_of_bound_DeepState_TestHarness_LF+0x47a112)
#19 0x7f59743920b2 in __libc_start_main /build/glibc-ZN95T4/glibc-2.31/csu/../csu/libc-start.c:308:16
#20 0x42606d in _start (/home/akhila/R/x86_64-pc-linux-gnu-library/3.6/RcppDeepState/testpkgs/testSAN/inst/testfiles/rcpp_read_out_of_bound/rcpp_read_out_of_bound_DeepState_TestHarness_LF+0x42606d)
Issue is shown in here :
#7 0x7f597471004f in RInside::initialize(int, char const* const*, bool, bool, bool) /tmp/RtmpppBlNo/R.INSTALL1906e07ad5449/RInside/src/RInside.cpp:155:21
#8 0x7f5974710483 in RInside::RInside() /tmp/RtmpppBlNo/R.INSTALL1906e07ad5449/RInside/src/RInside.cpp:61:15
So you think RInside makes a call to the exit function internally?
from fuzzing.
kcc
commented on May 4, 2024
Yep, the stack trace clearly shows that there is a call to exit()
from fuzzing.
akhikolla
commented on May 4, 2024
Now I understand. Thank you so much for your response.
from fuzzing.
Related Issues (20)
- Crash File Empty
- ConsumeRemainingBytes and ConsumeRemainingBytesAsString should invalidate further usages HOT 1
- clang: error: unsupported option '-fsanitize=fuzzer' for target 'x86_64-w64-windows-gnu' HOT 2
- We are noticing that Code Coverage is reducing suddenly - Any Clues on why would this happen?
- Missing Source line information of libfuzzer on sqlite HOT 2
- Is PR with fuzz target finding unpatched bugs soon after start isn't responsible disclosure? HOT 6
- Code coverage metrics for libFuzzer HOT 15
- Python script as fuzz target?
- After calling FDP::ConsumeRandomLengthString, remaining bytes will never start with '\' HOT 5
- Libfuzzer Time complexity HOT 1
- clang-10: error: no such file or directory: 'BUILD/.libs/libxml2.a' HOT 1
- fuzz_me.cc no error with -O1 HOT 1
- Running fuzz test on a sample C++ project
- Running libfuzzer with /MD on Windows & MSVC is using incontrollable memory consumption?
- msvc compiler doesn't support "-fsanitize=fuzzer-no-link" HOT 1
- [QUESTION] How can I indicate a function not to be instrumented by libfuzzer? HOT 1
- [Question] Remove mutations printed information
- [question] Continue after crash HOT 4
- Explanation as to why unreachable code slows down fuzzing HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from fuzzing.