Stream: git-wasmtime

Topic: wasmtime / issue #4731 Incremental cache: fuzzbug: subtra...


view this post on Zulip Wasmtime GitHub notifications bot (Aug 18 2022 at 16:11):

cfallin opened issue #4731:

OSS-Fuzz produced the following crashing testcase for the cranelift-icache fuzz target with the following base64 encoding:

/////wAAARQAAAAAAAAAgADu

(cat that into base64 -d to decode)

The crash is a panic with the message "attempt to subtract with overflow". The stackframe in the oss-fuzz report is fairly useless (line 0 in cranelift-icache.rs?) but hopefully the above reproduces easily.

cc @bnjbvr to diagnose?

view this post on Zulip Wasmtime GitHub notifications bot (Aug 18 2022 at 16:31):

bnjbvr commented on issue #4731:

So I haven't managed to reproduce:

base64 -d /tmp/encoded.txt > /tmp/decoded.txt gives me what looks like a binary file,

Then I've run

cargo +nightly fuzz run -O --no-default-features cranelift-icache /tmp/decoded

and it runs the binary input without problems (i.e. no crash). I've ran it many times, just to make sure there wasn't any non-determinism. Am I missing something?

I'll post a PR with what could be a fix in the fuzz target itself, though.

view this post on Zulip Wasmtime GitHub notifications bot (Aug 18 2022 at 16:50):

alexcrichton labeled issue #4731:

OSS-Fuzz produced the following crashing testcase for the cranelift-icache fuzz target with the following base64 encoding:

/////wAAARQAAAAAAAAAgADu

(cat that into base64 -d to decode)

The crash is a panic with the message "attempt to subtract with overflow". The stackframe in the oss-fuzz report is fairly useless (line 0 in cranelift-icache.rs?) but hopefully the above reproduces easily.

cc @bnjbvr to diagnose?

view this post on Zulip Wasmtime GitHub notifications bot (Aug 23 2022 at 14:01):

bnjbvr commented on issue #4731:

Can one of the people who have access to the oss-fuzz infra confirm whether the linked PR fixed this, please?

view this post on Zulip Wasmtime GitHub notifications bot (Aug 23 2022 at 15:01):

jameysharp commented on issue #4731:

Ah, thanks for checking. Yes, oss-fuzz confirmed this fixed a few days ago: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50398

view this post on Zulip Wasmtime GitHub notifications bot (Aug 23 2022 at 15:01):

jameysharp closed issue #4731:

OSS-Fuzz produced the following crashing testcase for the cranelift-icache fuzz target with the following base64 encoding:

/////wAAARQAAAAAAAAAgADu

(cat that into base64 -d to decode)

The crash is a panic with the message "attempt to subtract with overflow". The stackframe in the oss-fuzz report is fairly useless (line 0 in cranelift-icache.rs?) but hopefully the above reproduces easily.

cc @bnjbvr to diagnose?


Last updated: Dec 23 2024 at 12:05 UTC