Skip to content

Use of uninitialized variables reported by oss-fuzz #10068

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
shukitchan merged 2 commits into from
Jul 21, 2023
Merged

Use of uninitialized variables reported by oss-fuzz #10068

shukitchan merged 2 commits into from
Jul 21, 2023

Conversation

@shukitchan
Copy link
Contributor

@shukitchan shukitchan commented Jul 19, 2023

oss-fuzz test case reported a problem with variables not initialized before use

https://oss-fuzz.com/testcase-detail/5739350995107840

==42095==WARNING: MemorySanitizer: use-of-uninitialized-value
  | #0 0x7c89163834b3 in compile trafficserver/src/tscore/Regex.cc:76:7
  | #1 0x7c89163834b3 in DFA::build(std::__1::basic_string_view<char, std::__1::char_traits<char> > const&, unsigned int) trafficserver/src/tscore/Regex.cc:149:12
  | #2 0x7c891638474a in DFA::compile(char const**, int, unsigned int) trafficserver/src/tscore/Regex.cc:179:11
  | #3 0x574541 in hdrtoken_init() trafficserver/proxy/hdrs/HdrToken.cc:446:24
  | #4 0x578e3a in mime_init() trafficserver/proxy/hdrs/MIME.cc:670:5
  | #5 0x542aba in http_init() trafficserver/proxy/hdrs/HTTP.cc:169:5
  | #6 0x5413f3 in LLVMFuzzerTestOneInput trafficserver/fuzzer/FuzzHTTP.cc:28:5
  | #7 0x44aaa3 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:611:15
  | #8 0x436202 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:324:6
  | #9 0x43baac in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:860:9
  | #10 0x464fe2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10
  | #11 0x7c891584f082 in __libc_start_main /build/glibc-SzIz7B/glibc-2.31/csu/libc-start.c:308:16
  | #12 0x42c3cd in _start
 

@shukitchan shukitchan added this to the 10.0.0 milestone Jul 19, 2023
@shukitchan shukitchan self-assigned this Jul 19, 2023
@shukitchan shukitchan changed the title initialize variables reported by oss-fuzz Use of uninitialized variables reported by oss-fuzz Jul 19, 2023
@apache apache deleted a comment from shukitchan Jul 20, 2023
@maskit maskit added the Core label Jul 20, 2023
maskit
maskit requested changes Jul 20, 2023
View reviewed changes
Copy link
Member

@maskit maskit left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The change makes sense. Apparently, values are set to these two variables only if some error happens. Just need a small change to be modern C++ code.

src/tscore/Regex.cc Outdated
int erroffset;
int options = 0;
int study_opts = 0;
const char *error = NULL;
Copy link
Member

@maskit maskit Jul 20, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please use nullptr instead.

@maskit
Copy link
Member

maskit commented Jul 20, 2023

polite_hook_wait failed.

@maskit
Copy link
Member

maskit commented Jul 20, 2023

[approve ci autest]

@maskit
Copy link
Member

maskit commented Jul 21, 2023

TSVConnFd failed.

@maskit
Copy link
Member

maskit commented Jul 21, 2023

[approve ci autest]

@shukitchan shukitchan requested a review from maskit July 21, 2023 03:36
@shukitchan shukitchan merged commit f286fe8 into apache:master Jul 21, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@maskit maskit maskit approved these changes

Assignees

@shukitchan shukitchan

Labels

Core

Projects

None yet

Milestone

10.0.0

Development

Successfully merging this pull request may close these issues.

2 participants

@shukitchan @maskit