You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Running: fuzz/artifacts/process/minimized-from-52af49762b2e358f53eaaa27e96cc12c1789f5b6
thread '<unnamed>' panicked at 'attempt to subtract with overflow', /home/jess/src/rust-minidump/minidump-processor/src/stackwalker/x86.rs:271:33
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace
==3738815== ERROR: libFuzzer: deadly signal
#0 0x55f7e4e4b2f1 in __sanitizer_print_stack_trace /rustc/llvm/src/llvm-project/compiler-rt/lib/asan/asan_stack.cpp:87:3
#1 0x55f7e7014078 in fuzzer::PrintStackTrace() (/home/jess/.cache/cargo/target/x86_64-unknown-linux-gnu/release/process+0x365b078)
#2 0x55f7e6fee155 in fuzzer::Fuzzer::CrashCallback() (/home/jess/.cache/cargo/target/x86_64-unknown-linux-gnu/release/process+0x3635155)
#3 0x7f082ffbd86f (/usr/lib/libpthread.so.0+0x1386f)
#4 0x7f082fccdd21 in raise (/usr/lib/libc.so.6+0x3cd21)
#5 0x7f082fcb7861 in abort (/usr/lib/libc.so.6+0x26861)
#6 0x55f7e70a64e6 in std::sys::unix::abort_internal::h1f5318f76822dfc9 /rustc/88fb06a1f331926bccb448acdb52966fd1ec8a92/library/std/src/sys/unix/mod.rs:259:14
#7 0x55f7e4dc45f5 in std::process::abort::hbf55446b688adba4 /rustc/88fb06a1f331926bccb448acdb52966fd1ec8a92/library/std/src/process.rs:1995:5
#8 0x55f7e6fd54c5 in libfuzzer_sys::initialize::_$u7b$$u7b$closure$u7d$$u7d$::h7c5979fb626d916c (/home/jess/.cache/cargo/target/x86_64-unknown-linux-gnu/release/process+0x361c4c5)
#9 0x55f7e709a05a in std::panicking::rust_panic_with_hook::h3c44292d2b9e7acd /rustc/88fb06a1f331926bccb448acdb52966fd1ec8a92/library/std/src/panicking.rs:702:17
#10 0x55f7e7099cd8 in std::panicking::begin_panic_handler::_$u7b$$u7b$closure$u7d$$u7d$::h291eeb37fb673a2b /rustc/88fb06a1f331926bccb448acdb52966fd1ec8a92/library/std/src/panicking.rs:586:13
#11 0x55f7e7095963 in std::sys_common::backtrace::__rust_end_short_backtrace::hcd22a174748dc4e6 /rustc/88fb06a1f331926bccb448acdb52966fd1ec8a92/library/std/src/sys_common/backtrace.rs:138:18
#12 0x55f7e7099a28 in rust_begin_unwind /rustc/88fb06a1f331926bccb448acdb52966fd1ec8a92/library/std/src/panicking.rs:584:5
#13 0x55f7e4dc6062 in core::panicking::panic_fmt::hbc44f6fe2c852856 /rustc/88fb06a1f331926bccb448acdb52966fd1ec8a92/library/core/src/panicking.rs:135:14
#14 0x55f7e4dc5f3c in core::panicking::panic::h2f72839d2795d6af /rustc/88fb06a1f331926bccb448acdb52966fd1ec8a92/library/core/src/panicking.rs:48:5
#15 0x55f7e4ef9707 in minidump_processor::stackwalker::x86::get_caller_by_scan::_$u7b$$u7b$closure$u7d$$u7d$::h1457e975cf533d94 (/home/jess/.cache/cargo/target/x86_64-unknown-linux-gnu/release/process+0x1540707)
#16 0x55f7e4f27458 in minidump_processor::stackwalker::x86::_$LT$impl$u20$minidump_processor..stackwalker..unwind..Unwind$u20$for$u20$minidump_common..format..CONTEXT_X86$GT$::get_caller_frame::_$u7b$$u7b$closure$u7d$$u7d$::h1d06987803d92706 (/home/jess/.cache/cargo/target/x86_64-unknown-linux-gnu/release/process+0x156e458)
#17 0x55f7e4f8f9a4 in _$LT$core..future..from_generator..GenFuture$LT$T$GT$$u20$as$u20$core..future..future..Future$GT$::poll::h1909fb02963925f2 (/home/jess/.cache/cargo/target/x86_64-unknown-linux-gnu/release/process+0x15d69a4)
#18 0x55f7e4efe0dd in minidump_processor::stackwalker::get_caller_frame::_$u7b$$u7b$closure$u7d$$u7d$::h0cc5146475136ffa (/home/jess/.cache/cargo/target/x86_64-unknown-linux-gnu/release/process+0x15450dd)
#19 0x55f7e4f057b7 in minidump_processor::stackwalker::walk_stack::_$u7b$$u7b$closure$u7d$$u7d$::head541a1e98755a4 (/home/jess/.cache/cargo/target/x86_64-unknown-linux-gnu/release/process+0x154c7b7)
#20 0x55f7e4eb1ad9 in minidump_processor::processor::process_minidump_with_options::_$u7b$$u7b$closure$u7d$$u7d$::h42da928e5877a814 (/home/jess/.cache/cargo/target/x86_64-unknown-linux-gnu/release/process+0x14f8ad9)
#21 0x55f7e4f92074 in _$LT$core..future..from_generator..GenFuture$LT$T$GT$$u20$as$u20$core..future..future..Future$GT$::poll::hc109baf1cbf70c85 (/home/jess/.cache/cargo/target/x86_64-unknown-linux-gnu/release/process+0x15d9074)
#22 0x55f7e4e9729c in minidump_processor_fuzz::fuzzing_block_on::h40bc13d894ea78e1 (/home/jess/.cache/cargo/target/x86_64-unknown-linux-gnu/release/process+0x14de29c)
#23 0x55f7e4e960e6 in rust_fuzzer_test_input (/home/jess/.cache/cargo/target/x86_64-unknown-linux-gnu/release/process+0x14dd0e6)
#24 0x55f7e6fd9738 in __rust_try libfuzzer_sys.99e5ec45-cgu.0
#25 0x55f7e6fd48ed in LLVMFuzzerTestOneInput (/home/jess/.cache/cargo/target/x86_64-unknown-linux-gnu/release/process+0x361b8ed)
#26 0x55f7e6fee691 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/home/jess/.cache/cargo/target/x86_64-unknown-linux-gnu/release/process+0x3635691)
#27 0x55f7e6fe25ca in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) (/home/jess/.cache/cargo/target/x86_64-unknown-linux-gnu/release/process+0x36295ca)
#28 0x55f7e6fe65e2 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/home/jess/.cache/cargo/target/x86_64-unknown-linux-gnu/release/process+0x362d5e2)
#29 0x55f7e4dc68a2 in main (/home/jess/.cache/cargo/target/x86_64-unknown-linux-gnu/release/process+0x140d8a2)
#30 0x7f082fcb8b24 in __libc_start_main (/usr/lib/libc.so.6+0x27b24)
#31 0x55f7e4dc6a4d in _start (/home/jess/.cache/cargo/target/x86_64-unknown-linux-gnu/release/process+0x140da4d)
I think I convinced myself it was "fine" because we are walking forward through memory and this ""just"" looks backward a step, but that reasoning isn't sound for the first iteration!
Definitely worth taking a quick peak at all the impls to see if they all have this issue.
Stack trace:
Reproduction:
minidump-process.zip
I'll see if I can fix this today. Not going to try to fix it right now, but want to keep a note of it.
And yep, that looks like a good old fashioned integer overflow.
The text was updated successfully, but these errors were encountered: