[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Report 2 UBSan bugs found by an automatic tool
|
From: |
He Jingxuan |
|
Subject: |
Report 2 UBSan bugs found by an automatic tool |
|
Date: |
Wed, 30 Jun 2021 17:23:03 +0000 |
Dear findutils developers,
We tested findutils with an automatic tool (based on the symbolic execution
tool KLEE). 5 test cases triggering UBSan errors were generated. We manually
checked those test cases and filtered out benign cases. Finally, we identified
and report 2 cases that could trigger bugs. Below is the information for
reproducing the bugs.
- findutils version: 4.7.0
- operating system: Ubuntu 16.04.7
- compiler: clang version 6.0.0-1ubuntu2~16.04.1 (tags/RELEASE_600/final)
- compilation commands:
mkdir obj
cd obj
CC=clang CFLAGS="-g -O1 -Xclang -disable-llvm-passes -D__NO_STRING_INLINES
-D_FORTIFY_SOURCE=0 -U__OPTIMIZE__ -fsanitize=signed-integer-overflow
-fsanitize=unsigned-integer-overflow -fsanitize=shift -fsanitize=bounds
-fsanitize=pointer-overflow -fsanitize=null" ../configure --disable-nls
--disable-largefile --disable-threads --without-selinux
make
- inputs: the attached file contains the input file A of the second bug.
bug 1 command: find -H - -delete
relevant error message: ../../find/tree.c:538:23: runtime error: member access
within null pointer of type 'struct predicate’
bug 2 command: find -H -neweraa A
relevant error message: ../../find/parser.c:698:48: runtime error: signed
integer overflow: 1624986826 - -9223372036854775808 cannot be represented in
type ‘long'
Note: I think this bug depends on the timestamp and is triggered only sometimes.
Best,
Jingxuan
A.tar.gz
Description: A.tar.gz
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- Report 2 UBSan bugs found by an automatic tool,
He Jingxuan <=