We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Hi there,
I've got a few failures with the fuzzer on 1.9.1 and am wondering if I should be concerned about them.
This is in nixpkgs:
Running phase: checkPhase @nix { "action": "setPhase", "phase": "checkPhase" } check flags: -j48 SHELL=/nix/store/4fvc5fm8bszmkydng1ivrvr5cbvr1g60-bash-5.2p37/bin/bash VERBOSE=y check make test/unit/test_twist test/unit/test_log test/unit/test_parser test/unit/test_attr test/unit/test_db test/unit/test_utils test/fuzz/yaml-parser.fuzz test/fuzz/init-token-sopin.fuzz test/fuzz/init-pin.fuzz test/fuzz/set-pin.fuzz test/fuzz/db-take-lock.fuzz test/fuzz/db-token-label.fuzz32 test/fuzz/init-token-label.fuzz32 test/fuzz/utils-ctx-unwrap-objauth.fuzz make[1]: Entering directory '/build/source' make[1]: 'test/fuzz/yaml-parser.fuzz' is up to date. make[1]: 'test/fuzz/init-token-sopin.fuzz' is up to date. make[1]: 'test/fuzz/init-pin.fuzz' is up to date. make[1]: 'test/fuzz/set-pin.fuzz' is up to date. make[1]: 'test/fuzz/db-take-lock.fuzz' is up to date. make[1]: 'test/fuzz/db-token-label.fuzz32' is up to date. make[1]: 'test/fuzz/init-token-label.fuzz32' is up to date. make[1]: 'test/fuzz/utils-ctx-unwrap-objauth.fuzz' is up to date. CC test/unit/test_twist-test_twist.o CC test/unit/test_log-test_log.o CC test/unit/test_parser-test_parser.o CC test/unit/test_attr-test_attr.o CC test/unit/test_db-test_db.o CC test/unit/test_utils-test_utils.o test/unit/test_twist.c:249:32: warning: unknown warning group '-Wstringop-overflow', ignored [-Wunknown-warning-option] 249 | #pragma GCC diagnostic ignored "-Wstringop-overflow" | ^ test/unit/test_twist.c:260:32: warning: unknown warning group '-Wstringop-overflow', ignored [-Wunknown-warning-option] 260 | #pragma GCC diagnostic ignored "-Wstringop-overflow" | ^ test/unit/test_twist.c:331:32: warning: unknown warning group '-Wstringop-overflow', ignored [-Wunknown-warning-option] 331 | #pragma GCC diagnostic ignored "-Wstringop-overflow" | ^ CCLD test/unit/test_utils CCLD test/unit/test_parser CCLD test/unit/test_log CCLD test/unit/test_attr 3 warnings generated. CCLD test/unit/test_twist CCLD test/unit/test_db make[1]: Leaving directory '/build/source' make check-TESTS make[1]: Entering directory '/build/source' make[2]: Entering directory '/build/source' PASS: test/unit/test_log PASS: test/unit/test_attr PASS: test/unit/test_parser PASS: test/unit/test_twist PASS: test/unit/test_utils PASS: test/unit/test_db FAIL: test/fuzz/db-take-lock.fuzz FAIL: test/fuzz/init-token-label.fuzz32 SKIP: test/fuzz/init-token-sopin.fuzz FAIL: test/fuzz/db-token-label.fuzz32 SKIP: test/fuzz/set-pin.fuzz SKIP: test/fuzz/init-pin.fuzz PASS: test/fuzz/yaml-parser.fuzz PASS: test/fuzz/utils-ctx-unwrap-objauth.fuzz ========================================= tpm2-pkcs11 1.9.1: ./test-suite.log ========================================= # TOTAL: 14 # PASS: 8 # SKIP: 3 # XFAIL: 0 # FAIL: 3 # XPASS: 0 # ERROR: 0 .. contents:: :depth: 2 SKIP: test/fuzz/init-token-sopin ================================ + env ./test/fuzz/init-token-sopin.fuzz -max_total_time=30 INFO: Running with entropic power schedule (0xFF, 100). INFO: Seed: 1325302258 INFO: Loaded 1 modules (149 inline 8-bit counters): 149 [0x55555580f9e0, 0x55555580fa75), INFO: Loaded 1 PC tables (149 PCs): 149 [0x55555580fa78,0x5555558103c8), INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 4096 bytes [==========] tests: Running 1 test(s). [ RUN ] test WARNING: FAPI backend was not initialized. WARNING: Cannot prepare version query: no such table: schema ERROR: Esys_GetCapability: tpm:session(1):the handle is not correct for the use: ERROR: Could not find nor create a primary object ERROR: Could not create new token [ ERROR ] --- 0x5 != 0 [ LINE ] --- test/fuzz/init-token-sopin.fuzz.c:59: error: Failure! [ FAILED ] test [==========] tests: 1 test(s) run. [ PASSED ] 0 test(s). [ FAILED ] tests: 1 test(s), listed below: [ FAILED ] test 1 FAILED TEST(S) ==7177== ERROR: libFuzzer: fuzz target exited #0 0x5555556f538a (/build/source/test/fuzz/init-token-sopin.fuzz+0x1a138a) #1 0x5555555f4fd0 (/build/source/test/fuzz/init-token-sopin.fuzz+0xa0fd0) #2 0x5555555d0246 (/build/source/test/fuzz/init-token-sopin.fuzz+0x7c246) #3 0x5555555d031c (/build/source/test/fuzz/init-token-sopin.fuzz+0x7c31c) #4 0x7ffff71011d0 (/nix/store/h7zcxabfxa7v5xdna45y2hplj31ncf8a-glibc-2.40-36/lib/libc.so.6+0x431d0) (BuildId: 0a855678aa0cb573cecbb2bcc73ab8239ec472d0) #5 0x7ffff710128d (/nix/store/h7zcxabfxa7v5xdna45y2hplj31ncf8a-glibc-2.40-36/lib/libc.so.6+0x4328d) (BuildId: 0a855678aa0cb573cecbb2bcc73ab8239ec472d0) #6 0x7ffff73febc6 (/nix/store/gq3r6sjc3k6k37ny5i8n395f9r96i9gp-cmocka-1.1.7/lib/libcmocka.so.0+0x6bc6) #7 0x7ffff73ff93b (/nix/store/gq3r6sjc3k6k37ny5i8n395f9r96i9gp-cmocka-1.1.7/lib/libcmocka.so.0+0x793b) #8 0x55555573628a (/build/source/test/fuzz/init-token-sopin.fuzz+0x1e228a) #9 0x5555555d0a18 (/build/source/test/fuzz/init-token-sopin.fuzz+0x7ca18) #10 0x5555555d45b4 (/build/source/test/fuzz/init-token-sopin.fuzz+0x805b4) #11 0x5555555d50c7 (/build/source/test/fuzz/init-token-sopin.fuzz+0x810c7) #12 0x5555555b7b40 (/build/source/test/fuzz/init-token-sopin.fuzz+0x63b40) #13 0x5555555a1962 (/build/source/test/fuzz/init-token-sopin.fuzz+0x4d962) #14 0x7ffff70e81fb (/nix/store/h7zcxabfxa7v5xdna45y2hplj31ncf8a-glibc-2.40-36/lib/libc.so.6+0x2a1fb) (BuildId: 0a855678aa0cb573cecbb2bcc73ab8239ec472d0) #15 0x7ffff70e82b8 (/nix/store/h7zcxabfxa7v5xdna45y2hplj31ncf8a-glibc-2.40-36/lib/libc.so.6+0x2a2b8) (BuildId: 0a855678aa0cb573cecbb2bcc73ab8239ec472d0) #16 0x5555555a19a4 (/build/source/test/fuzz/init-token-sopin.fuzz+0x4d9a4) SUMMARY: libFuzzer: fuzz target exited MS: 0 ; base unit: 0000000000000000000000000000000000000000 artifact_prefix='./'; Test unit written to ./crash-da39a3ee5e6b4b0d3255bfef95601890afd80709 Base64: + exit 77 SKIP test/fuzz/init-token-sopin.fuzz (exit status: 77) SKIP: test/fuzz/init-pin ======================== + env ./test/fuzz/init-pin.fuzz -max_total_time=30 INFO: Running with entropic power schedule (0xFF, 100). INFO: Seed: 1328141447 INFO: Loaded 1 modules (152 inline 8-bit counters): 152 [0x5555558109e0, 0x555555810a78), INFO: Loaded 1 PC tables (152 PCs): 152 [0x555555810a78,0x5555558113f8), INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 4096 bytes [==========] tests: Running 1 test(s). [ RUN ] test WARNING: FAPI backend was not initialized. WARNING: Cannot prepare version query: no such table: schema ERROR: Esys_GetCapability: tpm:session(1):the handle is not correct for the use: ERROR: Could not find nor create a primary object ERROR: Could not create new token Could not run test: 0x5 != 0 [ LINE ] --- test/fuzz/init-pin.fuzz.c:41: error: Failure!Test setup failed [ ERROR ] test [==========] tests: 1 test(s) run. [ PASSED ] 0 test(s). ==7186== ERROR: libFuzzer: fuzz target exited #0 0x5555556f538a (/build/source/test/fuzz/init-pin.fuzz+0x1a138a) #1 0x5555555f4fd0 (/build/source/test/fuzz/init-pin.fuzz+0xa0fd0) #2 0x5555555d0246 (/build/source/test/fuzz/init-pin.fuzz+0x7c246) #3 0x5555555d031c (/build/source/test/fuzz/init-pin.fuzz+0x7c31c) #4 0x7ffff71011d0 (/nix/store/h7zcxabfxa7v5xdna45y2hplj31ncf8a-glibc-2.40-36/lib/libc.so.6+0x431d0) (BuildId: 0a855678aa0cb573cecbb2bcc73ab8239ec472d0) #5 0x7ffff710128d (/nix/store/h7zcxabfxa7v5xdna45y2hplj31ncf8a-glibc-2.40-36/lib/libc.so.6+0x4328d) (BuildId: 0a855678aa0cb573cecbb2bcc73ab8239ec472d0) #6 0x7ffff73febc6 (/nix/store/gq3r6sjc3k6k37ny5i8n395f9r96i9gp-cmocka-1.1.7/lib/libcmocka.so.0+0x6bc6) #7 0x7ffff73ff93b (/nix/store/gq3r6sjc3k6k37ny5i8n395f9r96i9gp-cmocka-1.1.7/lib/libcmocka.so.0+0x793b) #8 0x55555573628a (/build/source/test/fuzz/init-pin.fuzz+0x1e228a) #9 0x5555555d0a18 (/build/source/test/fuzz/init-pin.fuzz+0x7ca18) #10 0x5555555d45b4 (/build/source/test/fuzz/init-pin.fuzz+0x805b4) #11 0x5555555d50c7 (/build/source/test/fuzz/init-pin.fuzz+0x810c7) #12 0x5555555b7b40 (/build/source/test/fuzz/init-pin.fuzz+0x63b40) #13 0x5555555a1962 (/build/source/test/fuzz/init-pin.fuzz+0x4d962) #14 0x7ffff70e81fb (/nix/store/h7zcxabfxa7v5xdna45y2hplj31ncf8a-glibc-2.40-36/lib/libc.so.6+0x2a1fb) (BuildId: 0a855678aa0cb573cecbb2bcc73ab8239ec472d0) #15 0x7ffff70e82b8 (/nix/store/h7zcxabfxa7v5xdna45y2hplj31ncf8a-glibc-2.40-36/lib/libc.so.6+0x2a2b8) (BuildId: 0a855678aa0cb573cecbb2bcc73ab8239ec472d0) #16 0x5555555a19a4 (/build/source/test/fuzz/init-pin.fuzz+0x4d9a4) SUMMARY: libFuzzer: fuzz target exited MS: 0 ; base unit: 0000000000000000000000000000000000000000 artifact_prefix='./'; Test unit written to ./crash-da39a3ee5e6b4b0d3255bfef95601890afd80709 Base64: + exit 77 SKIP test/fuzz/init-pin.fuzz (exit status: 77) SKIP: test/fuzz/set-pin ======================= + env ./test/fuzz/set-pin.fuzz -max_total_time=30 INFO: Running with entropic power schedule (0xFF, 100). INFO: Seed: 1326984079 INFO: Loaded 1 modules (152 inline 8-bit counters): 152 [0x5555558109e0, 0x555555810a78), INFO: Loaded 1 PC tables (152 PCs): 152 [0x555555810a78,0x5555558113f8), INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 4096 bytes [==========] tests: Running 1 test(s). [ RUN ] test WARNING: FAPI backend was not initialized. WARNING: Cannot prepare version query: no such table: schema ERROR: Esys_GetCapability: tpm:session(1):the handle is not correct for the use: ERROR: Could not find nor create a primary object ERROR: Could not create new token Could not run test: 0x5 != 0 [ LINE ] --- test/fuzz/set-pin.fuzz.c:41: error: Failure!Test setup failed [ ERROR ] test [==========] tests: 1 test(s) run. [ PASSED ] 0 test(s). ==7184== ERROR: libFuzzer: fuzz target exited #0 0x5555556f538a (/build/source/test/fuzz/set-pin.fuzz+0x1a138a) #1 0x5555555f4fd0 (/build/source/test/fuzz/set-pin.fuzz+0xa0fd0) #2 0x5555555d0246 (/build/source/test/fuzz/set-pin.fuzz+0x7c246) #3 0x5555555d031c (/build/source/test/fuzz/set-pin.fuzz+0x7c31c) #4 0x7ffff71011d0 (/nix/store/h7zcxabfxa7v5xdna45y2hplj31ncf8a-glibc-2.40-36/lib/libc.so.6+0x431d0) (BuildId: 0a855678aa0cb573cecbb2bcc73ab8239ec472d0) #5 0x7ffff710128d (/nix/store/h7zcxabfxa7v5xdna45y2hplj31ncf8a-glibc-2.40-36/lib/libc.so.6+0x4328d) (BuildId: 0a855678aa0cb573cecbb2bcc73ab8239ec472d0) #6 0x7ffff73febc6 (/nix/store/gq3r6sjc3k6k37ny5i8n395f9r96i9gp-cmocka-1.1.7/lib/libcmocka.so.0+0x6bc6) #7 0x7ffff73ff93b (/nix/store/gq3r6sjc3k6k37ny5i8n395f9r96i9gp-cmocka-1.1.7/lib/libcmocka.so.0+0x793b) #8 0x55555573628a (/build/source/test/fuzz/set-pin.fuzz+0x1e228a) #9 0x5555555d0a18 (/build/source/test/fuzz/set-pin.fuzz+0x7ca18) #10 0x5555555d45b4 (/build/source/test/fuzz/set-pin.fuzz+0x805b4) #11 0x5555555d50c7 (/build/source/test/fuzz/set-pin.fuzz+0x810c7) #12 0x5555555b7b40 (/build/source/test/fuzz/set-pin.fuzz+0x63b40) #13 0x5555555a1962 (/build/source/test/fuzz/set-pin.fuzz+0x4d962) #14 0x7ffff70e81fb (/nix/store/h7zcxabfxa7v5xdna45y2hplj31ncf8a-glibc-2.40-36/lib/libc.so.6+0x2a1fb) (BuildId: 0a855678aa0cb573cecbb2bcc73ab8239ec472d0) #15 0x7ffff70e82b8 (/nix/store/h7zcxabfxa7v5xdna45y2hplj31ncf8a-glibc-2.40-36/lib/libc.so.6+0x2a2b8) (BuildId: 0a855678aa0cb573cecbb2bcc73ab8239ec472d0) #16 0x5555555a19a4 (/build/source/test/fuzz/set-pin.fuzz+0x4d9a4) SUMMARY: libFuzzer: fuzz target exited MS: 0 ; base unit: 0000000000000000000000000000000000000000 artifact_prefix='./'; Test unit written to ./crash-da39a3ee5e6b4b0d3255bfef95601890afd80709 Base64: + exit 77 SKIP test/fuzz/set-pin.fuzz (exit status: 77) FAIL: test/fuzz/db-take-lock ============================ + env ./test/fuzz/db-take-lock.fuzz -max_total_time=30 INFO: Running with entropic power schedule (0xFF, 100). INFO: Seed: 1325373476 INFO: Loaded 1 modules (15 inline 8-bit counters): 15 [0x5555557a5040, 0x5555557a504f), INFO: Loaded 1 PC tables (15 PCs): 15 [0x5555557a5050,0x5555557a5140), INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 4096 bytes [==========] tests: Running 1 test(s). [ RUN ] test ================================================================= ==7178==ERROR: AddressSanitizer: stack-use-after-return on address 0x7ffff4a000a0 at pc 0x555555674f5b bp 0x7fffffff90c0 sp 0x7fffffff8880 READ of size 36 at 0x7ffff4a000a0 thread T0 #0 0x555555674f5a (/build/source/test/fuzz/db-take-lock.fuzz+0x120f5a) #1 0x5555556b1ace (/build/source/test/fuzz/db-take-lock.fuzz+0x15dace) #2 0x5555556b416c (/build/source/test/fuzz/db-take-lock.fuzz+0x16016c) #3 0x55555572b862 (/build/source/test/fuzz/db-take-lock.fuzz+0x1d7862) #4 0x55555572b8dc (/build/source/test/fuzz/db-take-lock.fuzz+0x1d78dc) #5 0x555555729633 (/build/source/test/fuzz/db-take-lock.fuzz+0x1d5633) #6 0x7ffff73fed3e (/nix/store/gq3r6sjc3k6k37ny5i8n395f9r96i9gp-cmocka-1.1.7/lib/libcmocka.so.0+0x6d3e) #7 0x7ffff73ffb7d (/nix/store/gq3r6sjc3k6k37ny5i8n395f9r96i9gp-cmocka-1.1.7/lib/libcmocka.so.0+0x7b7d) #8 0x5555557293ea (/build/source/test/fuzz/db-take-lock.fuzz+0x1d53ea) #9 0x5555555c83d8 (/build/source/test/fuzz/db-take-lock.fuzz+0x743d8) #10 0x5555555cbf74 (/build/source/test/fuzz/db-take-lock.fuzz+0x77f74) #11 0x5555555cca87 (/build/source/test/fuzz/db-take-lock.fuzz+0x78a87) #12 0x5555555af500 (/build/source/test/fuzz/db-take-lock.fuzz+0x5b500) #13 0x555555599322 (/build/source/test/fuzz/db-take-lock.fuzz+0x45322) #14 0x7ffff70e81fb (/nix/store/h7zcxabfxa7v5xdna45y2hplj31ncf8a-glibc-2.40-36/lib/libc.so.6+0x2a1fb) (BuildId: 0a855678aa0cb573cecbb2bcc73ab8239ec472d0) #15 0x7ffff70e82b8 (/nix/store/h7zcxabfxa7v5xdna45y2hplj31ncf8a-glibc-2.40-36/lib/libc.so.6+0x2a2b8) (BuildId: 0a855678aa0cb573cecbb2bcc73ab8239ec472d0) #16 0x555555599364 (/build/source/test/fuzz/db-take-lock.fuzz+0x45364) Address 0x7ffff4a000a0 is located in stack of thread T0 at offset 32 in frame #0 0x55555572993f (/build/source/test/fuzz/db-take-lock.fuzz+0x1d593f) This frame has 1 object(s): [32, 68) 'tmp_key' (line 55) <== Memory access at offset 32 is inside this variable HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork (longjmp and C++ exceptions *are* supported) SUMMARY: AddressSanitizer: stack-use-after-return (/build/source/test/fuzz/db-take-lock.fuzz+0x120f5a) Shadow bytes around the buggy address: 0x7ffff49ffe00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x7ffff49ffe80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x7ffff49fff00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x7ffff49fff80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x7ffff4a00000: f1 f1 f1 f1 00 00 00 00 00 f3 f3 f3 f3 f3 f3 f3 =>0x7ffff4a00080: f5 f5 f5 f5[f5]f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x7ffff4a00100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x7ffff4a00180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x7ffff4a00200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x7ffff4a00280: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x7ffff4a00300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb ==7178==ABORTING MS: 0 ; base unit: 0000000000000000000000000000000000000000 artifact_prefix='./'; Test unit written to ./crash-da39a3ee5e6b4b0d3255bfef95601890afd80709 Base64: + exit 1 FAIL test/fuzz/db-take-lock.fuzz (exit status: 1) FAIL: test/fuzz/db-token-label ============================== + env ./test/fuzz/db-token-label.fuzz32 -max_total_time=30 -max_len=32 INFO: Running with entropic power schedule (0xFF, 100). INFO: Seed: 1328040705 INFO: Loaded 1 modules (156 inline 8-bit counters): 156 [0x55555580d9c0, 0x55555580da5c), INFO: Loaded 1 PC tables (156 PCs): 156 [0x55555580da60,0x55555580e420), [==========] tests: Running 1 test(s). [ RUN ] test WARNING: FAPI backend was not initialized. ================================================================= ==7185==ERROR: AddressSanitizer: attempting free on address which was not malloc()-ed: 0x5190000140e0 in thread T0 #0 0x5555556e7168 (/build/source/test/fuzz/db-token-label.fuzz32+0x193168) #1 0x555555772d07 (/build/source/test/fuzz/db-token-label.fuzz32+0x21ed07) #2 0x5555557978a1 (/build/source/test/fuzz/db-token-label.fuzz32+0x2438a1) #3 0x55555576f958 (/build/source/test/fuzz/db-token-label.fuzz32+0x21b958) #4 0x55555576f6b9 (/build/source/test/fuzz/db-token-label.fuzz32+0x21b6b9) #5 0x55555576ab0a (/build/source/test/fuzz/db-token-label.fuzz32+0x216b0a) #6 0x55555574eec8 (/build/source/test/fuzz/db-token-label.fuzz32+0x1faec8) #7 0x555555737665 (/build/source/test/fuzz/db-token-label.fuzz32+0x1e3665) #8 0x555555736ab5 (/build/source/test/fuzz/db-token-label.fuzz32+0x1e2ab5) #9 0x7ffff73fee9c (/nix/store/gq3r6sjc3k6k37ny5i8n395f9r96i9gp-cmocka-1.1.7/lib/libcmocka.so.0+0x6e9c) #10 0x7ffff73ffa0d (/nix/store/gq3r6sjc3k6k37ny5i8n395f9r96i9gp-cmocka-1.1.7/lib/libcmocka.so.0+0x7a0d) #11 0x555555736355 (/build/source/test/fuzz/db-token-label.fuzz32+0x1e2355) #12 0x5555555d09d8 (/build/source/test/fuzz/db-token-label.fuzz32+0x7c9d8) #13 0x5555555d4574 (/build/source/test/fuzz/db-token-label.fuzz32+0x80574) #14 0x5555555d5087 (/build/source/test/fuzz/db-token-label.fuzz32+0x81087) #15 0x5555555b7b00 (/build/source/test/fuzz/db-token-label.fuzz32+0x63b00) #16 0x5555555a1922 (/build/source/test/fuzz/db-token-label.fuzz32+0x4d922) #17 0x7ffff70e81fb (/nix/store/h7zcxabfxa7v5xdna45y2hplj31ncf8a-glibc-2.40-36/lib/libc.so.6+0x2a1fb) (BuildId: 0a855678aa0cb573cecbb2bcc73ab8239ec472d0) #18 0x7ffff70e82b8 (/nix/store/h7zcxabfxa7v5xdna45y2hplj31ncf8a-glibc-2.40-36/lib/libc.so.6+0x2a2b8) (BuildId: 0a855678aa0cb573cecbb2bcc73ab8239ec472d0) #19 0x5555555a1964 (/build/source/test/fuzz/db-token-label.fuzz32+0x4d964) 0x5190000140e0 is located 96 bytes inside of 1144-byte region [0x519000014080,0x5190000144f8) allocated by thread T0 here: #0 0x5555556e8137 (/build/source/test/fuzz/db-token-label.fuzz32+0x194137) #1 0x7ffff73fb3e1 (/nix/store/gq3r6sjc3k6k37ny5i8n395f9r96i9gp-cmocka-1.1.7/lib/libcmocka.so.0+0x33e1) SUMMARY: AddressSanitizer: bad-free (/build/source/test/fuzz/db-token-label.fuzz32+0x193168) ==7185==ABORTING MS: 0 ; base unit: 0000000000000000000000000000000000000000 artifact_prefix='./'; Test unit written to ./crash-da39a3ee5e6b4b0d3255bfef95601890afd80709 Base64: + exit 1 FAIL test/fuzz/db-token-label.fuzz32 (exit status: 1) FAIL: test/fuzz/init-token-label ================================ + env ./test/fuzz/init-token-label.fuzz32 -max_total_time=30 -max_len=32 INFO: Running with entropic power schedule (0xFF, 100). INFO: Seed: 1325963365 INFO: Loaded 1 modules (151 inline 8-bit counters): 151 [0x55555580f9e0, 0x55555580fa77), INFO: Loaded 1 PC tables (151 PCs): 151 [0x55555580fa78,0x5555558103e8), [==========] tests: Running 1 test(s). [ RUN ] test WARNING: FAPI backend was not initialized. WARNING: Cannot prepare version query: no such table: schema ERROR: Label has embedded 0 bytes ================================================================= ==7182==ERROR: AddressSanitizer: attempting free on address which was not malloc()-ed: 0x51900000dce0 in thread T0 #0 0x5555556e71a8 (/build/source/test/fuzz/init-token-label.fuzz32+0x1931a8) #1 0x555555763987 (/build/source/test/fuzz/init-token-label.fuzz32+0x20f987) #2 0x555555787bd1 (/build/source/test/fuzz/init-token-label.fuzz32+0x233bd1) #3 0x5555557605d8 (/build/source/test/fuzz/init-token-label.fuzz32+0x20c5d8) #4 0x555555760339 (/build/source/test/fuzz/init-token-label.fuzz32+0x20c339) #5 0x55555575b78a (/build/source/test/fuzz/init-token-label.fuzz32+0x20778a) #6 0x555555743b28 (/build/source/test/fuzz/init-token-label.fuzz32+0x1efb28) #7 0x555555737035 (/build/source/test/fuzz/init-token-label.fuzz32+0x1e3035) #8 0x5555557366ca (/build/source/test/fuzz/init-token-label.fuzz32+0x1e26ca) #9 0x7ffff73fed3e (/nix/store/gq3r6sjc3k6k37ny5i8n395f9r96i9gp-cmocka-1.1.7/lib/libcmocka.so.0+0x6d3e) #10 0x7ffff73ffb7d (/nix/store/gq3r6sjc3k6k37ny5i8n395f9r96i9gp-cmocka-1.1.7/lib/libcmocka.so.0+0x7b7d) #11 0x5555557362f0 (/build/source/test/fuzz/init-token-label.fuzz32+0x1e22f0) #12 0x5555555d0a18 (/build/source/test/fuzz/init-token-label.fuzz32+0x7ca18) #13 0x5555555d45b4 (/build/source/test/fuzz/init-token-label.fuzz32+0x805b4) #14 0x5555555d50c7 (/build/source/test/fuzz/init-token-label.fuzz32+0x810c7) #15 0x5555555b7b40 (/build/source/test/fuzz/init-token-label.fuzz32+0x63b40) #16 0x5555555a1962 (/build/source/test/fuzz/init-token-label.fuzz32+0x4d962) #17 0x7ffff70e81fb (/nix/store/h7zcxabfxa7v5xdna45y2hplj31ncf8a-glibc-2.40-36/lib/libc.so.6+0x2a1fb) (BuildId: 0a855678aa0cb573cecbb2bcc73ab8239ec472d0) #18 0x7ffff70e82b8 (/nix/store/h7zcxabfxa7v5xdna45y2hplj31ncf8a-glibc-2.40-36/lib/libc.so.6+0x2a2b8) (BuildId: 0a855678aa0cb573cecbb2bcc73ab8239ec472d0) #19 0x5555555a19a4 (/build/source/test/fuzz/init-token-label.fuzz32+0x4d9a4) 0x51900000dce0 is located 96 bytes inside of 1144-byte region [0x51900000dc80,0x51900000e0f8) allocated by thread T0 here: #0 0x5555556e8177 (/build/source/test/fuzz/init-token-label.fuzz32+0x194177) #1 0x7ffff73fb3e1 (/nix/store/gq3r6sjc3k6k37ny5i8n395f9r96i9gp-cmocka-1.1.7/lib/libcmocka.so.0+0x33e1) SUMMARY: AddressSanitizer: bad-free (/build/source/test/fuzz/init-token-label.fuzz32+0x1931a8) ==7182==ABORTING MS: 0 ; base unit: 0000000000000000000000000000000000000000 artifact_prefix='./'; Test unit written to ./crash-da39a3ee5e6b4b0d3255bfef95601890afd80709 Base64: + exit 1 FAIL test/fuzz/init-token-label.fuzz32 (exit status: 1) ============================================================================ Testsuite summary for tpm2-pkcs11 1.9.1 ============================================================================ # TOTAL: 14 # PASS: 8 # SKIP: 3 # XFAIL: 0 # FAIL: 3 # XPASS: 0 # ERROR: 0 ============================================================================ See ./test-suite.log Please report to https://github.com/tpm2-software/tpm2-pkcs11/issues ============================================================================ make[2]: *** [Makefile:2758: test-suite.log] Error 1 make[2]: Leaving directory '/build/source' make[1]: *** [Makefile:2866: check-TESTS] Error 2 make[1]: Leaving directory '/build/source' make: *** [Makefile:3197: check-am] Error 2
The text was updated successfully, but these errors were encountered:
No branches or pull requests
Hi there,
I've got a few failures with the fuzzer on 1.9.1 and am wondering if I should be concerned about them.
This is in nixpkgs:
The text was updated successfully, but these errors were encountered: