[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Report 2 UBSan bugs found by an automatic tool

From: He Jingxuan
Subject: Report 2 UBSan bugs found by an automatic tool
Date: Wed, 30 Jun 2021 17:23:03 +0000

Dear findutils developers,

We tested findutils with an automatic tool (based on the symbolic execution 
tool KLEE). 5 test cases triggering UBSan errors were generated. We manually 
checked those test cases and filtered out benign cases. Finally, we identified 
and report 2 cases that could trigger bugs. Below is the information for 
reproducing the bugs.

- findutils version: 4.7.0
- operating system: Ubuntu 16.04.7
- compiler: clang version 6.0.0-1ubuntu2~16.04.1 (tags/RELEASE_600/final)
- compilation commands:
   mkdir obj
   cd obj
   CC=clang CFLAGS="-g -O1 -Xclang -disable-llvm-passes -D__NO_STRING_INLINES 
-D_FORTIFY_SOURCE=0 -U__OPTIMIZE__ -fsanitize=signed-integer-overflow 
-fsanitize=unsigned-integer-overflow -fsanitize=shift -fsanitize=bounds 
-fsanitize=pointer-overflow -fsanitize=null" ../configure --disable-nls 
--disable-largefile --disable-threads --without-selinux
- inputs: the attached file contains the input file A of the second bug.

bug 1 command: find -H - -delete
relevant error message: ../../find/tree.c:538:23: runtime error: member access 
within null pointer of type 'struct predicate’

bug 2 command: find -H -neweraa A
relevant error message: ../../find/parser.c:698:48: runtime error: signed 
integer overflow: 1624986826 - -9223372036854775808 cannot be represented in 
type ‘long'
Note: I think this bug depends on the timestamp and is triggered only sometimes.


Attachment: A.tar.gz
Description: A.tar.gz

reply via email to

[Prev in Thread] Current Thread [Next in Thread]