solidity icon indicating copy to clipboard operation
solidity copied to clipboard
verified publisher icon ethereum

strictasm_diff_ossfuzz: terminating with uncaught exception in `YulStack::reparse()`

Open gal1ium opened this issue 6 months ago • 0 comments

Description

Hi! We found a crashing test case when testing with the strictasm_diff_ossfuzz fuzzing driver

Environment

  • latest solidity version with the strictasm_diff_ossfuzz fuzzing driver

Steps to Reproduce

POC:

object "outer" {
    code {}
    object "inner" {
        code {}
        data "\r" ""
    }
}

Error output:

libc++abi: terminating with uncaught exception of type boost::wrapexcept<solidity::yul::YulAssertion>: object "outer" {
    code { { } }
    object "inner" {
        code { { } }
" hex"" data "
    }
}


Invalid IR generated:
Error: Expected 'StringLiteral' but got 'ILLEGAL'
 --> source:5:14:
  |
" hex""     data "
  |              ^



==2259631== ERROR: libFuzzer: deadly signal
    #0 0x4d6971 in __sanitizer_print_stack_trace /src/llvm-project/compiler-rt/lib/asan/asan_stack.cpp:87:3
    #1 0x536d5a in fuzzer::PrintStackTrace() /tmp/libfuzzer/./FuzzerUtil.cpp:205:5
    #2 0x516f48 in fuzzer::Fuzzer::CrashCallback() /tmp/libfuzzer/./FuzzerLoop.cpp:236:3
    #3 0x516f03 in fuzzer::Fuzzer::StaticCrashSignalCallback() /tmp/libfuzzer/./FuzzerLoop.cpp:208:6
    #4 0x7f824b15f51f  (/lib/x86_64-linux-gnu/libc.so.6+0x4251f) (BuildId: cd410b710f0f094c6832edd95931006d883af48e)
    #5 0x7f824b1b39fb in __pthread_kill_implementation nptl/pthread_kill.c:43:17
    #6 0x7f824b1b39fb in __pthread_kill_internal nptl/pthread_kill.c:78:10
    #7 0x7f824b1b39fb in pthread_kill nptl/pthread_kill.c:89:10
    #8 0x7f824b15f475 in gsignal signal/../sysdeps/posix/raise.c:26:13
    #9 0x7f824b1457f2 in abort stdlib/abort.c:79:7
    #10 0x1175125 in abort_message (/strictasm_diff_ossfuzz+0x1175125)
    #11 0x117e22e in demangling_terminate_handler() cxa_default_handlers.cpp
    #12 0x1174ba2 in std::__terminate(void (*)()) (/strictasm_diff_ossfuzz+0x1174ba2)
    #13 0x1176965 in __cxxabiv1::failed_throw(__cxxabiv1::__cxa_exception*) cxa_exception.cpp
    #14 0x11768ff in __cxa_throw (/strictasm_diff_ossfuzz+0x11768ff)
    #15 0x53c153 in void boost::throw_exception<solidity::yul::YulAssertion>(solidity::yul::YulAssertion const&) /usr/include/boost/throw_exception.hpp:165:5
    #16 0x5dffc7 in solidity::yul::YulStack::reparse() /src/solidity/libyul/YulStack.cpp:220:2
    #17 0x5ddaa5 in solidity::yul::YulStack::optimize() /src/solidity/libyul/YulStack.cpp:145:3
    #18 0x53979f in LLVMFuzzerTestOneInput /src/solidity/test/tools/ossfuzz/strictasm_diff_ossfuzz.cpp:99:8

gal1ium avatar May 28 '25 05:05 gal1ium