oss-fuzz
oss-fuzz copied to clipboard
google
[nginx unit] initial integration
hello @thresheek @andrey-zelenkov
Any thoughts on integration for fuzzing? can you take a look at the harness for both HTTP & JSON parser?
Signed-off-by: 0x34d [email protected]
Before I merge this, can you confirm that upstream agreed to this? I see the email address unit@nginx looks like a list which means no one from upstream will have access to any bugs.
Before I merge this, can you confirm that upstream agreed to this? I see the email address unit@nginx looks like a list which means no one from upstream will have access to any bugs.
Before I merge this, can you confirm that upstream agreed to this? I see the email address unit@nginx looks like a list which means no one from upstream will have access to any bugs.
Working on it.
Hello @andrey-zelenkov
I'm having an issue regarding memory leaks in nxt_http_fields_hash.
nxt_lvlhsh_t hash needs to be free ?
=================================================================
==17121==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 256 byte(s) in 1 object(s) allocated from:
#0 0x523bfd in __interceptor_posix_memalign (/home/Ez/project/unit/fuzzer/Fuzz_http+0x523bfd) (BuildId: bc6f9d9d4346496fc0c3545afb8d3bce446b2e53)
#1 0x57b58c in nxt_memalign /home/Ez/project/unit/src/nxt_malloc.c:134:11
#2 0x57b58c in nxt_lvlhsh_alloc /home/Ez/project/unit/src/nxt_malloc.c:96:12
#3 0x5b5c06 in nxt_lvlhsh_convert_bucket_to_level /home/Ez/project/unit/src/nxt_lvlhsh.c:465:11
#4 0x5b32ad in nxt_lvlhsh_bucket_insert /home/Ez/project/unit/src/nxt_lvlhsh.c:436:15
#5 0x5b2cd0 in nxt_lvlhsh_insert /home/Ez/project/unit/src/nxt_lvlhsh.c:277:20
#6 0x5de642 in nxt_http_fields_hash /home/Ez/project/unit/src/nxt_http_parse.c:1206:15
#7 0x570fde in LLVMFuzzerTestOneInput /home/Ez/project/unit/fuzzer/Fuzz_http.c:45:10
#8 0x450fa1 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/home/Ez/project/unit/fuzzer/Fuzz_http+0x450fa1) (BuildId: bc6f9d9d4346496fc0c3545afb8d3bce446b2e53)
#9 0x43105f in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) (/home/Ez/project/unit/fuzzer/Fuzz_http+0x43105f) (BuildId: bc6f9d9d4346496fc0c3545afb8d3bce446b2e53)
#10 0x438660 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/home/Ez/project/unit/fuzzer/Fuzz_http+0x438660) (BuildId: bc6f9d9d4346496fc0c3545afb8d3bce446b2e53)
#11 0x427da6 in main (/home/Ez/project/unit/fuzzer/Fuzz_http+0x427da6) (BuildId: bc6f9d9d4346496fc0c3545afb8d3bce446b2e53)
#12 0x7f25c57b054f in __libc_start_call_main (/lib64/libc.so.6+0x2954f) (BuildId: 9b7d731d92528db48798ae00fd91905fc0904736)
Indirect leak of 320 byte(s) in 5 object(s) allocated from:
#0 0x523bfd in __interceptor_posix_memalign (/home/Ez/project/unit/fuzzer/Fuzz_http+0x523bfd) (BuildId: bc6f9d9d4346496fc0c3545afb8d3bce446b2e53)
#1 0x57b58c in nxt_memalign /home/Ez/project/unit/src/nxt_malloc.c:134:11
#2 0x57b58c in nxt_lvlhsh_alloc /home/Ez/project/unit/src/nxt_malloc.c:96:12
#3 0x5b3587 in nxt_lvlhsh_new_bucket /home/Ez/project/unit/src/nxt_lvlhsh.c:292:14
#4 0x5b3587 in nxt_lvlhsh_level_insert /home/Ez/project/unit/src/nxt_lvlhsh.c:335:11
#5 0x5b2cb4 in nxt_lvlhsh_insert /home/Ez/project/unit/src/nxt_lvlhsh.c:280:16
#6 0x5de642 in nxt_http_fields_hash /home/Ez/project/unit/src/nxt_http_parse.c:1206:15
#7 0x570fde in LLVMFuzzerTestOneInput /home/Ez/project/unit/fuzzer/Fuzz_http.c:45:10
#8 0x450fa1 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/home/Ez/project/unit/fuzzer/Fuzz_http+0x450fa1) (BuildId: bc6f9d9d4346496fc0c3545afb8d3bce446b2e53)
#9 0x43105f in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) (/home/Ez/project/unit/fuzzer/Fuzz_http+0x43105f) (BuildId: bc6f9d9d4346496fc0c3545afb8d3bce446b2e53)
#10 0x438660 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/home/Ez/project/unit/fuzzer/Fuzz_http+0x438660) (BuildId: bc6f9d9d4346496fc0c3545afb8d3bce446b2e53)
#11 0x427da6 in main (/home/Ez/project/unit/fuzzer/Fuzz_http+0x427da6) (BuildId: bc6f9d9d4346496fc0c3545afb8d3bce446b2e53)
#12 0x7f25c57b054f in __libc_start_call_main (/lib64/libc.so.6+0x2954f) (BuildId: 9b7d731d92528db48798ae00fd91905fc0904736)
Indirect leak of 256 byte(s) in 4 object(s) allocated from:
#0 0x523bfd in __interceptor_posix_memalign (/home/Ez/project/unit/fuzzer/Fuzz_http+0x523bfd) (BuildId: bc6f9d9d4346496fc0c3545afb8d3bce446b2e53)
#1 0x57b58c in nxt_memalign /home/Ez/project/unit/src/nxt_malloc.c:134:11
#2 0x57b58c in nxt_lvlhsh_alloc /home/Ez/project/unit/src/nxt_malloc.c:96:12
#3 0x5b60e2 in nxt_lvlhsh_new_bucket /home/Ez/project/unit/src/nxt_lvlhsh.c:292:14
#4 0x5b60e2 in nxt_lvlhsh_level_convertion_insert /home/Ez/project/unit/src/nxt_lvlhsh.c:527:15
#5 0x5b60e2 in nxt_lvlhsh_convert_bucket_to_level /home/Ez/project/unit/src/nxt_lvlhsh.c:496:15
#6 0x5b32ad in nxt_lvlhsh_bucket_insert /home/Ez/project/unit/src/nxt_lvlhsh.c:436:15
#7 0x5b2cd0 in nxt_lvlhsh_insert /home/Ez/project/unit/src/nxt_lvlhsh.c:277:20
#8 0x5de642 in nxt_http_fields_hash /home/Ez/project/unit/src/nxt_http_parse.c:1206:15
#9 0x570fde in LLVMFuzzerTestOneInput /home/Ez/project/unit/fuzzer/Fuzz_http.c:45:10
#10 0x450fa1 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/home/Ez/project/unit/fuzzer/Fuzz_http+0x450fa1) (BuildId: bc6f9d9d4346496fc0c3545afb8d3bce446b2e53)
#11 0x43105f in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) (/home/Ez/project/unit/fuzzer/Fuzz_http+0x43105f) (BuildId: bc6f9d9d4346496fc0c3545afb8d3bce446b2e53)
#12 0x438660 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/home/Ez/project/unit/fuzzer/Fuzz_http+0x438660) (BuildId: bc6f9d9d4346496fc0c3545afb8d3bce446b2e53)
#13 0x427da6 in main (/home/Ez/project/unit/fuzzer/Fuzz_http+0x427da6) (BuildId: bc6f9d9d4346496fc0c3545afb8d3bce446b2e53)
#14 0x7f25c57b054f in __libc_start_call_main (/lib64/libc.so.6+0x2954f) (BuildId: 9b7d731d92528db48798ae00fd91905fc0904736)
Indirect leak of 64 byte(s) in 1 object(s) allocated from:
#0 0x523bfd in __interceptor_posix_memalign (/home/Ez/project/unit/fuzzer/Fuzz_http+0x523bfd) (BuildId: bc6f9d9d4346496fc0c3545afb8d3bce446b2e53)
#1 0x57b58c in nxt_memalign /home/Ez/project/unit/src/nxt_malloc.c:134:11
#2 0x57b58c in nxt_lvlhsh_alloc /home/Ez/project/unit/src/nxt_malloc.c:96:12
#3 0x5b3587 in nxt_lvlhsh_new_bucket /home/Ez/project/unit/src/nxt_lvlhsh.c:292:14
#4 0x5b3587 in nxt_lvlhsh_level_insert /home/Ez/project/unit/src/nxt_lvlhsh.c:335:11
#5 0x5b32d6 in nxt_lvlhsh_bucket_insert /home/Ez/project/unit/src/nxt_lvlhsh.c:439:20
#6 0x5b2cd0 in nxt_lvlhsh_insert /home/Ez/project/unit/src/nxt_lvlhsh.c:277:20
#7 0x5de642 in nxt_http_fields_hash /home/Ez/project/unit/src/nxt_http_parse.c:1206:15
#8 0x570fde in LLVMFuzzerTestOneInput /home/Ez/project/unit/fuzzer/Fuzz_http.c:45:10
#9 0x450fa1 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/home/Ez/project/unit/fuzzer/Fuzz_http+0x450fa1) (BuildId: bc6f9d9d4346496fc0c3545afb8d3bce446b2e53)
#10 0x43105f in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) (/home/Ez/project/unit/fuzzer/Fuzz_http+0x43105f) (BuildId: bc6f9d9d4346496fc0c3545afb8d3bce446b2e53)
#11 0x438660 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/home/Ez/project/unit/fuzzer/Fuzz_http+0x438660) (BuildId: bc6f9d9d4346496fc0c3545afb8d3bce446b2e53)
#12 0x427da6 in main (/home/Ez/project/unit/fuzzer/Fuzz_http+0x427da6) (BuildId: bc6f9d9d4346496fc0c3545afb8d3bce446b2e53)
#13 0x7f25c57b054f in __libc_start_call_main (/lib64/libc.so.6+0x2954f) (BuildId: 9b7d731d92528db48798ae00fd91905fc0904736)
SUMMARY: AddressSanitizer: 896 byte(s) leaked in 11 allocation(s).