seladb
Regression tests fail with Memory sanitizer
As discussed in https://github.com/seladb/PcapPlusPlus/pull/918 a separated tracking issue.
Steps to reproduce - add the following configuration to .cirrus.yml:
task:
name: Regression Tests Linux (Memory Behavior Sanitizer)
container:
image: seladb/ubuntu1804:latest
configure_script:
- ./configure-fuzzing.sh --sanitizer memory
- ldconfig
build_script:
- make fuzzers
test_script:
- cd Tests/Fuzzers/RegressionTests && ./run_tests.sh
Most tests fail with the stack similar to:
==489==WARNING: MemorySanitizer: use-of-uninitialized-value
#1 0x6e8e93 in std::_Rb_tree<unsigned short, std::pair<unsigned short const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::_Select1st<std::pair<unsigned short const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >, std::less<unsigned short>, std::allocator<std::pair<unsigned short const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > >::lower_bound(unsigned short const&) /usr/bin/../lib/gcc/x86_64-linux-gnu/7.5.0/../../../../include/c++/7.5.0/bits/stl_tree.h:1187:16
#3 0x6dde52 in std::map<unsigned short, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::less<unsigned short>, std::allocator<std::pair<unsigned short const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > >::operator[](unsigned short&&) /usr/bin/../lib/gcc/x86_64-linux-gnu/7.5.0/../../../../include/c++/7.5.0/bits/stl_map.h:509:17
#4 0x6d7796 in pcpp::createPPPNextProtoToStringMap[abi:cxx11]() /tmp/cirrus-ci-build/Packet++/src/PPPoELayer.cpp:101:2
#5 0x4328a9 in __cxx_global_var_init.130 /tmp/cirrus-ci-build/Packet++/src/PPPoELayer.cpp:236:62
#6 0x432949 in _GLOBAL__sub_I_PPPoELayer.cpp /tmp/cirrus-ci-build/Packet++/./src/PPPoELayer.cpp
#7 0x7d9b3c in __libc_csu_init (/tmp/cirrus-ci-build/Tests/Fuzzers/Bin/FuzzTarget+0x7d9b3c)
SUMMARY: MemorySanitizer: use-of-uninitialized-value /usr/bin/../lib/gcc/x86_64-linux-gnu/7.5.0/../../../../include/c++/7.5.0/bits/stl_tree.h:1871:7 in std::_Rb_tree<unsigned short, std::pair<unsigned short const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::_Select1st<std::pair<unsigned short const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >, std::less<unsigned short>, std::allocator<std::pair<unsigned short const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > >::_M_lower_bound(std::_Rb_tree_node<std::pair<unsigned short const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >*, std::_Rb_tree_node_base*, unsigned short const&)
@sashashura thanks for opening this issue. Would you consider fixing it? Also, if you're interested, there are a bunch of fuzzing issues in this repo issue list: https://github.com/seladb/PcapPlusPlus/issues?q=is%3Aissue+is%3Aopen+label%3Afuzzing
As I wrote the main issue is I cannot reproduce it locally. Maybe because I'm using the script from oss-fuzz to reproduce :/ I have quickly build the driver app and commented on all the issues that are not reproducible anymore, i.e. fixed! Feel free closing them. Regarding the not fixed ones. Unfortunately I run out of free time right now and I am quite tired of debugging crashes in multiple projects. But I expect to get back to this great project in the future.
Thank you so much @sashashura for your great contribution to this project! 🙏 ❤️
I have closed all the issues you marked as fixed.
As for this issue - let's keep it open for now. If I have time I'll try to reproduce it and see if I can fix it.
If you'd like to contribute to other areas of this project (not related to fuzz issues or crashes), please feel free to reach out and we can discuss.
@sashashura thank you so much for adding memory sanitizer to the CI! 🙏
I guess we can close this issue now?