jsoncpp icon indicating copy to clipboard operation
jsoncpp copied to clipboard
verified publisher icon open-source-parsers

MemorySanitizer: use-of-uninitialized-value

Open fceval opened this issue 2 months ago • 0 comments

Describe the bug ==2620602==WARNING: MemorySanitizer: use-of-uninitialized-value FUNCTIONSTARTstd::_Rb_tree<Json::Value::CZString, std::pair<Json::Value::CZString const, Json::Value>, std::_Select1st<std::pair<Json::Value::CZString const, Json::Value> >, std::lessJson::Value::CZString, std::allocator<std::pair<Json::Value::CZString const, Json::Value> > >::_M_lower_bound(std::_Rb_tree_node<std::pair<Json::Value::CZString const, Json::Value> >, std::_Rb_tree_node_base, Json::Value::CZString const&)FUNCTIONEND----LOCATIONSTART/usr/lib/gcc/x86_64-linux-gnu/9/../../../../include/c++/9/bits/stl_tree.h:1933:7LOCATIONEND----FRAMESTART0FRAMEEND FUNCTIONSTARTstd::_Rb_tree<Json::Value::CZString, std::pair<Json::Value::CZString const, Json::Value>, std::_Select1st<std::pair<Json::Value::CZString const, Json::Value> >, std::lessJson::Value::CZString, std::allocator<std::pair<Json::Value::CZString const, Json::Value> > >::lower_bound(Json::Value::CZString const&)FUNCTIONEND----LOCATIONSTART/usr/lib/gcc/x86_64-linux-gnu/9/../../../../include/c++/9/bits/stl_tree.h:1287:16LOCATIONEND----FRAMESTART1FRAMEEND FUNCTIONSTARTstd::map<Json::Value::CZString, Json::Value, std::lessJson::Value::CZString, std::allocator<std::pair<Json::Value::CZString const, Json::Value> > >::lower_bound(Json::Value::CZString const&)FUNCTIONEND----LOCATIONSTART/usr/lib/gcc/x86_64-linux-gnu/9/../../../../include/c++/9/bits/stl_map.h:1258:21LOCATIONEND----FRAMESTART2FRAMEEND FUNCTIONSTARTJson::Value::resolveReference(char const*, char const*)FUNCTIONEND----LOCATIONSTARTout_jsoncpp/CRASHMSAN/repo/src/lib_json/json_value.cpp:1099:26LOCATIONEND----FRAMESTART3FRAMEEND FUNCTIONSTARTJson::Value::operator[](char const*)FUNCTIONEND----LOCATIONSTARTout_jsoncpp/CRASHMSAN/repo/src/lib_json/json_value.cpp:1201:10LOCATIONEND----FRAMESTART4FRAMEEND FUNCTIONSTARTJson::CharReaderBuilder::setDefaults(Json::Value*)FUNCTIONEND----LOCATIONSTARTout_jsoncpp/CRASHMSAN/repo/src/lib_json/json_reader.cpp:1940:3LOCATIONEND----FRAMESTART5FRAMEEND FUNCTIONSTARTJson::CharReaderBuilder::CharReaderBuilder()FUNCTIONEND----LOCATIONSTARTout_jsoncpp/CRASHMSAN/repo/src/lib_json/json_reader.cpp:1867:42LOCATIONEND----FRAMESTART6FRAMEEND FUNCTIONSTARTLLVMFuzzerTestOneInputFUNCTIONEND----LOCATIONSTARTout_jsoncpp/CRASHMSAN/repo/build/../src/test_lib_json/fuzz.cpp:19:27LOCATIONEND----FRAMESTART7FRAMEEND FUNCTIONSTARTmainFUNCTIONEND----LOCATIONSTARTout_jsoncpp/CRASHMSAN/repo/build/../standaloneengine.cc:50:11LOCATIONEND----FRAMESTART8FRAMEEND FUNCTIONSTART__libc_start_mainFUNCTIONEND----LOCATIONSTART/build/glibc-B3wQXB/glibc-2.31/csu/../csu/libc-start.c:308:16LOCATIONEND----FRAMESTART9FRAMEEND FUNCTIONSTART_startFUNCTIONEND----LOCATIONSTARTLOCATIONEND----FRAMESTART10FRAMEEND

Uninitialized value was created by a heap allocation FUNCTIONSTARToperator new(unsigned long)FUNCTIONEND----LOCATIONSTART/home/SVF-tools/llvm-14.0.0.src/compiler-rt/lib/msan/msan_new_delete.cpp:45:35LOCATIONEND----FRAMESTART0FRAMEEND FUNCTIONSTART__gnu_cxx::new_allocator<std::_Rb_tree_node<std::pair<Json::Value::CZString const, Json::Value> > >::allocate(unsigned long, void const*)FUNCTIONEND----LOCATIONSTART/usr/lib/gcc/x86_64-linux-gnu/9/../../../../include/c++/9/ext/new_allocator.h:114:27LOCATIONEND----FRAMESTART1FRAMEEND FUNCTIONSTARTstd::allocator_traits<std::allocator<std::_Rb_tree_node<std::pair<Json::Value::CZString const, Json::Value> > > >::allocate(std::allocator<std::_Rb_tree_node<std::pair<Json::Value::CZString const, Json::Value> > >&, unsigned long)FUNCTIONEND----LOCATIONSTART/usr/lib/gcc/x86_64-linux-gnu/9/../../../../include/c++/9/bits/alloc_traits.h:443:20LOCATIONEND----FRAMESTART2FRAMEEND FUNCTIONSTARTstd::_Rb_tree<Json::Value::CZString, std::pair<Json::Value::CZString const, Json::Value>, std::_Select1st<std::pair<Json::Value::CZString const, Json::Value> >, std::lessJson::Value::CZString, std::allocator<std::pair<Json::Value::CZString const, Json::Value> > >::_M_get_node()FUNCTIONEND----LOCATIONSTART/usr/lib/gcc/x86_64-linux-gnu/9/../../../../include/c++/9/bits/stl_tree.h:580:16LOCATIONEND----FRAMESTART3FRAMEEND FUNCTIONSTARTstd::_Rb_tree_node<std::pair<Json::Value::CZString const, Json::Value> >* std::_Rb_tree<Json::Value::CZString, std::pair<Json::Value::CZString const, Json::Value>, std::_Select1st<std::pair<Json::Value::CZString const, Json::Value> >, std::lessJson::Value::CZString, std::allocator<std::pair<Json::Value::CZString const, Json::Value> > >::_M_create_node<std::pair<Json::Value::CZString const, Json::Value>&>(std::pair<Json::Value::CZString const, Json::Value>&)FUNCTIONEND----LOCATIONSTART/usr/lib/gcc/x86_64-linux-gnu/9/../../../../include/c++/9/bits/stl_tree.h:630:23LOCATIONEND----FRAMESTART4FRAMEEND FUNCTIONSTARTstd::_Rb_tree_iterator<std::pair<Json::Value::CZString const, Json::Value> > std::_Rb_tree<Json::Value::CZString, std::pair<Json::Value::CZString const, Json::Value>, std::_Select1st<std::pair<Json::Value::CZString const, Json::Value> >, std::lessJson::Value::CZString, std::allocator<std::pair<Json::Value::CZString const, Json::Value> > >::_M_emplace_hint_unique<std::pair<Json::Value::CZString const, Json::Value>&>(std::_Rb_tree_const_iterator<std::pair<Json::Value::CZString const, Json::Value> >, std::pair<Json::Value::CZString const, Json::Value>&)FUNCTIONEND----LOCATIONSTART/usr/lib/gcc/x86_64-linux-gnu/9/../../../../include/c++/9/bits/stl_tree.h:2460:19LOCATIONEND----FRAMESTART5FRAMEEND FUNCTIONSTARTstd::enable_if<is_constructible<std::pair<Json::Value::CZString const, Json::Value>, std::pair<Json::Value::CZString const, Json::Value>&>::value, std::_Rb_tree_iterator<std::pair<Json::Value::CZString const, Json::Value> > >::type std::map<Json::Value::CZString, Json::Value, std::lessJson::Value::CZString, std::allocator<std::pair<Json::Value::CZString const, Json::Value> > >::insert<std::pair<Json::Value::CZString const, Json::Value>&>(std::_Rb_tree_const_iterator<std::pair<Json::Value::CZString const, Json::Value> >, std::pair<Json::Value::CZString const, Json::Value>&)FUNCTIONEND----LOCATIONSTART/usr/lib/gcc/x86_64-linux-gnu/9/../../../../include/c++/9/bits/stl_map.h:875:16LOCATIONEND----FRAMESTART6FRAMEEND FUNCTIONSTARTJson::Value::resolveReference(char const*, char const*)FUNCTIONEND----LOCATIONSTARTout_jsoncpp/CRASHMSAN/repo/src/lib_json/json_value.cpp:1104:21LOCATIONEND----FRAMESTART7FRAMEEND FUNCTIONSTARTJson::Value::operator[](char const*)FUNCTIONEND----LOCATIONSTARTout_jsoncpp/CRASHMSAN/repo/src/lib_json/json_value.cpp:1201:10LOCATIONEND----FRAMESTART8FRAMEEND FUNCTIONSTARTJson::CharReaderBuilder::setDefaults(Json::Value*)FUNCTIONEND----LOCATIONSTARTout_jsoncpp/CRASHMSAN/repo/src/lib_json/json_reader.cpp:1939:3LOCATIONEND----FRAMESTART9FRAMEEND FUNCTIONSTARTJson::CharReaderBuilder::CharReaderBuilder()FUNCTIONEND----LOCATIONSTARTout_jsoncpp/CRASHMSAN/repo/src/lib_json/json_reader.cpp:1867:42LOCATIONEND----FRAMESTART10FRAMEEND FUNCTIONSTARTLLVMFuzzerTestOneInputFUNCTIONEND----LOCATIONSTARTout_jsoncpp/CRASHMSAN/repo/build/../src/test_lib_json/fuzz.cpp:19:27LOCATIONEND----FRAMESTART11FRAMEEND FUNCTIONSTARTmainFUNCTIONEND----LOCATIONSTARTout_jsoncpp/CRASHMSAN/repo/build/../standaloneengine.cc:50:11LOCATIONEND----FRAMESTART12FRAMEEND FUNCTIONSTART__libc_start_mainFUNCTIONEND----LOCATIONSTART/build/glibc-B3wQXB/glibc-2.31/csu/../csu/libc-start.c:308:16LOCATIONEND----FRAMESTART13FRAMEEND

SUMMARY: MemorySanitizer: use-of-uninitialized-value /usr/lib/gcc/x86_64-linux-gnu/9/../../../../include/c++/9/bits/stl_tree.h:1933:7 in std::_Rb_tree<Json::Value::CZString, std::pair<Json::Value::CZString const, Json::Value>, std::_Select1st<std::pair<Json::Value::CZString const, Json::Value> >, std::lessJson::Value::CZString, std::allocator<std::pair<Json::Value::CZString const, Json::Value> > >::_M_lower_bound(std::_Rb_tree_node<std::pair<Json::Value::CZString const, Json::Value> >, std::_Rb_tree_node_base, Json::Value::CZString const&) Exiting

To Reproduce Steps to reproduce the behavior:

  1. compile with Clang using the build command in buildcmd.txt. bug detail

  2. execute the program binary with memory sanitizer with the pocs . bug detail

Expected behavior A clear and concise description of what you expected to happen.

Desktop (please complete the following information):

  • OS: UBUNTU
  • Clang: 14.0.0

Additional context More detail is depicted in bug detail

fceval avatar Nov 08 '25 03:11 fceval