2207531 – Fuzzer founds issue: ERROR: AddressSanitizer: SEGV on unknown address

Bug 2207531 - Fuzzer founds issue: ERROR: AddressSanitizer: SEGV on unknown address

Summary: Fuzzer founds issue: ERROR: AddressSanitizer: SEGV on unknown address

Keywords:
Status:	VERIFIED
Alias:	None
Product:	Red Hat Enterprise Linux 8
Classification:	Red Hat
Component:	zlib
Sub Component:
Version:	8.9
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	rc
Target Release:	---
Assignee:	Lukas Javorsky
QA Contact:	Dita Stehlikova
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2023-05-16 08:10 UTC by Lukas Javorsky
Modified:	2023-07-30 20:20 UTC (History)
CC List:	5 users (show)
Fixed In Version:	zlib-1.2.11-25.el8
Doc Type:	No Doc Update
Doc Text:
Clone Of:
Environment:
Last Closed:
Type:	Bug
Target Upstream Version:
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Issue Tracker	RHELPLAN-157407	0	None	None	None	2023-05-16 17:34:26 UTC

Description Lukas Javorsky 2023-05-16 08:10:55 UTC

This bug was initially created as a copy of Bug #2167803

I am copying this bug because: 



Description of problem:
Issue reported by Ilya Leoshkevich from IBM

The tests pass, but fuzzing finds something:

==290951==ERROR: AddressSanitizer: SEGV on unknown address
0x62d100000000 (pc 0x0000011806be bp 0x03ffffff5a70 sp 0x03ffffff5a70
T0)
==290951==The signal is caused by a UNKNOWN memory access.
    #0 0x11806be in fill_window /home/iii/zlib-fuzz/build/zlib/build-
libfuzzer/deflate.c:1604:24
    #1 0x119d31f in deflate_fast /home/iii/zlib-fuzz/build/zlib/build-
libfuzzer/deflate.c:1902:13
    #2 0x118e60f in deflate /home/iii/zlib-fuzz/build/zlib/build-
libfuzzer/deflate.c:1066:18
    #3 0x1174983 in Deflate /home/iii/zlib-fuzz/fuzz_target.cpp:250:13
    #4 0x1174983 in RunDeflateOp /home/iii/zlib-
fuzz/fuzz_target.cpp:795:15
    #5 0x1174983 in ExecutePlan /home/iii/zlib-
fuzz/fuzz_target.cpp:1006:5
    #6 0x1174983 in LLVMFuzzerTestOneInput /home/iii/zlib-
fuzz/fuzz_target.cpp:1075:3


Ilya also found a fix for this issue that has been committed by upstream author:
https://github.com/madler/zlib/commit/2d80d3f6b52f9fa454c26c89d2d6a1790e1cecb0

Comment 1 Lukas Javorsky 2023-05-16 10:22:45 UTC

MR: https://gitlab.com/redhat/centos-stream/rpms/zlib/-/merge_requests/27

Comment 2 Lukas Javorsky 2023-05-17 18:52:18 UTC

Merged

Note You need to log in before you can comment on or make changes to this bug.