Fund: FuzzRegexPosixBasic: AK/Vector.h:138 Assertion `i < m_size' failed.

When I fuzz with FuzzRegexPosixBasic I found an assertion failure. Here is the crash file

^]^].^]^]^A^],^]^]^A^]\[\]\{\}\(\)\%\^\#\ ^]^]w$^]%
^]^]^].^]^]^A^],^]^]^A^]9^]^[^]^]^]^]^]^]^]w^]0.1^]^]^]^A^]^]w^]w^A^]9^]^[^]^]^]^]^]^]^]]^]^]^]^]^]^]^]^]w^A^]>

FuzzRegexPosixExtended also affected

Here is the stack trace

aldo@vps:~/serenity/Build/lagom-fuzzers/Fuzzers$ ASAN_OPTIONS=symbolize=1 ASAN_SYMBOLIZER_PATH=/usr/bin/llvm-symbolizer ./FuzzRegexPosixExtended crash-176eadb0d24308a994fabf0a4ca92d3cfc02490a
INFO: Running with entropic power schedule (0xFF, 100).
INFO: Seed: 812280532
INFO: Loaded 4 modules   (73736 inline 8-bit counters): 35556 [0x7ffff784d1a0, 0x7ffff7855c84), 5991 [0x7ffff79b8e30, 0x7ffff79ba597), 31880 [0x7ffff7d4ff90, 0x7ffff7d57c18), 309 [0x5b8af8, 0x5b8c2d),
INFO: Loaded 4 PC tables (73736 PCs): 35556 [0x7ffff7855c88,0x7ffff78e0ac8), 5991 [0x7ffff79ba598,0x7ffff79d1c08), 31880 [0x7ffff7d57c18,0x7ffff7dd4498), 309 [0x5b8c30,0x5b9f80),
./FuzzRegexPosixExtended: Running 1 inputs 1 time(s) each.
Running: crash-176eadb0d24308a994fabf0a4ca92d3cfc02490a
FuzzRegexPosixExtended: /home/aldo/serenity/Meta/Lagom/../../AK/Vector.h:138: T &AK::Vector<AK::Vector<unsigned long, 0>, 0>::at(size_t) [T = AK::Vector<unsigned long, 0>, inline_capacity = 0]: Assertion `i < m_size' failed.
==2155386== ERROR: libFuzzer: deadly signal
    #0 0x52c421 in __sanitizer_print_stack_trace (/home/aldo/serenity/Build/lagom-fuzzers/Fuzzers/FuzzRegexPosixExtended+0x52c421)
    #1 0x474718 in fuzzer::PrintStackTrace() (/home/aldo/serenity/Build/lagom-fuzzers/Fuzzers/FuzzRegexPosixExtended+0x474718)
    #2 0x4597a3 in fuzzer::Fuzzer::CrashCallback() (/home/aldo/serenity/Build/lagom-fuzzers/Fuzzers/FuzzRegexPosixExtended+0x4597a3)
    #3 0x7ffff731b3bf  (/lib/x86_64-linux-gnu/libpthread.so.0+0x153bf)
    #4 0x7ffff6fa218a in __libc_signal_restore_set /build/glibc-eX1tMB/glibc-2.31/signal/../sysdeps/unix/sysv/linux/internal-signals.h:86:3
    #5 0x7ffff6fa218a in raise /build/glibc-eX1tMB/glibc-2.31/signal/../sysdeps/unix/sysv/linux/raise.c:48:3
    #6 0x7ffff6f81858 in abort /build/glibc-eX1tMB/glibc-2.31/stdlib/abort.c:79:7
    #7 0x7ffff6f81728 in __assert_fail_base /build/glibc-eX1tMB/glibc-2.31/assert/assert.c:92:3
    #8 0x7ffff6f92f35 in __assert_fail /build/glibc-eX1tMB/glibc-2.31/assert/assert.c:101:3
    #9 0x7ffff7b6cdb7 in AK::Vector<AK::Vector<unsigned long, 0ul>, 0ul>::at(unsigned long) /home/aldo/serenity/Meta/Lagom/../../AK/Vector.h:138:9
    #10 0x7ffff7b6cdb7 in AK::Vector<AK::Vector<unsigned long, 0ul>, 0ul>::last() /home/aldo/serenity/Meta/Lagom/../../AK/Vector.h:152:24
    #11 0x7ffff7b6c91d in AK::DisjointChunks<unsigned long, AK::Vector<unsigned long, 0ul> >::chunk_around(unsigned long) /home/aldo/serenity/Meta/Lagom/../../AK/DisjointChunks.h:340:27
    #12 0x7ffff7bf3e76 in AK::DisjointChunks<unsigned long, AK::Vector<unsigned long, 0ul> >::insert(unsigned long, unsigned long) /home/aldo/serenity/Meta/Lagom/../../AK/DisjointChunks.h:196:33
    #13 0x7ffff7c9b03a in void regex::ByteCode::transform_bytecode_repetition_min_max<unsigned int>(regex::ByteCode&, unsigned int, AK::Optional<unsigned int>, unsigned long, unsigned long, bool) /home/aldo/serenity/Userland/Libraries/LibRegex/RegexByteCode.h:410:26
    #14 0x7ffff7c494b2 in regex::PosixExtendedParser::parse_repetition_symbol(regex::ByteCode&, unsigned long&) /home/aldo/serenity/Userland/Libraries/LibRegex/RegexParser.cpp:626:9
    #15 0x7ffff7c494b2 in regex::PosixExtendedParser::parse_sub_expression(regex::ByteCode&, unsigned long&) /home/aldo/serenity/Userland/Libraries/LibRegex/RegexParser.cpp:867:13
    #16 0x7ffff7c494b2 in regex::PosixExtendedParser::parse_root(regex::ByteCode&, unsigned long&) /home/aldo/serenity/Userland/Libraries/LibRegex/RegexParser.cpp:887:14
    #17 0x7ffff7c2cd6c in regex::Parser::parse(AK::Optional<regex::RegexOptions<regex::AllFlags> >) /home/aldo/serenity/Userland/Libraries/LibRegex/RegexParser.cpp:187:9
    #18 0x7ffff7ba3622 in regex::Regex<regex::PosixExtendedParser>::Regex(AK::String, regex::RegexOptions<regex::PosixFlags>) /home/aldo/serenity/Userland/Libraries/LibRegex/RegexMatcher.cpp:44:28
    #19 0x55756c in LLVMFuzzerTestOneInput /home/aldo/serenity/Meta/Lagom/Fuzzers/FuzzRegexPosixExtended.cpp:15:32
    #20 0x45af41 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/home/aldo/serenity/Build/lagom-fuzzers/Fuzzers/FuzzRegexPosixExtended+0x45af41)
    #21 0x444bf2 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) (/home/aldo/serenity/Build/lagom-fuzzers/Fuzzers/FuzzRegexPosixExtended+0x444bf2)
    #22 0x44af60 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/home/aldo/serenity/Build/lagom-fuzzers/Fuzzers/FuzzRegexPosixExtended+0x44af60)
    #23 0x474ef2 in main (/home/aldo/serenity/Build/lagom-fuzzers/Fuzzers/FuzzRegexPosixExtended+0x474ef2)
    #24 0x7ffff6f830b2 in __libc_start_main /build/glibc-eX1tMB/glibc-2.31/csu/../csu/libc-start.c:308:16
    #25 0x41f70d in _start (/home/aldo/serenity/Build/lagom-fuzzers/Fuzzers/FuzzRegexPosixExtended+0x41f70d)

NOTE: libFuzzer has rudimentary signal handlers.
      Combine libFuzzer with AddressSanitizer or similar for better crash reports.
SUMMARY: libFuzzer: deadly signal

SerenityOS/serenity

FuzzRegexPosixBasic: AK/Vector.h:138 Assertion `i < m_size' failed.

How does funding with Polar work?

Backer

Contributor

Maintainer

SerenityOS/serenity

FuzzRegexPosixBasic: AK/Vector.h:138 Assertion `i < m_size' failed.

How does funding with Polar work?

Backer

Why does "Fund on completion" require GitHub login?

When is the invoice due for "Fund on completion"?

What happens if the issue is never completed?

Do I get any extra benefits by funding?

Do I get progress updates?

Contributor

Do I get a reward?

Is rewards guaranteed?

Maintainer

How can I get funding like this for my open source initiatives?