FuzzASN1: implicit conversion from type 'int' of value 16383 (32-bit, signed) to type 'u8' (aka 'unsigned char') changed the value to 255
When I fuzz with Fuzzasn1 I found an assertion failure. Here is the crash file
Here is the stack trace
aldo@vps:~/serenity/Build/lagom-fuzzers/Fuzzers$ ASAN_OPTIONS=symbolize=1,allocator_may_return_null=1 ASAN_SYMBOLIZER_PATH=/usr/bin/llvm-symbolizer ./FuzzASN1 crash-dc9ccf1c3b3898fcfb1451adf9eafdd8e3186ca6
INFO: Running with entropic power schedule (0xFF, 100).
INFO: Seed: 983455675
INFO: Loaded 4 modules (143273 inline 8-bit counters): 82058 [0x7ffff71a51b0, 0x7ffff71b923a), 30142 [0x7ffff7770070, 0x7ffff777762e), 30861 [0x7ffff7d54a20, 0x7ffff7d5c2ad), 212 [0x5b6418, 0x5b64ec),
INFO: Loaded 4 PC tables (143273 PCs): 82058 [0x7ffff71b9240,0x7ffff72f9ae0), 30142 [0x7ffff7777630,0x7ffff77ed210), 30861 [0x7ffff7d5c2b0,0x7ffff7dd4b80), 212 [0x5b64f0,0x5b7230),
./FuzzASN1: Running 1 inputs 1 time(s) each.
Running: crash-dc9ccf1c3b3898fcfb1451adf9eafdd8e3186ca6
/home/aldo/serenity/Userland/Libraries/LibCrypto/ASN1/DER.cpp:32:20: runtime error: implicit conversion from type 'int' of value 16383 (32-bit, signed) to type 'u8' (aka 'unsigned char') changed the value to 255 (8-bit, unsigned)
#0 0x7ffff7490ea3 in Crypto::ASN1::Decoder::read_tag() /home/aldo/serenity/Userland/Libraries/LibCrypto/ASN1/DER.cpp:32:20
#1 0x7ffff74ae1e7 in Crypto::ASN1::Decoder::peek() /home/aldo/serenity/Userland/Libraries/LibCrypto/ASN1/DER.cpp:198:25
#2 0x7ffff79b3f7d in TLS::Certificate::parse_asn1(AK::Span<unsigned char const>, bool) /home/aldo/serenity/Userland/Libraries/LibTLS/Certificate.cpp:99:5
#3 0x557495 in LLVMFuzzerTestOneInput /home/aldo/serenity/Meta/Lagom/Fuzzers/FuzzASN1.cpp:13:11
#4 0x45af21 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/home/aldo/serenity/Build/lagom-fuzzers/Fuzzers/FuzzASN1+0x45af21)
#5 0x444bd2 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) (/home/aldo/serenity/Build/lagom-fuzzers/Fuzzers/FuzzASN1+0x444bd2)
#6 0x44af40 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/home/aldo/serenity/Build/lagom-fuzzers/Fuzzers/FuzzASN1+0x44af40)
#7 0x474ed2 in main (/home/aldo/serenity/Build/lagom-fuzzers/Fuzzers/FuzzASN1+0x474ed2)
#8 0x7ffff60a60b2 in __libc_start_main /build/glibc-eX1tMB/glibc-2.31/csu/../csu/libc-start.c:308:16
#9 0x41f6ed in _start (/home/aldo/serenity/Build/lagom-fuzzers/Fuzzers/FuzzASN1+0x41f6ed)
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /home/aldo/serenity/Userland/Libraries/LibCrypto/ASN1/DER.cpp:32:20 in
SerenityOSΒ /Β serenity
The Serenity Operating System π
30.6k
Contributors get 100% of received funds after fees
How does funding with Polar work?
1
Pay now to fund the work behind this issue.
2
Get updates on progress being made.
3
Maintainer is rewarded once the issue is completed.
FAQ
Backer
You're funding impactful open source efforts
Contributor
You want to contribute to this effort
Maintainer
You want to get funding like this too