Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Segfault in target_get_blk_type #361

Open
clesmian opened this issue Aug 8, 2023 · 1 comment
Open

Segfault in target_get_blk_type #361

clesmian opened this issue Aug 8, 2023 · 1 comment

Comments

@clesmian
Copy link

clesmian commented Aug 8, 2023
edited
Loading

When executing c2m on poc.txt, a segfault occurs

POC

#include<stdarg.h>
struct car{
    char a;
    long d;
};                                                                                                                                                                                                          

o(int n,...){
        struct car c0,c;
        va_list args;
        va_arg(args,struct car);
        int n0;
        c=va_arg(args,struct car);
        int n2=(args);
        return 0;
}

ASAN Output

poc:13:17: warning -- assigning pointer without cast to integer                                                                            AddressSanitizer:DEADLYSIGNAL                                                                         =================================================================
==1783169==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000038 (pc 0x555b51456b7f bp 0x000000000012 sp 0x7fa217fe18f0 T1)
==1783169==The signal is caused by a READ memory access.
==1783169==Hint: address points to the zero page.
    #0 0x555b51456b7e in target_get_blk_type c2mir/x86_64/cx86_64-ABI-code.c:349
    #1 0x555b51456b7e in gen c2mir/c2mir.c:12211
    #2 0x555b5145d177 in top_gen c2mir/c2mir.c:10551
    #3 0x555b51449f18 in gen c2mir/c2mir.c:12739
    #4 0x555b51449e85 in gen c2mir/c2mir.c:11631
    #5 0x555b5144a86e in gen c2mir/c2mir.c:12492
    #6 0x555b5144fca2 in gen c2mir/c2mir.c:12454
    #7 0x555b51449e85 in gen c2mir/c2mir.c:11631
    #8 0x555b5144a86e in gen c2mir/c2mir.c:12492
    #9 0x555b51463e24 in top_gen c2mir/c2mir.c:10551
    #10 0x555b51463e24 in gen_mir c2mir/c2mir.c:12881
    #11 0x555b51463e24 in c2mir_compile c2mir/c2mir.c:13492
    #12 0x555b51468d6a in compile c2mir/c2mir-driver.c:498
    #13 0x7fa21b5ba608 in start_thread /build/glibc-SzIz7B/glibc-2.31/nptl/pthread_create.c:477
    #14 0x7fa21b4df132 in __clone (/lib/x86_64-linux-gnu/libc.so.6+0x11f132)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV c2mir/x86_64/cx86_64-ABI-code.c:349 in target_get_blk_type
Thread T1 created by T0 here:
    #0 0x7fa21b764815 in __interceptor_pthread_create ../../../../src/libsanitizer/asan/asan_interceptors.cc:208
    #1 0x555b5137d6f8 in init_compilers c2mir/c2mir-driver.c:540
    #2 0x555b5137d6f8 in main c2mir/c2mir-driver.c:656

==1783169==ABORTING

Found while fuzzing d51b45f, verified with cf3c9c1
@clesmian clesmian changed the title Segfault in target_get_blk_type Segfault in target_get_blk_type Aug 8, 2023
@vnmakarov
Copy link
Owner

I fixed this one by 69465b2

clesmian referenced this issue Aug 25, 2023
@vnmakarov
Implement va block arg without result:
69465b2 
  Process NULL res in va_block_arg_builtin for all targets.
  Process null desirable_dest for va_arg in gen.
  Add new test issue361.c.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@vnmakarov @clesmian