You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
result ^= ROTATE_INT32(byte_to_int32[*buffer], i);
after testing one of the harnesses provided on the OSS-Fuzz repository (clamav_dbload_YARA_fuzzer).
More specifically, the program performs a shift with exponent 32 on an uint8_t array element and attempts to store the result in a variable of type uint32_t, but the result cannot be represented by the destination type.
To reproduce the error, simply run the given binary with the testcase files with a command like: ./clamav_dbload_YARA_fuzzer /path_to_testcases/input
The program has been tested on the standard Docker image provided on OSS-Fuzz using Ubuntu 20.04, providing AFL++ as fuzzing engine and build flag --sanitizer=undefined.
The hash commit used to perform the tests is 25ca17b
Environment
OS: Linux
Version/Distribution: Ubuntu 20.04
Architecture: x86_64
The text was updated successfully, but these errors were encountered:
skorpion98
changed the title
undefined-behavior in function hash()
Shift operation causing undefined-behavior in function hash()Sep 3, 2024
Describe the bug
We found an undefined-behavior caused by a left shift operation in function
hash()
clamav/libclamav/yara_hash.c
Line 83 in 19b25ce
after testing one of the harnesses provided on the OSS-Fuzz repository (clamav_dbload_YARA_fuzzer).
More specifically, the program performs a shift with exponent 32 on an uint8_t array element and attempts to store the result in a variable of type uint32_t, but the result cannot be represented by the destination type.
How to reproduce the problem
In the attached archive you will find:
To reproduce the error, simply run the given binary with the testcase files with a command like:
./clamav_dbload_YARA_fuzzer /path_to_testcases/input
The program has been tested on the standard Docker image provided on OSS-Fuzz using Ubuntu 20.04, providing AFL++ as fuzzing engine and build flag
--sanitizer=undefined
.The hash commit used to perform the tests is
25ca17b
Environment
The text was updated successfully, but these errors were encountered: