SEGV in redisvFormatCommand #1134
Assignees
Comments
|
See the following code that the log identifies as int redisvFormatCommand(char *target, const char format, va_list ap) |
|
@pietern Please check and deal with it |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
An access wild address issue occurred while testing with fuzz.
The specific logs are as follows:
==2229501==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000201 (pc 0x7faebd07c8c1 bp 0x7fffd934d9d0 sp 0x7fffd934d188 T0)
==2229501==The signal is caused by a READ memory access.
==2229501==Hint: address points to the zero page.
#0 0x7faebd07c8c1 (/lib64/libc.so.6+0x15b8c1)
#1 0x4b7a98 in strlen /src/llvm-project/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc
#2 0x552086 in redisvFormatCommand /src/hiredis/hiredis.c:357:24
#3 0x55373e in redisFormatCommand /src/hiredis/hiredis.c:554:11
#4 0x551379 in LLVMFuzzerTestOneInput /src/hiredis/format_command_fuzzer.c:51:5
#5 0x459ae3 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:599:15
#6 0x445252 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:323:6
#7 0x44aef6 in fuzzer::FuzzerDriver(int*, char***, int ()(unsigned char const, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:856:9
#8 0x474402 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10
#9 0x7faebcf46b26 in __libc_start_main (/lib64/libc.so.6+0x25b26)
#10 0x421109 in _start (/root/oss-fuzz/build/out/hiredis/format_command_fuzzer+0x421109)
DEDUP_TOKEN: strlen--redisvFormatCommand
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV (/lib64/libc.so.6+0x15b8c1)
==2229501==ABORTING
The text was updated successfully, but these errors were encountered: