[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Some minimal fuzzed Makefiles

From: John Scott
Subject: Some minimal fuzzed Makefiles
Date: Mon, 20 Jul 2020 10:30:47 -0400


I found a few issues with afl++ using previous bug reports' findings to seed my 
search. The former two affect uninstrumented binaries. One issue that seemed to 
be handled properly by Make 3.81 but not 4.0 after is with this one-liner 

Current master fails with an assertion failure in read.c:
// If it's a pattern target, then add it to the pattern-specific variable list.
percent = find_percent_cached (&name);
if (percent)
      /* Get a reference for this pattern-specific variable struct.  */
      p = create_pattern_var (name, percent);
      p->variable.fileinfo = *flocp;
      /* I don't think this can fail since we already determined it was a
           variable definition. */
      v = assign_variable_definition (&p->variable, defn);
      assert (v != 0);
It does fail though. On my Debian Bullseye system, packaged Make 4.3 segfaults 
instead. ASan is also unhappy as gdb indicates that v = 0x0:
ERROR: AddressSanitizer: SEGV on unknown address 0x00000000002f (...)
The signal is caused by a READ memory access.
Hint: address points to the zero page.

A different issue is with this more finicky Makefile causing a stack overflow:
define x
$(call x)
$(call x)

This appears to lead to infinite recursion of some functions. For brevity I've 
attached the backtrace; ASan leads to a crash more quickly.

One more issue doesn't affect my uninstrumented binaries, but Memcheck and ASan 
say it's bad:
$(sort $)
It's more challenging for me to understand the issue here, but I hope it 

Attachment: recursive_trace.txt
Description: Text document

Attachment: signature.asc
Description: This is a digitally signed message part.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]