[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Some minimal fuzzed Makefiles
|
From: |
John Scott |
|
Subject: |
Some minimal fuzzed Makefiles |
|
Date: |
Mon, 20 Jul 2020 10:30:47 -0400 |
Hello,
I found a few issues with afl++ using previous bug reports' findings to seed my
search. The former two affect uninstrumented binaries. One issue that seemed to
be handled properly by Make 3.81 but not 4.0 after is with this one-liner
Makefile:
%:define
Current master fails with an assertion failure in read.c:
// If it's a pattern target, then add it to the pattern-specific variable list.
percent = find_percent_cached (&name);
if (percent)
{
/* Get a reference for this pattern-specific variable struct. */
p = create_pattern_var (name, percent);
p->variable.fileinfo = *flocp;
/* I don't think this can fail since we already determined it was a
variable definition. */
v = assign_variable_definition (&p->variable, defn);
assert (v != 0);
...
It does fail though. On my Debian Bullseye system, packaged Make 4.3 segfaults
instead. ASan is also unhappy as gdb indicates that v = 0x0:
ERROR: AddressSanitizer: SEGV on unknown address 0x00000000002f (...)
The signal is caused by a READ memory access.
Hint: address points to the zero page.
A different issue is with this more finicky Makefile causing a stack overflow:
define x
$(call x)
endef
$(call x)
This appears to lead to infinite recursion of some functions. For brevity I've
attached the backtrace; ASan leads to a crash more quickly.
One more issue doesn't affect my uninstrumented binaries, but Memcheck and ASan
say it's bad:
$(sort $)
It's more challenging for me to understand the issue here, but I hope it
helps.
recursive_trace.txt
Description: Text document
signature.asc
Description: This is a digitally signed message part.
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- Some minimal fuzzed Makefiles,
John Scott <=