Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

large loop in yaml_parser_fetch_more_tokens #227

Open
nora-pxh opened this issue Sep 22, 2021 · 0 comments
Open

large loop in yaml_parser_fetch_more_tokens #227

nora-pxh opened this issue Sep 22, 2021 · 0 comments

Comments

@nora-pxh
Copy link

In the current version (0.2.5) use the following file to run fuzz.
https://github.com/google/oss-fuzz/blob/master/projects/libyaml/libyaml_dumper_fuzzer.c

ALARM: working on the last Unit for 181 seconds
and the timeout value is 180 (use -timeout=N to change)
By the way, even if the timeout value is 600, the result is still the same.
==739722== ERROR: libFuzzer: timeout after 181 seconds
# 0 0x52aac1 in __sanitizer_print_stack_trace /src/llvm-project/compiler-rt/lib/asan/asan_stack.cpp:86:3
# 1 0x475568 in fuzzer::PrintStackTrace() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerUtil.cpp:210:5
# 2 0x459629 in fuzzer::Fuzzer::AlarmCallback() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:301:5
# 3 0x7fe8bc0024bf (/lib64/libpthread.so.0+0x134bf)
# 4 0x58debf in yaml_parser_stale_simple_keys /src/libyaml/src/scanner.c:1063:5
# 5 0x58e0ff in yaml_parser_fetch_next_token /src/libyaml/src/scanner.c:880:10
# 6 0x58dbbe in yaml_parser_fetch_more_tokens /src/libyaml/src/scanner.c:847:14
# 7 0x5703b4 in yaml_parser_parse_flow_mapping_key /src/libyaml/src/parser.c:1112:13
# 8 0x5677d0 in yaml_parser_state_machine /src/libyaml/src/parser.c:288:20
# 9 0x56749f in yaml_parser_parse /src/libyaml/src/parser.c:188:12
# 10 0x560d3a in yaml_parser_load_nodes /src/libyaml/src/loader.c:222:14
# 11 0x56091c in yaml_parser_load_document /src/libyaml/src/loader.c:203:10
# 12 0x5604c1 in yaml_parser_load /src/libyaml/src/loader.c:118:10
# 13 0x55780a in LLVMFuzzerTestOneInput /src/libyaml_dumper_fuzzer.c:237:10
# 14 0x45ae53 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:599:15
# 15 0x4465c2 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:323:6
# 16 0x44c28e in fuzzer::FuzzerDriver(int*, char***, int ()(unsigned char const, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:856:9
# 17 0x475d42 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10
# 18 0x7fe8bbe33b26 in __libc_start_main (/lib64/libc.so.6+0x25b26)
# 19 0x422069 in _start (/opt/oss-fuzz/build/out/libyaml/libyaml_dumper_fuzzer+0x422069)

DEDUP_TOKEN: __sanitizer_print_stack_trace--fuzzer::PrintStackTrace()--fuzzer::Fuzzer::AlarmCallback()
SUMMARY: libFuzzer: timeout
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@nora-pxh