Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Assertion error (OSS-Fuzz 868) #516

Closed
nlohmann opened this issue Mar 17, 2017 · 1 comment
Closed

Assertion error (OSS-Fuzz 868) #516

nlohmann opened this issue Mar 17, 2017 · 1 comment
Assignees
@nlohmann
Labels
aspect: binary formats BSON, CBOR, MessagePack, UBJSON confirmed kind: bug
Milestone
Release 3.0.0

Comments

@nlohmann
Copy link
Owner 

Detailed report: https://oss-fuzz.com/testcase?key=4821044789510144

Project: json
Fuzzer: libFuzzer_json_parse_msgpack_fuzzer
Fuzz target binary: parse_msgpack_fuzzer
Job Type: libfuzzer_ubsan_json
Platform Id: linux

Crash Type: ASSERT
Crash Address: 
Crash State:
j1 == j2

Sanitizer: undefined (UBSAN)

Regressed: https://oss-fuzz.com/revisions?job=libfuzzer_ubsan_json&range=201703121620:201703131620

Reproducer Testcase: https://oss-fuzz.com/download/AMIfv95r3siDN2ltToQ5vN36W9lve3Ln8EXjFiROzufTiDX1Y4GYkxsXvg5nIbXABtyUXl4dfW-Fn_pmbCc_1r3VfsyfzpeEp0MTaFe3oIQTKSt7YgrLUVxGZmR8fB1C6MIUA4DyNVwsjf1HC4arVV-O5g31YbYleidY5uzC8KQilSkYNIjQYdDmaUJUKfHe5zig5uS6gevOeIW3RIcIMrAjJgf7Uoz03CxVxO1CYhmrJuoAx4JZOeAWmRE0u8UCa9XHLrm_l1kei87ufEplTIOYlXFGDzxcMtM0UqIHY4WW5XWjHGp_QnZSLMNDBeqGIhlCpMcUuEETwU0Yqo0PJnZAwG2EkmvPJVADA28pdK1WuxyZdGaPvlG8nzFf40TQ8J80h7M67Ouh?testcase_id=4821044789510144


Issue filed automatically.

See https://github.com/google/oss-fuzz/blob/master/docs/reproducing.md for more information.

This bug is subject to a 90 day disclosure deadline. If 90 days elapse
without an upstream patch, then the bug report will automatically
become visible to the public.

Running command: /mnt/scratch0/clusterfuzz/slave-bot/builds/clusterfuzz-builds_json_3dc7f07cae4ab217c21b70d40f93a3acccc6b431/revisions/parse_msgpack_fuzzer -runs=100 -rss_limit_mb=2048 -timeout=25 /fuzz-3-json_parse_msgpack_fuzzer
WARNING: Failed to find function "__sanitizer_print_stack_trace".
INFO: Seed: 3357778421
INFO: Loaded 1 modules (824 guards): [0x7399b0, 0x73a690),
/mnt/scratch0/clusterfuzz/slave-bot/builds/clusterfuzz-builds_json_3dc7f07cae4ab217c21b70d40f93a3acccc6b431/revisions/parse_msgpack_fuzzer: Running 1 inputs 100 time(s) each.
Running: /fuzz-3-json_parse_msgpack_fuzzer
parse_msgpack_fuzzer: src/fuzzer-parse_msgpack.cpp:45: int LLVMFuzzerTestOneInput(const uint8_t *, size_t): Assertion `j1 == j2 failed.
==1== ERROR: libFuzzer: deadly signal
NOTE: libFuzzer has rudimentary signal handlers.
Combine libFuzzer with AddressSanitizer or similar for better crash reports.
SUMMARY: libFuzzer: deadly signal

clusterfuzz-testcase-4821044789510144.zip
@nlohmann
Copy link
Owner Author

The issue is correct - the input is an array that contains a NaN value. The assertion fails, because comparing NaN is ways false. This needs to be fixed in the MessagePack fuzzer.

This was referenced Mar 17, 2017
Closed
Closed
@nlohmann nlohmann added the solution: proposed fix a fix for the issue has been proposed and waits for confirmation label Mar 17, 2017
nlohmann added a commit that referenced this issue Mar 17, 2017
@nlohmann
🚑 fix for #516 and #518
f547679 
We should compare the binary serializations rather than the JSON values
themselves. This fix was already done for CBOR and apparently forgotten
for MessagePack.
@nlohmann nlohmann self-assigned this Mar 17, 2017
@nlohmann nlohmann modified the milestone: Release 3.0.0 Mar 17, 2017
@nlohmann nlohmann added the aspect: binary formats BSON, CBOR, MessagePack, UBJSON label Mar 28, 2017
@nlohmann nlohmann removed the solution: proposed fix a fix for the issue has been proposed and waits for confirmation label Apr 7, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@nlohmann nlohmann

Labels
aspect: binary formats BSON, CBOR, MessagePack, UBJSON confirmed kind: bug
Projects
None yet
Milestone
Release 3.0.0
Development

No branches or pull requests
1 participant
@nlohmann