Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Discovered 4 use-of-uninitialised-memory bugs while testing fuzzing harnesses #60

Open
skorpion98 opened this issue Sep 13, 2024 · 2 comments
Open

Discovered 4 use-of-uninitialised-memory bugs while testing fuzzing harnesses #60

skorpion98 opened this issue Sep 13, 2024 · 2 comments
Assignees
@djb-rwth

Comments

@skorpion98
Copy link

Summary

Several use-of-uninitialised-memory bugs have been found after testing one of the harnesses provided on the OSS-Fuzz repository (inchi_input_fuzzer).

During our tests we found:

  1. conditional jump or move depends on uninitialised value in function OrigAtData_RemoveHalfBond()
  2. conditional jump or move depends on uninitialised value in function GetBaseCanonRanking()
  3. conditional jump or move depends on uninitialised value in function InChILine2Data()
  4. conditional jump or move depends on uninitialised value in function CompareReversedINChI3()

Steps to reproduce

In the following archive, you will find:

  • the executable on which we performed our tests
  • a directory bugs containing the several inputs that caused the aforementioned bugs and their respective Valgrind logs, enumerated as the list above

To reproduce the errors, a memory safety tool is required to expose the bug.
Run the given binary with the testcase files inside Valgrind with a command like valgrind ./inchi_input_fuzzer /path_to_testcases/input

The program has been tested on the standard Docker image provided on OSS-Fuzz using Ubuntu 20.04, providing AFL++ as fuzzing engine and build flag --sanitizer=none.

The hash commit used to perform the tests is 8477339.

Environment

  • OS: Linux
  • Version/Distribution: Ubuntu 20.04
  • Architecture: x86_64
@djb-rwth
Copy link
Collaborator

Hi @skorpion98,
Thank you for creating this issue.
All the above mentioned bugs/vulnerabilities along with the newly opened Google oss-fuzz issues will be addressed in forthcoming version(s) of InChI.

BTW, we have started using AFL++ on Ubuntu 22.04 LTS only recently, but please feel free to track down any bug/security issue which might have been overlooked at our end.

@djb-rwth djb-rwth self-assigned this Sep 23, 2024
@djb-rwth
Copy link
Collaborator

Hi @skorpion98,
Unfortunately, the four issues mentioned in this post could not be reproduced as Valgrind cannot show full stack traces, most likely due to the missing debug info.
Please be so kind as to amend this according to the following instructions: The stack traces given by Memcheck (or another tool) aren't helpful. ... and/or Memcheck's uninitialised value errors are hard to track down, ... .
Thank you in advance.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@djb-rwth djb-rwth

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@skorpion98 @djb-rwth