[cfe-dev] fixing bugs fuzzed out of clang

Andrey Bokhanko via cfe-dev cfe-dev at lists.llvm.org
Tue Jan 5 02:46:55 PST 2016 

We (Intel clang team) will take a look and fix some of these.

Yours,
Andrey
======
Software Engineer
Intel Compiler Team
Intel


On Mon, Jan 4, 2016 at 9:20 PM, Kostya Serebryany via cfe-dev
<cfe-dev at lists.llvm.org> wrote:
> Hi Clang devs,
>
> In the new year I would like to ask you all to consider fixing clang bugs
> found by fuzzing (that includes, but is not limited to,
> https://llvm.org/bugs/show_bug.cgi?id=23057)
>
> The existing fuzzer bot is reporting known bugs that are not being fixed for
> months.
> E.g.
> http://lab.llvm.org:8011/builders/sanitizer-x86_64-linux-fuzzer/builds/5328/steps/stage2%2Fasan%2Bassertions%20run%20clang-fuzzer/logs/stdio
> This precludes us from treating these bugs as errors and make the bot red on
> regressions.
>
> Also, these shallow bugs prevent us from finding deeper bugs with potential
> security implications, and there are some such.
> E.g. the bug below means that no one can safely host clang as a web service.
>
> echo "* a ((int () (o W, *&])) 0" | ./bin/clang -x c++ -
>
> ==13059==ERROR: AddressSanitizer: heap-use-after-free on address
> 0x61500000e538 at pc 0x00000081df99 bp 0x7ffdbdcb3630 sp 0x7ffdbdcb2de8
>
> READ of size 20 at 0x61500000e538 thread T0
>     #0 0x81df98 in __asan_memcpy
>     #1 0xedcd28f in clang::TokenLexer::Lex(clang::Token&)
> tools/clang/lib/Lex/TokenLexer.cpp:441:7
>     #2 0xedb3c47 in clang::Preprocessor::Lex(clang::Token&)
> tools/clang/lib/Lex/Preprocessor.cpp:731:23
>     #3 0xa5ad93a in ConsumeParen
> tools/clang/include/clang/Parse/Parser.h:383:5
>     #4 0xa5ad93a in
> clang::Parser::SkipUntil(llvm::ArrayRef<clang::tok::TokenKind>,
> clang::Parser::SkipUntilFlags) tools/clang/lib/Parse/Parser.cpp:3
>     #5 0xa78bdb8 in SkipUntil
> tools/clang/include/clang/Parse/Parser.h:864:12
>
> 0x61500000e538 is located 312 bytes inside of 456-byte region
> [0x61500000e400,0x61500000e5c8)
> freed by thread T0 here:
>     #0 0x8350db in __interceptor_free
>     #1 0xa838c02 in ~SmallVectorImpl include/llvm/ADT/SmallVector.h:374:7
>     #2 0xa838c02 in
> clang::Parser::ParseCXXAmbiguousParenExpression(clang::Parser::ParenParseOption&,
> clang::OpaquePtr<clang::QualType>&, clang::Bala
>     #3 0xa7ac905 in
> clang::Parser::ParseParenExpression(clang::Parser::ParenParseOption&, bool,
> bool, clang::OpaquePtr<clang::QualType>&, clang::Sour
>     #4 0xa794e83 in clang::Parser::ParseCastExpression(bool, bool, bool&,
> clang::Parser::TypeCastState) tools/clang/lib/Parse/ParseExpr.cpp:709:11
>     #5 0xa77c21c in ParseCastExpression
> tools/clang/lib/Parse/ParseExpr.cpp:465:20
>
>
> --kcc
>
> _______________________________________________
> cfe-dev mailing list
> cfe-dev at lists.llvm.org
> http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-dev
>

More information about the cfe-dev mailing list