Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Alignment issues on a fuzzed input #99

Closed
PJK opened this issue Jun 23, 2019 · 1 comment · Fixed by #101
Closed

Alignment issues on a fuzzed input #99

PJK opened this issue Jun 23, 2019 · 1 comment · Fixed by #101
Labels
bug

Comments

@PJK
Copy link
Owner

PJK commented Jun 23, 2019

Reported by Christian Reitter:

[...] the UndefinedBehaviorSanitizer has found some alignment issues that
appear to be originating in your code, see below.

This happened on x86_64 with
https://github.com/Yubico/libfido2/tree/master/fuzz , more specifically
with the fuzz_cred target.
Note a libcbor-related patch in the bottom of the fuzz README is applied
to avoid OOM conditions, which may have caused other side effects.

[...]

/home/research/targets/yubico/libcbor/src/cbor/internal/loaders.c:31:10:
runtime error: load of misaligned address 0x7fecedd8102e for type
'uint32_t' (aka 'unsigned int'), which requires 4 byte alignment
0x7fecedd8102e: note: pointer points here
36 30 30 3a 34 01 30 32 30 30 00 00 00 00 00 00 00 00 37 30 30 38 37
36 31 00 f8 56 00 df 76 ab
^
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior
/home/research/targets/yubico/libcbor/src/cbor/internal/loaders.c:31:10 in
#16384 pulse cov: 1320 ft: 4866 corp: 491/109Kb exec/s: 1638 rss: 685Mb
/home/research/targets/yubico/libcbor/src/cbor/internal/loaders.c:45:10:
runtime error: load of misaligned address 0x7feceddde04d for type
'uint64_t' (aka 'unsigned long'), which requires 8 byte alignment
0x7feceddde04d: note: pointer points here
04 00 00 3b ff ff ff ff ff 8a ff ff 00 20 30 30 30 61 30 33 35 30 34
33 30 30 38 39 3a 35 33 30
^
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior
/home/research/targets/yubico/libcbor/src/cbor/internal/loaders.c:45:10 in
/home/research/targets/yubico/libcbor/src/cbor/internal/loaders.c:19:10:
runtime error: load of misaligned address 0x7fecedd8f029 for type
'uint16_t' (aka 'unsigned short'), which requires 2 byte alignment
0x7fecedd8f029: note: pointer points here
01 03 34 19 20 01 1b 1b 1b 1b 1b 1b 1b 1b 1b 1b 1b 1b 1b 87 2d 1b 1b
1b 1b 1b 21 58 87 1b 1b 1b
^
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior
/home/research/targets/yubico/libcbor/src/cbor/internal/loaders.c:19:10 in
#32768 pulse cov: 1514 ft: 5798 corp: 699/180Kb exec/s: 1213 rss: 685Mb
/home/research/targets/yubico/libcbor/src/cbor/internal/encoders.c:37:5:
runtime error: store to misaligned address 0x60600173d899 for type
'uint16_t' (aka 'unsigned short'), which requires 2 byte alignment
0x60600173d899: note: pointer points here
61 6c 67 39 be be be be be be be 00 00 00 00 00 00 00 00 b0 d8 73 01
60 60 00 00 00 00 00 00 00
^
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior
/home/research/targets/yubico/libcbor/src/cbor/internal/encoders.c:37:5 in
@PJK PJK added the bug label Jun 23, 2019
@PJK
Copy link
Owner Author

PJK commented Jun 23, 2019

When using helpers from endian.h, the writes of multi-byte ints are not aligned. The value should be always written byte-wise as if HAVE_ENDIAN_H was not defined. Perhaps it should be dropped for simplicity. Nice find!

@PJK PJK mentioned this issue Jun 23, 2019
Merged
@PJK PJK closed this as completed in #101 Jun 23, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix unaligned reads and writes when using endian.h or running big-endian PJK/libcbor
1 participant
@PJK