[Bug 66692] New: AddressSanitizer: SEGV (/lib/x86_64-linux-gnu/libdb-5.3.so+0x55a7b) in __ham_insertpair

Sat, 15 Jul 2023 01:10:47 -0700 

https://bz.apache.org/bugzilla/show_bug.cgi?id=66692

            Bug ID: 66692
           Summary: AddressSanitizer: SEGV
                    (/lib/x86_64-linux-gnu/libdb-5.3.so+0x55a7b) in
                    __ham_insertpair
           Product: Apache httpd-2
           Version: 2.4.54
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: mod_authn_dbm
          Assignee: bugs@httpd.apache.org
          Reporter: sihan2...@iscas.ac.cn
  Target Milestone: ---

Created attachment 38606
  --> https://bz.apache.org/bugzilla/attachment.cgi?id=38606&action=edit
crash seed

Hello htdbm developers,
We recently conducted a fuzzing test on htdbm and discovered a SEGV bug. We
would like to provide a detailed description of the bug and seek your
assistance in addressing it.

version:
htdbm: 2.4.54
gcc:gcc version 9.4.0 (Ubuntu 9.4.0-1ubuntu1~20.04.1)
ubuntu: 20.04

command to reproduce:
htdbm -b SEGV_2 
SEGV_2 is attached to this report.


ASAN report:
=================================================================
==2664561==ERROR: AddressSanitizer: SEGV on unknown address 0x62100001295b (pc
0x7f9fa08a6a7b bp 0x62100000297a sp 0x7ffe19e35310 T0)
==2664561==The signal is caused by a WRITE memory access.
    #0 0x7f9fa08a6a7b in __ham_insertpair
(/lib/x86_64-linux-gnu/libdb-5.3.so+0x55a7b)
    #1 0x7f9fa08a9523 in __ham_add_el
(/lib/x86_64-linux-gnu/libdb-5.3.so+0x58523)
    #2 0x7f9fa08a0f46  (/lib/x86_64-linux-gnu/libdb-5.3.so+0x4ff46)
    #3 0x7f9fa0937669 in __dbc_iput
(/lib/x86_64-linux-gnu/libdb-5.3.so+0xe6669)
    #4 0x7f9fa09323b9 in __db_put (/lib/x86_64-linux-gnu/libdb-5.3.so+0xe13b9)
    #5 0x7f9fa0947c25 in __db_put_pp
(/lib/x86_64-linux-gnu/libdb-5.3.so+0xf6c25)
    #6 0x7f9fa15908f4 
(/usr/lib/x86_64-linux-gnu/apr-util-1/apr_dbm_db-1.so+0x18f4)
    #7 0x4d0ab7 in htdbm_save
/home/root/sp/Dataset/Httpd/httpd_aflpp/support/htdbm.c:175:12
    #8 0x4cd974 in main
/home/root/sp/Dataset/Httpd/httpd_aflpp/support/htdbm.c:453:19
    #9 0x7f9fa2290082 in __libc_start_main
/build/glibc-SzIz7B/glibc-2.31/csu/../csu/libc-start.c:308:16
    #10 0x41d58d in _start
(/home/root/sp/Fuzz/aflpp_fuzz/Httpd/document_group/mb/htdbm_1/htdbm+0x41d58d)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV (/lib/x86_64-linux-gnu/libdb-5.3.so+0x55a7b) in
__ham_insertpair
==2664561==ABORTING

Thank you for your attention and support.
Best regards,
Michael Zhang.

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org
For additional commands, e-mail: bugs-h...@httpd.apache.org

Reply via email to