shukitchan opened a new issue, #11720: URL: https://github.com/apache/trafficserver/issues/11720
Details here - https://oss-fuzz.com/testcase-detail/4793610426449920 If you want access to oss fuzz infrastructure, please let me know. I am putting some information from this fuzz failure here ``` +----------------------------------------Release Build Stacktrace----------------------------------------+ | Command: /mnt/scratch0/clusterfuzz/resources/platform/linux/unshare -c -n /mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds_trafficserver_557a05f32c7fc03110b13d37f1d21a96d58ca27b/revisions/fuzz_http3frame -rss_limit_mb=2560 -timeout=60 -runs=100 /mnt/scratch0/clusterfuzz/bot/inputs/fuzzer-testcases/crash-e2612d0b73ca547bd73799c847c4a074d3b7abbd | Time ran: 0.10535120964050293 | | INFO: Running with entropic power schedule (0xFF, 100). | INFO: Seed: 4234616116 | INFO: Loaded 2 modules (143238 inline 8-bit counters): 3447 [0x7e8d5d812a08, 0x7e8d5d81377f), 139791 [0x55f2df062308, 0x55f2df084517), | INFO: Loaded 2 PC tables (143238 PCs): 3447 [0x7e8d5d813780,0x7e8d5d820ef0), 139791 [0x55f2df084518,0x55f2df2a6608), | /mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds_trafficserver_557a05f32c7fc03110b13d37f1d21a96d58ca27b/revisions/fuzz_http3frame: Running 1 inputs 100 time(s) each. | Running: /mnt/scratch0/clusterfuzz/bot/inputs/fuzzer-testcases/crash-e2612d0b73ca547bd73799c847c4a074d3b7abbd | ==1452==WARNING: MemorySanitizer: use-of-uninitialized-value | #0 0x55f2ded98276 in type trafficserver/src/proxy/http3/Http3Frame.cc:62:7 | #1 0x55f2ded98276 in Http3FrameFactory::create(IOBufferReader&) trafficserver/src/proxy/http3/Http3Frame.cc:513:25 | #2 0x55f2ded9910f in Http3FrameFactory::fast_create(IOBufferReader&) trafficserver/src/proxy/http3/Http3Frame.cc:555:13 | #3 0x55f2de0670d3 in LLVMFuzzerTestOneInput trafficserver/tests/fuzzing/fuzz_http3frame.cc:64:17 | #4 0x55f2ddf0d7c0 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:614:13 | #5 0x55f2ddef7304 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:327:6 | #6 0x55f2ddefcd9a in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:862:9 | #7 0x55f2ddf29de2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 | #8 0x7e8d5d2e3082 in __libc_start_main /build/glibc-LcI20x/glibc-2.31/csu/libc-start.c:308:16 | #9 0x55f2ddeedddd in _start | | Uninitialized value was stored to memory at | #0 0x55f2de655cc3 in QUICVariableInt::decode(unsigned long&, unsigned long&, unsigned char const*, unsigned long) trafficserver/src/iocore/net/quic/QUICIntUtil.cc:99:7 | #1 0x55f2ded978f6 in type trafficserver/src/proxy/http3/Http3Frame.cc:60:32 | #2 0x55f2ded978f6 in Http3FrameFactory::create(IOBufferReader&) trafficserver/src/proxy/http3/Http3Frame.cc:513:25 | #3 0x55f2ded9910f in Http3FrameFactory::fast_create(IOBufferReader&) trafficserver/src/proxy/http3/Http3Frame.cc:555:13 | #4 0x55f2de0670d3 in LLVMFuzzerTestOneInput trafficserver/tests/fuzzing/fuzz_http3frame.cc:64:17 | #5 0x55f2ddf0d7c0 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:614:13 | #6 0x55f2ddef7304 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:327:6 | #7 0x55f2ddefcd9a in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:862:9 | #8 0x55f2ddf29de2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 | #9 0x7e8d5d2e3082 in __libc_start_main /build/glibc-LcI20x/glibc-2.31/csu/libc-start.c:308:16 | | Uninitialized value was stored to memory at | #0 0x55f2ddfb024a in __msan_memcpy /src/llvm-project/compiler-rt/lib/msan/msan_interceptors.cpp:1733:3 | #1 0x55f2de655c1a in read_nbytes_as_uint trafficserver/src/iocore/net/quic/QUICIntUtil.cc:123:3 | #2 0x55f2de655c1a in QUICVariableInt::decode(unsigned long&, unsigned long&, unsigned char const*, unsigned long) trafficserver/src/iocore/net/quic/QUICIntUtil.cc:99:9 | #3 0x55f2ded978f6 in type trafficserver/src/proxy/http3/Http3Frame.cc:60:32 | #4 0x55f2ded978f6 in Http3FrameFactory::create(IOBufferReader&) trafficserver/src/proxy/http3/Http3Frame.cc:513:25 | #5 0x55f2ded9910f in Http3FrameFactory::fast_create(IOBufferReader&) trafficserver/src/proxy/http3/Http3Frame.cc:555:13 | #6 0x55f2de0670d3 in LLVMFuzzerTestOneInput trafficserver/tests/fuzzing/fuzz_http3frame.cc:64:17 | #7 0x55f2ddf0d7c0 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:614:13 | #8 0x55f2ddef7304 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:327:6 | #9 0x55f2ddefcd9a in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:862:9 | #10 0x55f2ddf29de2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 | #11 0x7e8d5d2e3082 in __libc_start_main /build/glibc-LcI20x/glibc-2.31/csu/libc-start.c:308:16 | | Uninitialized value was stored to memory at | #0 0x55f2ddfb024a in __msan_memcpy /src/llvm-project/compiler-rt/lib/msan/msan_interceptors.cpp:1733:3 | #1 0x55f2de655bb8 in QUICVariableInt::decode(unsigned long&, unsigned long&, unsigned char const*, unsigned long) trafficserver/src/iocore/net/quic/QUICIntUtil.cc:96:3 | #2 0x55f2ded978f6 in type trafficserver/src/proxy/http3/Http3Frame.cc:60:32 | #3 0x55f2ded978f6 in Http3FrameFactory::create(IOBufferReader&) trafficserver/src/proxy/http3/Http3Frame.cc:513:25 | #4 0x55f2ded9910f in Http3FrameFactory::fast_create(IOBufferReader&) trafficserver/src/proxy/http3/Http3Frame.cc:555:13 | #5 0x55f2de0670d3 in LLVMFuzzerTestOneInput trafficserver/tests/fuzzing/fuzz_http3frame.cc:64:17 | #6 0x55f2ddf0d7c0 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:614:13 | #7 0x55f2ddef7304 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:327:6 | #8 0x55f2ddefcd9a in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:862:9 | #9 0x55f2ddf29de2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 | #10 0x7e8d5d2e3082 in __libc_start_main /build/glibc-LcI20x/glibc-2.31/csu/libc-start.c:308:16 | | Uninitialized value was created by an allocation of 'type_buf' in the stack frame | #0 0x55f2ded97840 in Http3FrameFactory::create(IOBufferReader&) trafficserver/src/proxy/http3/Http3Frame.cc:511:3 ``` -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
