Giters

arvidn / libtorrent

an efficient feature complete C++ bittorrent implementation

Home Page:http://libtorrent.org

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Assertion fail on torrent_info

shafouz opened this issue · comments

commented 
INFO: Running with entropic power schedule (0xFF, 100).
INFO: Seed: 1910218311
INFO: Loaded 1 modules   (231736 inline 8-bit counters): 231736 [0x5578f67be654, 0x5578f67f6f8c), 
INFO: Loaded 1 PC tables (231736 PCs): 231736 [0x5578f67f6f90,0x5578f6b80310), 
./torrent_info: Running 1 inputs 1 time(s) each.
Running: crashes/id:000000,sig:06,src:000106,time:9614761,execs:342872955,op:havoc,rep:2
assertion failed. Please file a bugreport at https://github.com/arvidn/libtorrent/issues
Please include the following information:

version: 2.0.9.0-559e52ca3

file: '../src/bdecode.cpp'
line: 730
function: string_offset
expression: t.type == bdecode_token::string

stack:
1: 
2: 
3: 
4: 
5: 
6: 
7: 
8: 
9: 
10: 
11: 
12: 
13: 
14: __libc_start_main
15: 

==80850== ERROR: libFuzzer: deadly signal
    #0 0x5578f4c04cc4 in __sanitizer_print_stack_trace (/home/shafou/workspace/projects/fuzz/libtorrent/fuzz/fuzzers/fuzzers/torrent_info/torrent_info+0x67acc4) (BuildId: 623db73c45177de2c180b2eac2454e30ea2075f8)
    #1 0x5578f4bdb798 in fuzzer::PrintStackTrace() (/home/shafou/workspace/projects/fuzz/libtorrent/fuzz/fuzzers/fuzzers/torrent_info/torrent_info+0x651798) (BuildId: 623db73c45177de2c180b2eac2454e30ea2075f8)
    #2 0x5578f4bc1063 in fuzzer::Fuzzer::CrashCallback() (/home/shafou/workspace/projects/fuzz/libtorrent/fuzz/fuzzers/fuzzers/torrent_info/torrent_info+0x637063) (BuildId: 623db73c45177de2c180b2eac2454e30ea2075f8)
    #3 0x7fc49457bfcf  (/lib/x86_64-linux-gnu/libc.so.6+0x3bfcf) (BuildId: 51657f818beb1ae70372216a99b7412b8a100a20)
    #4 0x7fc4945cad3b in __pthread_kill_implementation nptl/./nptl/pthread_kill.c:43:17
    #5 0x7fc49457bf31 in raise signal/../sysdeps/posix/raise.c:26:13
    #6 0x5578f4c12fd3 in libtorrent::assert_fail(char const*, int, char const*, char const*, char const*, int) /home/shafou/workspace/projects/fuzz/libtorrent/fuzz/fuzzers/../src/assert.cpp:389:2
    #7 0x5578f4d1f17d in libtorrent::bdecode_node::string_offset() const /home/shafou/workspace/projects/fuzz/libtorrent/fuzz/fuzzers/../src/bdecode.cpp:730:3
    #8 0x5578f4c28b7e in libtorrent::(anonymous namespace)::extract_single_file(libtorrent::bdecode_node const&, libtorrent::file_storage&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, long, char const*, bool, boost::system::error_code&) /home/shafou/workspace/projects/fuzz/libtorrent/fuzz/fuzzers/../src/torrent_info.cpp:505:36
    #9 0x5578f4c29b56 in libtorrent::(anonymous namespace)::extract_files(libtorrent::bdecode_node const&, libtorrent::file_storage&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, long, char const*, boost::system::error_code&) /home/shafou/workspace/projects/fuzz/libtorrent/fuzz/fuzzers/../src/torrent_info.cpp:663:9
    #10 0x5578f4c259af in libtorrent::torrent_info::parse_info_section(libtorrent::bdecode_node const&, boost::system::error_code&, int) /home/shafou/workspace/projects/fuzz/libtorrent/fuzz/fuzzers/../src/torrent_info.cpp:1275:9
    #11 0x5578f4c1d395 in libtorrent::torrent_info::parse_torrent_file(libtorrent::bdecode_node const&, boost::system::error_code&, int) /home/shafou/workspace/projects/fuzz/libtorrent/fuzz/fuzzers/../src/torrent_info.cpp:1578:8
    #12 0x5578f4c22b52 in libtorrent::torrent_info::torrent_info(libtorrent::span<char const>, boost::system::error_code&, libtorrent::from_span_t) /home/shafou/workspace/projects/fuzz/libtorrent/fuzz/fuzzers/../src/torrent_info.cpp:1011:3
    #13 0x5578f4c072aa in LLVMFuzzerTestOneInput /home/shafou/workspace/projects/fuzz/libtorrent/fuzz/fuzzers/src/torrent_info.cpp:38:19
    #14 0x5578f4bc2453 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/home/shafou/workspace/projects/fuzz/libtorrent/fuzz/fuzzers/fuzzers/torrent_info/torrent_info+0x638453) (BuildId: 623db73c45177de2c180b2eac2454e30ea2075f8)
    #15 0x5578f4bac45f in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) (/home/shafou/workspace/projects/fuzz/libtorrent/fuzz/fuzzers/fuzzers/torrent_info/torrent_info+0x62245f) (BuildId: 623db73c45177de2c180b2eac2454e30ea2075f8)
    #16 0x5578f4bb2196 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/home/shafou/workspace/projects/fuzz/libtorrent/fuzz/fuzzers/fuzzers/torrent_info/torrent_info+0x628196) (BuildId: 623db73c45177de2c180b2eac2454e30ea2075f8)
    #17 0x5578f4bdbfd2 in main (/home/shafou/workspace/projects/fuzz/libtorrent/fuzz/fuzzers/fuzzers/torrent_info/torrent_info+0x651fd2) (BuildId: 623db73c45177de2c180b2eac2454e30ea2075f8)
    #18 0x7fc4945671c9 in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16
    #19 0x7fc494567284 in __libc_start_main csu/../csu/libc-start.c:360:3
    #20 0x5578f4ba6af0 in _start (/home/shafou/workspace/projects/fuzz/libtorrent/fuzz/fuzzers/fuzzers/torrent_info/torrent_info+0x61caf0) (BuildId: 623db73c45177de2c180b2eac2454e30ea2075f8)

NOTE: libFuzzer has rudimentary signal handlers.
      Combine libFuzzer with AddressSanitizer or similar for better crash reports.
SUMMARY: libFuzzer: deadly signal

assertion fails:

torrent_info1.txt
torrent_info2.txt