Address clusterfuzz null read in provider fuzzer
nhorman opened this issue · comments
New clusterfuzz issue in provider fuzzer:
https://oss-fuzz.com/testcase-detail/6568270206402560
Looks related to #680 and #681
Unsure as to the cause, stack trace is empty, but PC points to the zero page, implying a null pointer function call somewhere.
Needs investigation
@Sashan to investigate and report findings
The cause for stack here is indeed same as for #680 and #681
Running: /out/openssl/reproducer.69261
Thread 1 "provider" received signal SIGSEGV, Segmentation fault.
0x0000000000000000 in ?? ()
(gdb) bt
#0 0x0000000000000000 in ?? ()
#1 0x0000555555b65070 in kmac_final () at providers/implementations/macs/kmac_prov.c:353
#2 0x0000555555a0e985 in evp_mac_final () at crypto/evp/mac_lib.c:165
#3 0x0000555555b35bed in kmac_derive () at providers/implementations/kdfs/kbkdf.c:269
#4 kbkdf_derive () at providers/implementations/kdfs/kbkdf.c:305
#5 0x00005555559471f0 in do_evp_kdf () at fuzz/provider.c:449
#6 0x000055555594470d in FuzzerTestOneInput () at fuzz/provider.c:619
#7 0x0000555555966c81 in ExecuteCallback () at /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:614
#8 0x0000555555951415 in RunOneTest () at /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:327
#9 0x0000555555956eab in FuzzerDriver () at /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:862
#10 0x00005555559832a3 in main () at /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20