Project

General

Profile

Download (5.9 KB)

Security #8143 » 23a5f19364356cc67723bf47845eb86a38ae831b-alignment.log

Log DecodePPP - Sergey Zhidkih, 11/27/2025 09:37 AM

 
INFO: Running with entropic power schedule (0xFF, 100).
INFO: Seed: 2550225341
/artifacts/cov_workdir/fuzz_sigpcap: Running 1 inputs 1 time(s) each.
Running: /artifacts/afl_workdir//fuzz_sigpcap.d/./23a5f19364356cc67723bf47845eb86a38ae831b
util-hash-string.c:27:23: runtime error: left shift of 193458092 by 5 places cannot be represented in type 'uint32_t' (aka 'unsigned int')
#0 0x55bcc302d18c in StringHashDjb2 /artifacts/suricata/src/util-hash-string.c:27:23
#1 0x55bcc30ae54b in ProtoNameHashFunc /artifacts/suricata/src/util-proto-name.c:364:12
#2 0x55bcc302e87c in HashTableAdd /artifacts/suricata/src/util-hash.c:125:21
#3 0x55bcc30af17b in ProtoNameAddEntry /artifacts/suricata/src/util-proto-name.c:399:14
#4 0x55bcc30ae093 in SCProtoNameInit /artifacts/suricata/src/util-proto-name.c:427:13
#5 0x55bcc2f359d1 in GlobalsInitPreConfig /artifacts/suricata/src/suricata.c:387:5
#6 0x55bcc2bd4639 in LLVMFuzzerTestOneInput /artifacts/suricata/src/tests/fuzz/fuzz_sigpcap.c:65:9
#7 0x55bcc2ad11db in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /usr/src/RPM/BUILD/llvm-project-20/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13
#8 0x55bcc2ab911f in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /usr/src/RPM/BUILD/llvm-project-20/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:328:6
#9 0x55bcc2abf2b1 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /usr/src/RPM/BUILD/llvm-project-20/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:863:9
#10 0x55bcc2aeb442 in main /usr/src/RPM/BUILD/llvm-project-20/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10
#11 0x7f9023a47c8b (/lib64/libc.so.6+0x27c8b) (BuildId: 22555ae827f9b29f1149acf2fe0887aa8760c393)
#12 0x7f9023a47d44 in __libc_start_main (/lib64/libc.so.6+0x27d44) (BuildId: 22555ae827f9b29f1149acf2fe0887aa8760c393)
#13 0x55bcc2ab3900 in _start (/artifacts/cov_workdir/fuzz_sigpcap+0xb9d900) (BuildId: 2d54185a0c9980f187373529b44d9b404c55e377)

SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior util-hash-string.c:27:23
util-hash-string.c:27:29: runtime error: unsigned integer overflow: 2428284768 + 2089149819 cannot be represented in type 'uint32_t' (aka 'unsigned int')
#0 0x55bcc302d1c3 in StringHashDjb2 /artifacts/suricata/src/util-hash-string.c:27:29
#1 0x55bcc30ae54b in ProtoNameHashFunc /artifacts/suricata/src/util-proto-name.c:364:12
#2 0x55bcc302e87c in HashTableAdd /artifacts/suricata/src/util-hash.c:125:21
#3 0x55bcc30af17b in ProtoNameAddEntry /artifacts/suricata/src/util-proto-name.c:399:14
#4 0x55bcc30ae093 in SCProtoNameInit /artifacts/suricata/src/util-proto-name.c:427:13
#5 0x55bcc2f359d1 in GlobalsInitPreConfig /artifacts/suricata/src/suricata.c:387:5
#6 0x55bcc2bd4639 in LLVMFuzzerTestOneInput /artifacts/suricata/src/tests/fuzz/fuzz_sigpcap.c:65:9
#7 0x55bcc2ad11db in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /usr/src/RPM/BUILD/llvm-project-20/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13
#8 0x55bcc2ab911f in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /usr/src/RPM/BUILD/llvm-project-20/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:328:6
#9 0x55bcc2abf2b1 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /usr/src/RPM/BUILD/llvm-project-20/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:863:9
#10 0x55bcc2aeb442 in main /usr/src/RPM/BUILD/llvm-project-20/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10
#11 0x7f9023a47c8b (/lib64/libc.so.6+0x27c8b) (BuildId: 22555ae827f9b29f1149acf2fe0887aa8760c393)
#12 0x7f9023a47d44 in __libc_start_main (/lib64/libc.so.6+0x27d44) (BuildId: 22555ae827f9b29f1149acf2fe0887aa8760c393)
#13 0x55bcc2ab3900 in _start (/artifacts/cov_workdir/fuzz_sigpcap+0xb9d900) (BuildId: 2d54185a0c9980f187373529b44d9b404c55e377)

SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior util-hash-string.c:27:29
==23638== ERROR: libFuzzer: deadly signal
#0 0x55bcc2b9aa31 in __sanitizer_print_stack_trace /usr/src/RPM/BUILD/llvm-project-20/compiler-rt/lib/asan/asan_stack.cpp:87:3
#1 0x55bcc2aea938 in fuzzer::PrintStackTrace() /usr/src/RPM/BUILD/llvm-project-20/compiler-rt/lib/fuzzer/FuzzerUtil.cpp:210:5
#2 0x55bcc2acfc53 in fuzzer::Fuzzer::CrashCallback() /usr/src/RPM/BUILD/llvm-project-20/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:231:3
#3 0x7f9023a5da1f (/lib64/libc.so.6+0x3da1f) (BuildId: 22555ae827f9b29f1149acf2fe0887aa8760c393)
#4 0x55bcc3325b36 in DecodePPPCompressedProto /artifacts/suricata/src/decode-ppp.c:76:17
#5 0x55bcc3323551 in DecodePPP /artifacts/suricata/src/decode-ppp.c:216:20
#6 0x55bcc2de06fd in DecodePcapFile /artifacts/suricata/src/source-pcap-file.c:444:9
#7 0x55bcc2bd5bc2 in LLVMFuzzerTestOneInput /artifacts/suricata/src/tests/fuzz/fuzz_sigpcap.c:174:29
#8 0x55bcc2ad11db in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /usr/src/RPM/BUILD/llvm-project-20/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13
#9 0x55bcc2ab911f in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /usr/src/RPM/BUILD/llvm-project-20/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:328:6
#10 0x55bcc2abf2b1 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /usr/src/RPM/BUILD/llvm-project-20/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:863:9
#11 0x55bcc2aeb442 in main /usr/src/RPM/BUILD/llvm-project-20/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10
#12 0x7f9023a47c8b (/lib64/libc.so.6+0x27c8b) (BuildId: 22555ae827f9b29f1149acf2fe0887aa8760c393)
#13 0x7f9023a47d44 in __libc_start_main (/lib64/libc.so.6+0x27d44) (BuildId: 22555ae827f9b29f1149acf2fe0887aa8760c393)
#14 0x55bcc2ab3900 in _start (/artifacts/cov_workdir/fuzz_sigpcap+0xb9d900) (BuildId: 2d54185a0c9980f187373529b44d9b404c55e377)

NOTE: libFuzzer has rudimentary signal handlers.
Combine libFuzzer with AddressSanitizer or similar for better crash reports.
SUMMARY: libFuzzer: deadly signal
(3-3/4)