Project

General

Profile

Actions

Bug #6207

closed

util/mime: fuzz failure on base64 remainder parser

Added by Shivani Bhardwaj over 1 year ago. Updated over 1 year ago.

Status:
Closed
Priority:
Normal
Target version:
Affected Versions:
Effort:
Difficulty:
Label:

Description

fuzz_mimedecparseline: util-decode-mime.c:1277: MimeDecRetCode ProcessBase64BodyLineCopyRemainder(const uint8_t *, const uint32_t, const uint32_t, MimeDecParseState *): Assertion `!((state->bvr_len >= 4))' failed.
==174== ERROR: libFuzzer: deadly signal
    #0 0x613d84 in __sanitizer_print_stack_trace /src/llvm-project/compiler-rt/lib/ubsan/ubsan_diag_standalone.cpp:31:3
    #1 0x594f28 in fuzzer::PrintStackTrace() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerUtil.cpp:210:5
    #2 0x579c03 in fuzzer::Fuzzer::CrashCallback() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:233:3
    #3 0x7f833ffe041f  (/lib/x86_64-linux-gnu/libpthread.so.0+0x1441f) (BuildId: 7b4536f41cdaa5888408e82d0836e33dcf436466)
    #4 0x7f833fde400a in raise (/lib/x86_64-linux-gnu/libc.so.6+0x4300a) (BuildId: 1878e6b475720c7c51969e69ab2d276fae6d1dee)
    #5 0x7f833fdc3858 in abort (/lib/x86_64-linux-gnu/libc.so.6+0x22858) (BuildId: 1878e6b475720c7c51969e69ab2d276fae6d1dee)
    #6 0x7f833fdc3728  (/lib/x86_64-linux-gnu/libc.so.6+0x22728) (BuildId: 1878e6b475720c7c51969e69ab2d276fae6d1dee)
    #7 0x7f833fdd4fd5 in __assert_fail (/lib/x86_64-linux-gnu/libc.so.6+0x33fd5) (BuildId: 1878e6b475720c7c51969e69ab2d276fae6d1dee)
    #8 0x63a7f8 in ProcessBase64BodyLineCopyRemainder /src/suricata/src/util-decode-mime.c:1277:13
    #9 0x63a18d in ProcessBase64BodyLine /src/suricata/src/util-decode-mime.c:1376:20
    #10 0x63a18d in ProcessBodyLine /src/suricata/src/util-decode-mime.c:1557:15
    #11 0x63675c in ProcessMimeBody /src/suricata/src/util-decode-mime.c:2302:15
    #12 0x63675c in ProcessMimeEntity /src/suricata/src/util-decode-mime.c:2375:15
    #13 0x63675c in MimeDecParseLine /src/suricata/src/util-decode-mime.c:2567:11
    #14 0x615366 in LLVMFuzzerTestOneInput /src/suricata/src/tests/fuzz/fuzz_mimedecparseline.c:51:20
    #15 0x57b1a3 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:611:15
    #16 0x57a98a in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool, bool*) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:514:3
    #17 0x57c7f4 in fuzzer::Fuzzer::ReadAndExecuteSeedCorpora(std::__Fuzzer::vector<fuzzer::SizedFile, std::__Fuzzer::allocator<fuzzer::SizedFile> >&) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:826:7
    #18 0x57ca29 in fuzzer::Fuzzer::Loop(std::__Fuzzer::vector<fuzzer::SizedFile, std::__Fuzzer::allocator<fuzzer::SizedFile> >&) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:857:3
    #19 0x56c08f in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:912:6
    #20 0x5956e2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10
    #21 0x7f833fdc5082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 1878e6b475720c7c51969e69ab2d276fae6d1dee)
    #22 0x55cacd in _start (build-out/fuzz_mimedecparseline+0x55cacd)

Related issues 1 (0 open1 closed)

Related to Suricata - Bug #6208: util/mime: fuzz failure on base64 remainder parser (6.0.x backport)RejectedShivani BhardwajActions
Actions

Also available in: Atom PDF