Caddy: [FUZZIT] Crash at fuzzing target parse-caddyfile

Created on 24 Mar 2020  路  3Comments  路  Source: caddyserver/caddy

A new crash was discovered for fuzzing target parse-caddyfile.
Here is a snippet of the log:

2020/03/24 00:11:25 downloading seed
2020/03/24 00:11:26 downloading corpus
2020/03/24 00:11:26 downloading fuzzer
2020/03/24 00:11:28 downloading additional corpus
2020/03/24 00:11:28 no additional-corpus. skipping...
2020/03/24 00:11:28 Running fuzzing with: ./fuzzer -print_final_stats=1 -exact_artifact_path=./artifact -error_exitcode=76 -max_total_time=3600 corpus additional-corpus seed -rss_limit_mb=1984
FUZZER: INFO: Seed: 1111171663
FUZZER: INFO: 65536 Extra Counters
FUZZER: INFO:      467 files found in corpus
FUZZER: INFO:        0 files found in additional-corpus
FUZZER: INFO:       54 files found in seed
FUZZER: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 4096 bytes
FUZZER: INFO: seed corpus: files: 521 min: 1b max: 2871b total: 63528b rss: 33Mb
FUZZER: ==25== ERROR: libFuzzer: fuzz target overwrites it's const input
FUZZER: MS: 0 ; base unit: 0000000000000000000000000000000000000000
FUZZER: 0x7b,0x24,0xff,0x7d,0x7b,0x7b,0x24,0x77,0x7d,
FUZZER: {$\xff}{{$w}
FUZZER: artifact_prefix='./'; Test unit written to ./artifact
FUZZER: Base64: eyT/fXt7JHd9
FUZZER: SUMMARY: libFuzzer: out-of-memory
2020/03/24 00:11:29 process finished with error = exit status 76
2020/03/24 00:11:29 Exit Status: 76
2020/03/24 00:11:29 uploading crash...

More details can be found here

Cheers,
Fuzzit Bot

bug
Source
picture fuzzit-dev[bot]

All 3 comments

I don't think this is a real bug in the parser. Testing the input locally returns an error of Caddyfile:1 - Syntax error: Unexpected token '{', expecting '}', as expected.

Mohammed90 picture Mohammed90 on 24 Mar 2020
😕1 👍1

Indeed, this code:

Parse("Caddyfile", []byte{'{', '$', 0xff, '}', '{', '{', '$', 'w', '}'})

passes all tests I've thrown at it and doesn't crash or spin or leak memory...

Huh. Fuzzer's drunk.

mholt picture mholt on 24 Mar 2020

Rereading the printed logs, it seems this is the out-of-memory issue we've seen in CI
FUZZER: SUMMARY: libFuzzer: out-of-memory

Mohammed90 picture Mohammed90 on 24 Mar 2020
👀1
Was this page helpful?
0 / 5 - 0 ratings

Related issues

lorddaedra picture lorddaedra  路  3Comments
mholt picture mholt  路  3Comments
mikolysz picture mikolysz  路  3Comments
kilpatty picture kilpatty  路  3Comments
PhilmacFLy picture PhilmacFLy  路  3Comments