We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Hi, I was playing with libFuzzer and found crash when opening xlsx-file with xlnt::workbook::load function.
xlnt::workbook::load
Segmentation fault occurs when loading crash-8cb0fe2091dafe71d9c420162852e4d3da1b3d22.txt file. You can use docker and fuzz targets from oss-sydr-fuzz to reproduce error:
/load_fuzzer crash-8cb0fe2091dafe71d9c420162852e4d3da1b3d22.txt
Sanitizer output:
================================================================= ==32039==ERROR: AddressSanitizer: SEGV on unknown address 0xffffffffffffffe0 (pc 0x7fef150145c4 bp 0x7ffe2fc80e40 sp 0x7ffe2fc80de8 T0) ==32039==The signal is caused by a READ memory access. #0 0x7fef150145c4 in std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::~basic_string() (/lib/x86_64-linux-gnu/libstdc++.so.6+0x1435c4) #1 0x75d942 in void __gnu_cxx::new_allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >::destroy<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >*) /usr/bin/../lib/gcc/x86_64-linux-gnu/9/../../../../include/c++/9/ext/new_allocator.h:153:10 #2 0x75ba36 in void std::allocator_traits<std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >::destroy<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >(std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >*) /usr/bin/../lib/gcc/x86_64-linux-gnu/9/../../../../include/c++/9/bits/alloc_traits.h:497:8 #3 0xecbf3f in std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >::pop_back() /usr/bin/../lib/gcc/x86_64-linux-gnu/9/../../../../include/c++/9/bits/stl_vector.h:1226:2 #4 0x101a424 in xlnt::path::parent() const /xlnt/source/utils/path.cpp:185:16 #5 0xa5ac68 in xlnt::detail::xlsx_consumer::read_relationships(xlnt::path const&) /xlnt/source/detail/serialization/xlsx_consumer.cpp:1432:38 #6 0x9f8815 in xlnt::detail::xlsx_consumer::populate_workbook(bool) /xlnt/source/detail/serialization/xlsx_consumer.cpp:1639:37 #7 0x9f67b2 in xlnt::detail::xlsx_consumer::read(std::istream&) /xlnt/source/detail/serialization/xlsx_consumer.cpp:401:5 #8 0x546bac in xlnt::workbook::load(std::istream&) /xlnt/source/workbook/workbook.cpp:894:18 #9 0x56df87 in xlnt::workbook::load(std::vector<unsigned char, std::allocator<unsigned char> > const&) /xlnt/source/workbook/workbook.cpp:919:5 #10 0x514da2 in LLVMFuzzerTestOneInput /xlnt/build/../load_fuzzer.cc:9:23 #11 0x441d41 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:611:15 #12 0x42c35c in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:324:6 #13 0x4320cb in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:860:9 #14 0x45ae12 in main /llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 #15 0x7fef14b660b2 in __libc_start_main /build/glibc-eX1tMB/glibc-2.31/csu/../csu/libc-start.c:308:16 #16 0x426c7d in _start (/load_fuzzer+0x426c7d) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV (/lib/x86_64-linux-gnu/libstdc++.so.6+0x1435c4) in std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::~basic_string() ==32039==ABORTING
The text was updated successfully, but these errors were encountered:
No branches or pull requests
Hi,
I was playing with libFuzzer and found crash when opening xlsx-file with
xlnt::workbook::load
function.Segmentation fault occurs when loading crash-8cb0fe2091dafe71d9c420162852e4d3da1b3d22.txt file. You can use docker and fuzz targets from oss-sydr-fuzz to reproduce error:
Sanitizer output:
The text was updated successfully, but these errors were encountered: