Closed as not planned
Closed as not planned
Description
Version
v20.6.1 (I was trying to build the last version)
Platform
x86_64 GNU/Linux
Subsystem
No response
What steps will reproduce the bug?
Memory Sanitizer found the issue with AFL++.
Download and configure AFL++. You can use this script:
git clone https://github.com/AFLplusplus/AFLplusplus
cd AFLplusplus
make all
sudo make install
sudo apt-get install gcc-11-plugin-dev
sudo make
sudo cp afl-gcc-fast /usr/bin
sudo cp afl-gcc-fast /usr/local/bin
sudo cp afl-g++-fast /usr/local/bin
sudo cp afl-g++-fast /usr/bin
sudo cp afl-gcc-pass.so /usr/local/lib/afl
Then download node. After running ./configure and python3 configure run the following script. You will observe it.
#!/bin/bash
export AFL_USE_MSAN=1
export AFL_USE_UBSAN=1
# Set compiler options for make
export CC="/usr/local/bin/afl-clang-fast -fsanitize=memory,undefined -g"
export CXX="/usr/local/bin/afl-clang-fast++ -fsanitize=memory,undefined -g"
make -j$(nproc)
How often does it reproduce? Is there a required condition?
It was not my primary intention to find that issue. I wanted to fuzz node for deeper bugs. But it does not allow us to even build it.
What is the expected behavior? Why is that the expected behavior?
All memory passed to the writev function (or any other function) should be properly initialized before use. When the bytecode_builtins_list_generator binary is executed, it should perform its operations without accessing uninitialized memory, ensuring consistent and predictable behavior.
What do you see instead?
Uninitialized bytes in read_iovec at offset 0 inside [0x724000000000, 8157)
==96653==WARNING: MemorySanitizer: use-of-uninitialized-value
#0 0x55ff1e4e39a4 in writev (/root/wasmoi/fuzz/node/out/Release/bytecode_builtins_list_generator+0x7b9a4) (BuildId: 03769851967f1035cfcd85bf0341cdac04178ac6)
#1 0x7f84bb7c0d91 in std::__basic_file<char>::xsputn_2(char const*, long, char const*, long) (/lib/x86_64-linux-gnu/libstdc++.so.6+0xd0d91) (BuildId: e37fe1a879783838de78cbc8c80621fa685d58a2)
#2 0x7f84bb803d26 in std::basic_filebuf<char, std::char_traits<char> >::xsputn(char const*, long) (/lib/x86_64-linux-gnu/libstdc++.so.6+0x113d26) (BuildId: e37fe1a879783838de78cbc8c80621fa685d58a2)
#3 0x7f84bb82cb64 in std::basic_ostream<char, std::char_traits<char> >& std::__ostream_insert<char, std::char_traits<char> >(std::basic_ostream<char, std::char_traits<char> >&, char const*, long) (/lib/x86_64-linux-gnu/libstdc++.so.6+0x13cb64) (BuildId: e37fe1a879783838de78cbc8c80621fa685d58a2)
#4 0x55ff1e531c15 in std::basic_ostream<char, std::char_traits<char> >& std::operator<<<std::char_traits<char> >(std::basic_ostream<char, std::char_traits<char> >&, char const*) /usr/lib/gcc/x86_64-linux-gnu/11/../../../../include/c++/11/ostream:616:2
#5 0x55ff1e531c15 in v8::internal::interpreter::WriteBytecode(std::basic_ofstream<char, std::char_traits<char> >&, v8::internal::interpreter::Bytecode, v8::internal::interpreter::OperandScale, int*, int*, int) /root/wasmoi/fuzz/node/out/../deps/v8/src/builtins/generate-bytecodes-builtins-list.cc:31:32
#6 0x55ff1e533712 in v8::internal::interpreter::WriteHeader(char const*) /root/wasmoi/fuzz/node/out/../deps/v8/src/builtins/generate-bytecodes-builtins-list.cc:64:3
#7 0x55ff1e53c8f1 in main /root/wasmoi/fuzz/node/out/../deps/v8/src/builtins/generate-bytecodes-builtins-list.cc:115:3
#8 0x7f84bb3ead8f in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16
#9 0x7f84bb3eae3f in __libc_start_main csu/../csu/libc-start.c:392:3
#10 0x55ff1e4a9794 in _start (/root/wasmoi/fuzz/node/out/Release/bytecode_builtins_list_generator+0x41794) (BuildId: 03769851967f1035cfcd85bf0341cdac04178ac6)
SUMMARY: MemorySanitizer: use-of-uninitialized-value (/root/wasmoi/fuzz/node/out/Release/bytecode_builtins_list_generator+0x7b9a4) (BuildId: 03769851967f1035cfcd85bf0341cdac04178ac6) in writev
Additional information
No response