Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

UBSAN: shift exponent is too large #1293

Closed
pietroborrello opened this issue Feb 17, 2022 · 4 comments
Closed

UBSAN: shift exponent is too large #1293

pietroborrello opened this issue Feb 17, 2022 · 4 comments
Labels
1 stb_image 2 bug w/ repro 5 merged-dev Merged into development branch

Comments

@pietroborrello
Copy link

pietroborrello commented Feb 17, 2022
edited
Loading

Describe the bug
Several UBSAN runtime error: shift exponent 32 is too large for 32-bit type 'unsigned int' and similar

To Reproduce
Built stb according to the oss-fuzz script with CXXFLAGS='-O1 -fsanitize=address -fsanitize=array-bounds,bool,builtin,enum,float-divide-by-zero,function,integer-divide-by-zero,null,object-size,return,returns-nonnull-attribute,shift,signed-integer-overflow,unreachable,vla-bound,vptr'

UBSAN Output

$ ./stbi_read_fuzzer ./id:000116,sig:06,src:001260,time:12860161,op:havoc,rep:16,trial:1503866
INFO: Seed: 1313754043
INFO: Loaded 1 modules   (6883 inline 8-bit counters): 6883 [0x5e1b33, 0x5e3616), 
INFO: Loaded 1 PC tables (6883 PCs): 6883 [0x573228,0x58e058), 
stbi_read_fuzzer: Running 1 inputs 1 time(s) each.
Running: id:000116,sig:06,src:001260,time:12860161,op:havoc,rep:16,trial:1503866
src/stb/tests/../stb_image.h:2065:27: runtime error: shift exponent 32 is too large for 32-bit type 'unsigned int'
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior src/stb/tests/../stb_image.h:2065:27 in 
Executed id:000116,sig:06,src:001260,time:12860161,op:havoc,rep:16,trial:1503866 in 2 ms
***
*** NOTE: fuzzing was not performed, you have only
***       executed the target code on a fixed set of inputs.
***

Crashing files
ubsan-shift-too-large.zip
@NBickford-NV NBickford-NV mentioned this issue Feb 23, 2022
Merged
slouken pushed a commit to libsdl-org/SDL_image that referenced this issue May 28, 2022
@sezero @slouken
stb_image.h: imported three fuzz fixes by Neil Bickford from mainstream
04562ed 
Mainstream pull requests:
nothings/stb#1230
nothings/stb#1223
nothings/stb#1297

Related mainstream issue tickets:
nothings/stb#1224
nothings/stb#1225
nothings/stb#1289
nothings/stb#1291
nothings/stb#1292
nothings/stb#1293
@rygorous
Copy link
Collaborator

I tested the provided repros agains Neil's patches and the bugs are confirmed fixed. Patches are in dev branch, fix will be in the next release.

@rygorous rygorous added 2 bug w/ repro 5 merged-dev Merged into development branch labels Jan 22, 2023
@rygorous
Copy link
Collaborator

Fixed in 2.28.

@Marietto2008
Copy link

nope,it is not fixed...

Istantanea_2023-06-30_02-23-45

Istantanea_2023-06-30_02-24-19

@nothings
Copy link
Owner

nothings commented Jun 30, 2023
edited
Loading

fs/ufs/super.c:1246 ???

btw, you can't cut-and-paste from screenshots, so screenshots of code/errors are unhelpful when reporting bugs

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
1 stb_image 2 bug w/ repro 5 merged-dev Merged into development branch
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@Marietto2008 @rygorous @nothings @pietroborrello