You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Detailed report: https://oss-fuzz.com/testcase?key=4821044789510144
Project: json
Fuzzer: libFuzzer_json_parse_msgpack_fuzzer
Fuzz target binary: parse_msgpack_fuzzer
Job Type: libfuzzer_ubsan_json
Platform Id: linux
Crash Type: ASSERT
Crash Address:
Crash State:
j1 == j2
Sanitizer: undefined (UBSAN)
Regressed: https://oss-fuzz.com/revisions?job=libfuzzer_ubsan_json&range=201703121620:201703131620
Reproducer Testcase: https://oss-fuzz.com/download/AMIfv95r3siDN2ltToQ5vN36W9lve3Ln8EXjFiROzufTiDX1Y4GYkxsXvg5nIbXABtyUXl4dfW-Fn_pmbCc_1r3VfsyfzpeEp0MTaFe3oIQTKSt7YgrLUVxGZmR8fB1C6MIUA4DyNVwsjf1HC4arVV-O5g31YbYleidY5uzC8KQilSkYNIjQYdDmaUJUKfHe5zig5uS6gevOeIW3RIcIMrAjJgf7Uoz03CxVxO1CYhmrJuoAx4JZOeAWmRE0u8UCa9XHLrm_l1kei87ufEplTIOYlXFGDzxcMtM0UqIHY4WW5XWjHGp_QnZSLMNDBeqGIhlCpMcUuEETwU0Yqo0PJnZAwG2EkmvPJVADA28pdK1WuxyZdGaPvlG8nzFf40TQ8J80h7M67Ouh?testcase_id=4821044789510144
Issue filed automatically.
See https://github.com/google/oss-fuzz/blob/master/docs/reproducing.md for more information.
This bug is subject to a 90 day disclosure deadline. If 90 days elapse
without an upstream patch, then the bug report will automatically
become visible to the public.
Running command: /mnt/scratch0/clusterfuzz/slave-bot/builds/clusterfuzz-builds_json_3dc7f07cae4ab217c21b70d40f93a3acccc6b431/revisions/parse_msgpack_fuzzer -runs=100 -rss_limit_mb=2048 -timeout=25 /fuzz-3-json_parse_msgpack_fuzzer
WARNING: Failed to find function "__sanitizer_print_stack_trace".
INFO: Seed: 3357778421
INFO: Loaded 1 modules (824 guards): [0x7399b0, 0x73a690),
/mnt/scratch0/clusterfuzz/slave-bot/builds/clusterfuzz-builds_json_3dc7f07cae4ab217c21b70d40f93a3acccc6b431/revisions/parse_msgpack_fuzzer: Running 1 inputs 100 time(s) each.
Running: /fuzz-3-json_parse_msgpack_fuzzer
parse_msgpack_fuzzer: src/fuzzer-parse_msgpack.cpp:45: int LLVMFuzzerTestOneInput(const uint8_t *, size_t): Assertion `j1 == j2 failed.
==1== ERROR: libFuzzer: deadly signal
NOTE: libFuzzer has rudimentary signal handlers.
Combine libFuzzer with AddressSanitizer or similar for better crash reports.
SUMMARY: libFuzzer: deadly signal
The issue is correct - the input is an array that contains a NaN value. The assertion fails, because comparing NaN is ways false. This needs to be fixed in the MessagePack fuzzer.
We should compare the binary serializations rather than the JSON values
themselves. This fix was already done for CBOR and apparently forgotten
for MessagePack.
clusterfuzz-testcase-4821044789510144.zip
The text was updated successfully, but these errors were encountered: