Dear findutils developers, We tested findutils with an automatic tool (based on the symbolic execution tool KLEE). 5 test cases triggering UBSan errors were generated. We manually checked those test cases and filtered out benign cases. Finally, we identified and report 2 cases that could trigger bugs. Below is the information for reproducing the bugs.
- findutils version: 4.7.0 - operating system: Ubuntu 16.04.7 - compiler: clang version 6.0.0-1ubuntu2~16.04.1 (tags/RELEASE_600/final) - compilation commands: mkdir obj cd obj CC=clang CFLAGS="-g -O1 -Xclang -disable-llvm-passes -D__NO_STRING_INLINES -D_FORTIFY_SOURCE=0 -U__OPTIMIZE__ -fsanitize=signed-integer-overflow -fsanitize=unsigned-integer-overflow -fsanitize=shift -fsanitize=bounds -fsanitize=pointer-overflow -fsanitize=null" ../configure --disable-nls --disable-largefile --disable-threads --without-selinux make - inputs: the attached file contains the input file A of the second bug. bug 1 command: find -H - -delete relevant error message: ../../find/tree.c:538:23: runtime error: member access within null pointer of type 'struct predicate’ bug 2 command: find -H -neweraa A relevant error message: ../../find/parser.c:698:48: runtime error: signed integer overflow: 1624986826 - -9223372036854775808 cannot be represented in type ‘long' Note: I think this bug depends on the timestamp and is triggered only sometimes. Best, Jingxuan
A.tar.gz
Description: A.tar.gz