Hello, I found a few issues with afl++ using previous bug reports' findings to seed my search. The former two affect uninstrumented binaries. One issue that seemed to be handled properly by Make 3.81 but not 4.0 after is with this one-liner Makefile: %:define
Current master fails with an assertion failure in read.c:
// If it's a pattern target, then add it to the pattern-specific variable list.
percent = find_percent_cached (&name);
if (percent)
{
/* Get a reference for this pattern-specific variable struct. */
p = create_pattern_var (name, percent);
p->variable.fileinfo = *flocp;
/* I don't think this can fail since we already determined it was a
variable definition. */
v = assign_variable_definition (&p->variable, defn);
assert (v != 0);
...
It does fail though. On my Debian Bullseye system, packaged Make 4.3 segfaults
instead. ASan is also unhappy as gdb indicates that v = 0x0:
ERROR: AddressSanitizer: SEGV on unknown address 0x00000000002f (...)
The signal is caused by a READ memory access.
Hint: address points to the zero page.
A different issue is with this more finicky Makefile causing a stack overflow:
define x
$(call x)
endef
$(call x)
This appears to lead to infinite recursion of some functions. For brevity I've
attached the backtrace; ASan leads to a crash more quickly.
One more issue doesn't affect my uninstrumented binaries, but Memcheck and ASan
say it's bad:
$(sort $)
It's more challenging for me to understand the issue here, but I hope it
helps.#0 0x7fa5f3b9930a (/lib/x86_64-linux-gnu/libasan.so.6+0x5930a)
#1 0x7fa5f3b9a7a2 in vsprintf (/lib/x86_64-linux-gnu/libasan.so.6+0x5a7a2)
#2 0x7fa5f3b9a8e6 in sprintf (/lib/x86_64-linux-gnu/libasan.so.6+0x5a8e6)
#3 0x562c32c49ccb in func_call src/function.c:2619
The following lines are periodic:
#4 0x562c32c472ed in expand_builtin_function src/function.c:2420
#5 0x562c32c52819 in handle_function src/function.c:2544
#6 0x562c32c38748 in variable_expand_string src/expand.c:258
#7 0x562c32c3a10c in variable_expand src/expand.c:417
#8 0x562c32c3a261 in variable_expand_for_file src/expand.c:464
#9 0x562c32c37a73 in allocated_variable_expand_for_file src/expand.c:566
#10 0x562c32c38336 in recursively_expand_for_file src/expand.c:140
#11 0x562c32c3963a in reference_variable src/expand.c:174
#12 0x562c32c3963a in variable_expand_string src/expand.c:380
#13 0x562c32c49fbe in func_call src/function.c:2643
...
signature.asc
Description: This is a digitally signed message part.
