From 7d6307dcf3dbbb5bd9a9aafad77b8393c73b2618 Mon Sep 17 00:00:00 2001 From: David Sterba Date: Sat, 3 Sep 2016 20:52:18 +0200 Subject: [PATCH] btrfs-progs: tests: add fuzzed image for heap overflow while checking chunk items Reported-by: Lukas Lueg Signed-off-by: David Sterba --- ...o-154961-heap-overflow-chunk-items.raw.txt | 21 ++++++++++++++++++ ...ko-154961-heap-overflow-chunk-items.raw.xz | Bin 0 -> 3692 bytes 2 files changed, 21 insertions(+) create mode 100644 tests/fuzz-tests/images/bko-154961-heap-overflow-chunk-items.raw.txt create mode 100644 tests/fuzz-tests/images/bko-154961-heap-overflow-chunk-items.raw.xz diff --git a/tests/fuzz-tests/images/bko-154961-heap-overflow-chunk-items.raw.txt b/tests/fuzz-tests/images/bko-154961-heap-overflow-chunk-items.raw.txt new file mode 100644 index 00000000..f41eac60 --- /dev/null +++ b/tests/fuzz-tests/images/bko-154961-heap-overflow-chunk-items.raw.txt @@ -0,0 +1,21 @@ +URL: https://bugzilla.kernel.org/show_bug.cgi?id=154961 +Lukas Lueg 2016-08-27 17:29:35 UTC + +More news from the fuzzer. See the attached image to reproduce using +btrfs-progs btrfs-progs v4.7-42-g56e9586. You may need to compile with ASAN, +could not reproduce without... + + +==2572==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x621000018d86 at pc 0x000000547c3c bp 0x7ffd60ec5ef0 sp 0x7ffd60ec5ee8 +READ of size 8 at 0x621000018d86 thread T0 + #0 0x547c3b in btrfs_stripe_offset /home/lukas/dev/btrfsfuzz/src-asan/./ctree.h:1357:1 + #1 0x5391f7 in btrfs_stripe_offset_nr /home/lukas/dev/btrfsfuzz/src-asan/./ctree.h:1399:9 + #2 0x538790 in btrfs_new_chunk_record /home/lukas/dev/btrfsfuzz/src-asan/cmds-check.c:5209:4 + #3 0x56c55d in process_chunk_item /home/lukas/dev/btrfsfuzz/src-asan/cmds-check.c:5225:8 + #4 0x5634e7 in run_next_block /home/lukas/dev/btrfsfuzz/src-asan/cmds-check.c:6290:5 + #5 0x55c489 in deal_root_from_list /home/lukas/dev/btrfsfuzz/src-asan/cmds-check.c:8338:10 + #6 0x541d53 in check_chunks_and_extents /home/lukas/dev/btrfsfuzz/src-asan/cmds-check.c:8505:8 + #7 0x53d565 in cmd_check /home/lukas/dev/btrfsfuzz/src-asan/cmds-check.c:11430:9 + #8 0x4f105f in main /home/lukas/dev/btrfsfuzz/src-asan/btrfs.c:243:8 + #9 0x7f40dcd8b730 in __libc_start_main (/lib64/libc.so.6+0x20730) + #10 0x421238 in _start (/home/lukas/dev/btrfsfuzz/bin-asan/bin/btrfs+0x421238) diff --git a/tests/fuzz-tests/images/bko-154961-heap-overflow-chunk-items.raw.xz b/tests/fuzz-tests/images/bko-154961-heap-overflow-chunk-items.raw.xz new file mode 100644 index 0000000000000000000000000000000000000000..dfd01ca2f2f0df0444acb9e711aa7ddffe3a14f3 GIT binary patch literal 3692 zcmeH~`8U*y8^=FmyNz8VG-P7JknE9Nh>HdpR~gGNc3sTK63NmfyRnolH!|6G#gOI7 z5}HOSq}1SAvW_j&pfUG*zkfjIbnf~7@IAM`;5p~@yr0+eJWQ>~D`)`VSe$rl#s)}% zBme*qe0k*sixtG)?g9WoOcsksVwoHKd@NYo{Zd;tVv%_Jr#;%dwvP7JSq4>iQX)4BNU$zGV>w73GYv~bYSpMnJ2 zt)eWlRM>zf^F95!74tMDlL}DC?|gJ+p+QB1{@jd0Pqw$6#&u#MCD6k1>b|5$9bdc& zvIl`fa~Wy{Uh`hb1i!UfE7L+ujv3G=BugpiiW8xdRd?HN7_H{ zDzQd6x*l#Ednnrei^PentbXzu%=O$yz4FfO8KQ&hVdBtrG5YT#!oJFs?xX&5PW|)> z$XeEjL=h&U88&5$pbEcR;@%I9xF<5!kyw*&2K8#Z%QIXhY>%f;1PCx&0~F@(+Y2{~ zb>|9poaS7#(F^08`xpWBOE73Cd0nAlw)7OkrDH|Q0eY1QQQ;Gy$|D}Oash$@w%aCU z6@%-A*Lt?ATzD6dE5eg21u6kOhoMPDSHQC#6Or<0Y~R7SSHv=vBfU--ITS=34)vzzz#(LZWFHhl{ z8bl|1(-wEZpE5C}P~jOuC3VIHk0C-}0vK9Ua|W)+ zTUk-wV_E%~;NVmS{%#DW~4dTB=_#|H%kH8y+oLlsgw-)GC1-L#Gfk%in7R|9Wm?&_5XZ5|fo#t5kw z3{*Ng!}wX;lPF@Vp~J;90z4lI!mpQI{IFD4y}5*7?2o4wG9-O7f zrKU+^GZgI^>ZMWRE~~eVA^JWgrVOn!ZXZ{Jo9E5w_M1teiYimRw)R=ld0gz6VVtgT zkD69~*)dSr5)rJhR?R}o)&}#6WLI=+e{X+!EUo&BS%M%%U|o*rNcR@gY>qn_rTIQ5 zk3M#c+)LKz@KXV7+855XF~W{f;kNQ zbw>sdg>@HUCQ$V?ih59}qU6v+NZ9!;uE*=!A^az$d058-idjqSI)K5vISbskr_Vz# zX<-%+U|pOh;17RDBtZ(qXOc0eDfUv5X^x&)gxBt)9iJ)JNO%+NlC^s(b;n$2@tOL} z6LM}k+@}#wa6NPm-*8SytI|&9GA(^x>TyO#irP|_7M6evEWuie>qSsrzc70=lnlb} zb=SMb8Lrx}*RUM8RypqA`N_Iyu8jpnP2H(B2whLMcJ?{CUFtkq_W%|RDylCCUE#Ua z`9Yj|D?YYt0nJ~N9u`t16T#-DT(p$t%X*_5F*ADKqiEQm{O2W}Ef0cYh9ACWY)HZrh?K<9cIn%yn!S zdG#QPc@a`TQ_%3K8h+|tvv9d8w= z?#3tww-W?K&7+o+2kl&hrmqiV?%~hI8`1OjUdPX=Go4zUk&O{EQIhD%{l|PA0e%}e zkHj}FN9(~oSF^dr;o4g()*7hfv2kCQ$TrR{m^XzzIBtP9&)zU?IT3&322Sve>`_2r zVD7<1Eu+#e@=^O|;rPeAW=UUM=ej z%3X7Q>21125@qgCkJl{Y$VQ&0<&;Q!rmb%46$`P)+?l2W