Comments (9)
johnstiles-google
commented on June 7, 2024
1
This might be driven by a new flag: https://reviews.llvm.org/D134669
-fsanitize-memory-param-retval
from oss-fuzz.
johnstiles-google
commented on June 7, 2024
1
I haven't looked into this too closely but I think John is saying it is a false positive.
It wasn't entirely a "false positive", but it was confusing because MSAN's new behavior violates the documentation's explanation of how MSAN works.
https://github.com/google/sanitizers/wiki/MemorySanitizer#introduction
MSan is bit-exact: it can track uninitialized bits in a bitfield. It will tolerate copying of uninitialized memory, and also simple logic and arithmetic operations with it. In general, MSan silently tracks the spread of uninitialized data in memory, and reports a warning when a code branch is taken (or not taken) depending on an uninitialized value.
The new behavior violates this rule. Passing an uninitialized value to a function is "spreading" it, not "branching" on it. I understand that it is UB, but MSAN historically hasn't made its mission to report UBβit has been to track the spread of uninitialized data, and report when the code makes decisions based on it.
So it's a false positive from that perspective, but apparently this is intentional and everyone agrees that it's a good change. In that case it's not a false positive, but the docs are wrong, so they should be updated.
from oss-fuzz.
jonathanmetzman
commented on June 7, 2024
Related: #11886
from oss-fuzz.
johnstiles-google
commented on June 7, 2024
This is causing issues while fuzzing libjpeg-turbo. See libjpeg-turbo/libjpeg-turbo#761
from oss-fuzz.
maflcko
commented on June 7, 2024
This might be driven by a new flag: https://reviews.llvm.org/D134669
-fsanitize-memory-param-retval
Yes, this was intentional, so it is a true positive. The flag is turned on by default since clang 16, according to https://releases.llvm.org/16.0.0/tools/clang/docs/ReleaseNotes.html#sanitizers . It is possible to turn off the flag on a per-project basis, or in the base image flags, but I am not sure that'd be a good idea, as that may be hiding real bugs.
from oss-fuzz.
maflcko
commented on June 7, 2024
The CI-Fuzz issue is a false positive and should be fixed when the image was re-built, according to #11886 (comment) ?
Are there any other issues that I am not aware of?
from oss-fuzz.
jonathanmetzman
commented on June 7, 2024
The CI-Fuzz issue is a false positive and should be fixed when the image was re-built, according to #11886 (comment) ?
Sorry the CIFuzz comment is a bit hard to parse. I was sayign that the images are building, so the problem is not simply due to the builder image being out of date.
I haven't looked into this too closely but I think John is saying it is a false positive.
from oss-fuzz.
maflcko
commented on June 7, 2024
Presumably this was https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=68704#c3
from oss-fuzz.
johnstiles-google
commented on June 7, 2024
Filed google/sanitizers#1755. If you are OK with the amended phrasing that I made up in the bug,I can send a PR.
from oss-fuzz.
Related Issues (20)
- oss-fuzz does not cover the code after if - else in C code HOT 7
- Coverage build failure for ImageMagick: No space left on device HOT 7
- [lua] LeakSanitizer breaks building on ARM64 HOT 1
- Issue 61714: hsqldb: Fuzzing build failure
- Problems in libyaml fuzzer programs HOT 1
- Add a CITATION.ctf HOT 3
- ESP-IDF 5.2.1 issue with installed FMT in VSC (Window 11), it generate missing CPP/G++ header error, unable to complies HOT 4
- Update ossfuzz base image to newer Ubuntu (22.04 or 24.04) ? HOT 6
- Timeout issue was incorrectly closed HOT 2
- Regression range should include OSS-Fuzz infrastructure changes HOT 4
- jcc: panic in CorrectMissingHeaders(), trying to copy a file that does not exist
- Fuzz targets seem to have started failing under MSan on CIFuzz HOT 16
- Improve OSS-Fuzz build status page HOT 2
- jcc: remove C-specific `-std=` flags when trying to compile as C++.
- Project owners need some way to mark bugs as false positives HOT 3
- Understanding inconsistent coverage reports HOT 5
- Project owners need some way to adjust severity of OSS-Fuzz reports
- Better pre-commit monitoring for MSan false positives
- Minimizing timeout test cases HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
π Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. πππ
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google β€οΈ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from oss-fuzz.