stack-overflow again xpath
Hello, 30 days ago I opened an issue for xpath stack-overflow, it was reproducible only with clang-14 but now I find similar issue for clang-18.1.1
Here is my flags:
clang-18 -v
Ubuntu clang version 18.1.1 (++20240308111306+dba2a75e9c7e-1~exp1~20240308231321.67)
Target: aarch64-unknown-linux-gnu
Thread model: posix
InstalledDir: /usr/bin
Found candidate GCC installation: /usr/bin/../lib/gcc/aarch64-linux-gnu/11
Selected GCC installation: /usr/bin/../lib/gcc/aarch64-linux-gnu/11
Candidate multilib: .;@m64
Selected multilib: .;@m64
CFLAGS -g -fsanitize=fuzzer-no-link,address,undefined -fno-sanitize-recover=all -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
./configure --disable-shared
, I used this configuration for otherwise always fuzzer exit, because stack-use-after-return
Reproducer files: crash-ea882353f61e213b9452543742f4cf6fef727e37
crash-fd0df2bb77e0c047cdaffaefa69dae0f8a110675
Also the issue #671 (closed) reproducible with those flags.
output of all files:
AddressSanitizer:DEADLYSIGNAL
=================================================================
==50495==ERROR: AddressSanitizer: stack-overflow on address 0xfffff1c9ca60 (pc 0xaaaaab7be30c bp 0xfffff1ca3b80 sp 0xfffff1c9ca80 T0)
#0 0xaaaaab7be30c in __asan_stack_malloc_1 (/libxml2/fuzz/xpath+0x81e30c) (BuildId: 1a2bd4996b793faca92f445cb2c162f273665adc)
#1 0xaaaaac4d92c4 in xmlXPathCompOpEval /libxml2/xpath.c:11780
#2 0xaaaaac4de898 in xmlXPathCompOpEval /libxml2/xpath.c:11850:22
#3 0xaaaaac4de898 in xmlXPathCompOpEval /libxml2/xpath.c:11850:22
#4 0xaaaaac4de898 in xmlXPathCompOpEval /libxml2/xpath.c:11850:22
...
...
...
#244 0xaaaaac4de898 in xmlXPathCompOpEval /libxml2/xpath.c:11850:22
#245 0xaaaaac4de898 in xmlXPathCompOpEval /libxml2/xpath.c:11850:22
#246 0xaaaaac4de898 in xmlXPathCompOpEval /libxml2/xpath.c:11850:22
SUMMARY: AddressSanitizer: stack-overflow (/libxml2/fuzz/xpath+0x81e30c) (BuildId: 1a2bd4996b793faca92f445cb2c162f273665adc) in __asan_stack_malloc_1
==50495==ABORTING```
Edited by Andre Klapper