Closed Bug 1330268 Opened 7 years ago Closed 2 years ago

Assertion failure: consumed == child->consumed, at ../../lib/util/secasn1d.c:1565

Categories

(NSS :: Libraries, defect, P2)

Product:
NSS
Component:
Libraries
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED DUPLICATE of bug 1387919

People

(Reporter: ttaubert, Unassigned)

References

(Blocks 2 open bugs)

Details

(Keywords: assertion, sec-audit, testcase)

Attachments

(1 file)

crash-08a4a9af4c4054036af635a8d516afb5ccc454e1
214 bytes, application/octet-stream
Details 
Assertion failure: consumed == child->consumed, at ../../lib/util/secasn1d.c:1565
==24234== ERROR: libFuzzer: deadly signal
    #0 0x4cd590 in __sanitizer_print_stack_trace (/home/worker/dist/Debug/bin/nssfuzz-pkcs8+0x4cd590)
    #1 0x5139ea in fuzzer::Fuzzer::CrashCallback() /home/worker/nss/out/Debug/../../fuzz/libFuzzer/FuzzerLoop.cpp:277:5
    #2 0x513972 in fuzzer::Fuzzer::StaticCrashSignalCallback() /home/worker/nss/out/Debug/../../fuzz/libFuzzer/FuzzerLoop.cpp:261:6
    #3 0x5501c8 in fuzzer::CrashHandler(int, siginfo_t*, void*) /home/worker/nss/out/Debug/../../fuzz/libFuzzer/FuzzerUtilPosix.cpp:37:3
    #4 0x7fcad950338f  (/lib/x86_64-linux-gnu/libpthread.so.0+0x1138f)
    #5 0x7fcad8f5a427 in gsignal /build/glibc-t3gR2i/glibc-2.23/signal/../sysdeps/unix/sysv/linux/raise.c:54
    #6 0x7fcad8f5c029 in abort /build/glibc-t3gR2i/glibc-2.23/stdlib/abort.c:89
    #7 0x7fcad87d6cf9 in PR_Assert /home/worker/nspr/Debug/pr/src/io/../../../../pr/src/io/prlog.c:553:5
    #8 0x7fcad9ae0335 in sec_asn1d_reuse_encoding /home/worker/nss/out/Debug/../../lib/util/secasn1d.c:1565:5
    #9 0x7fcad9ad8b89 in SEC_ASN1DecoderUpdate_Util /home/worker/nss/out/Debug/../../lib/util/secasn1d.c:2806:17
    #10 0x4f8198 in LLVMFuzzerTestOneInput /home/worker/nss/out/Debug/../../fuzz/pkcs8_target.cc:130:11
    #11 0x5169d0 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /home/worker/nss/out/Debug/../../fuzz/libFuzzer/FuzzerLoop.cpp:549:13
    #12 0x5171c8 in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long) /home/worker/nss/out/Debug/../../fuzz/libFuzzer/FuzzerLoop.cpp:500:3
    #13 0x5164b4 in fuzzer::Fuzzer::RunOne(std::vector<unsigned char, std::allocator<unsigned char> > const&) /home/worker/nss/out/Debug/../../fuzz/libFuzzer/FuzzerInternal.h:119:41
    #14 0x5164b4 in fuzzer::Fuzzer::ShuffleAndMinimize(std::vector<std::vector<unsigned char, std::allocator<unsigned char> >, std::allocator<std::vector<unsigned char, std::allocator<unsigned char> > > >*) /home/worker/nss/out/Debug/../../fuzz/libFuzzer/FuzzerLoop.cpp:479
    #15 0x4ff233 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /home/worker/nss/out/Debug/../../fuzz/libFuzzer/FuzzerDriver.cpp:534:6
    #16 0x4f8733 in main /home/worker/nss/out/Debug/../../fuzz/libFuzzer/FuzzerMain.cpp:20:10
    #17 0x7fcad8f4582f in __libc_start_main /build/glibc-t3gR2i/glibc-2.23/csu/../csu/libc-start.c:291
    #18 0x41ede8 in _start (/home/worker/dist/Debug/bin/nssfuzz-pkcs8+0x41ede8)
Marking sec-audit after conversation with :fkiefer and :ttaubert. They intend to address this and other similar bugs,  in a timeframe TBD.
Keywords: sec-audit
Priority: -- → P2
Status: NEW → RESOLVED
Closed: 2 years ago
Resolution: --- → DUPLICATE
Group: crypto-core-security
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: