Dear coreutils developers, We tested coreutils with an automatic tool (based on the symbolic execution tool KLEE). A number of test cases triggering UBSan integer related errors were generated. We manually checked those test cases and filtered out benign cases. Finally, we identified and report 3 cases that could trigger bugs. Below is the information for reproducing the bugs.
- coreutils version: 8.31
- operating system: Ubuntu 16.04.7
- compiler: 6.0.0-1ubuntu2~16.04.1 (tags/RELEASE_600/final)
- compilation commands:
mkdir obj
cd obj
CC=clang CFLAGS="-g -O1 -Xclang -disable-llvm-passes -D__NO_STRING_INLINES
-D_FORTIFY_SOURCE=0 -U__OPTIMIZE__ -fsanitize=signed-integer-overflow
-fsanitize=unsigned-integer-overflow -fsanitize=shift -fsanitize=bounds
-fsanitize=pointer-overflow -fsanitize=null" ../configure --disable-nls
make
- inputs: please download the attached bug triggering inputs basenc1.stdin and
basenc2.stdin
bug1: basenc
command: cat basenc1.stdin | basenec --z -
relevant error message: ../src/basenc.c:635:25: runtime error: left shift of
128 by 24 places cannot be represented in type ‘int'
bug2: basenc
command: cat basenc2.stdin | basenc --z - -d
relevant error message: ../src/basenc.c:770:18: runtime error: signed integer
overflow: 41760500 * 85 cannot be represented in type ‘int'
bug3: seq
command: seq 3 1 1.
relevant error message: ../src/seq.c:185:21: runtime error: unsigned integer
overflow: 2 + 18446744073709551615 cannot be represented in type 'unsigned long'
Best,
Jingxuan
basenc1.stdin
Description: basenc1.stdin
basenc2.stdin
Description: basenc2.stdin
