Skip to content

mem.c:739:2: runtime error: null pointer returned from function declared to never return null

Found by ossfuzz:

[Environment] UBSAN_OPTIONS=print_stacktrace=1:silence_unsigned_overflow=1
+----------------------------------------Release Build Stacktrace----------------------------------------+
Command: /mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds_bind9_9f24385eb8a2bc6fb33e75dbdae3dfe52925ab00/revisions/dns_rdata_fromwire_text_fuzzer -rss_limit_mb=2560 -timeout=60 -runs=100 /mnt/scratch0/clusterfuzz/bot/inputs/fuzzer-testcases/crash-d76d7bd8ebb5b351b84bf2047ba1e3c4c126abe6
Time ran: 0.05019402503967285
INFO: Running with entropic power schedule (0xFF, 100).
INFO: Seed: 3998893740
INFO: Loaded 1 modules   (113688 inline 8-bit counters): 113688 [0x103ace8, 0x1056900),
INFO: Loaded 1 PC tables (113688 PCs): 113688 [0x1056900,0x1212a80),
/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds_bind9_9f24385eb8a2bc6fb33e75dbdae3dfe52925ab00/revisions/dns_rdata_fromwire_text_fuzzer: Running 1 inputs 100 time(s) each.
Running: /mnt/scratch0/clusterfuzz/bot/inputs/fuzzer-testcases/crash-d76d7bd8ebb5b351b84bf2047ba1e3c4c126abe6
mem.c:739:2: runtime error: null pointer returned from function declared to never return null
include/isc/mem.h:478:1: note: returns_nonnull attribute specified here
    #0 0x95a4bb in isc__mem_get bind9/lib/isc/mem.c:740:1
    #1 0x93c28f in isc_buffer_allocate bind9/lib/isc/buffer.c:543:25
    #2 0x5254b2 in unknown_fromtext bind9/lib/dns/rdata.c:882:2
    #3 0x523e6d in dns_rdata_fromtext bind9/lib/dns/rdata.c:979:13
    #4 0x4b5fff in LLVMFuzzerTestOneInput bind9/fuzz/dns_rdata_fromwire_text.c:173:11
    #5 0x443d93 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:599:15
    #6 0x42f4d2 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:323:6
    #7 0x4351ae in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:856:9
    #8 0x45eca2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10
    #9 0x7fa08774183f in __libc_start_main /build/glibc-e6zv40/glibc-2.23/csu/libc-start.c:291
    #10 0x40a5a8 in _start
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior mem.c:739:2 in
+----------------------------------------Release Build Unsymbolized Stacktrace (diff)----------------------------------------+
mem.c:739:2: runtime error: null pointer returned from function declared to never return null
include/isc/mem.h:478:1: note: returns_nonnull attribute specified here
    #0 0x95a4bb  (/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds_bind9_9f24385eb8a2bc6fb33e75dbdae3dfe52925ab00/revisions/dns_rdata_fromwire_text_fuzzer+0x95a4bb)
    #1 0x93c28f  (/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds_bind9_9f24385eb8a2bc6fb33e75dbdae3dfe52925ab00/revisions/dns_rdata_fromwire_text_fuzzer+0x93c28f)
    #2 0x5254b2  (/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds_bind9_9f24385eb8a2bc6fb33e75dbdae3dfe52925ab00/revisions/dns_rdata_fromwire_text_fuzzer+0x5254b2)
    #3 0x523e6d  (/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds_bind9_9f24385eb8a2bc6fb33e75dbdae3dfe52925ab00/revisions/dns_rdata_fromwire_text_fuzzer+0x523e6d)
    #4 0x4b5fff  (/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds_bind9_9f24385eb8a2bc6fb33e75dbdae3dfe52925ab00/revisions/dns_rdata_fromwire_text_fuzzer+0x4b5fff)
    #5 0x443d93  (/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds_bind9_9f24385eb8a2bc6fb33e75dbdae3dfe52925ab00/revisions/dns_rdata_fromwire_text_fuzzer+0x443d93)
    #6 0x42f4d2  (/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds_bind9_9f24385eb8a2bc6fb33e75dbdae3dfe52925ab00/revisions/dns_rdata_fromwire_text_fuzzer+0x42f4d2)
    #7 0x4351ae  (/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds_bind9_9f24385eb8a2bc6fb33e75dbdae3dfe52925ab00/revisions/dns_rdata_fromwire_text_fuzzer+0x4351ae)
    #8 0x45eca2  (/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds_bind9_9f24385eb8a2bc6fb33e75dbdae3dfe52925ab00/revisions/dns_rdata_fromwire_text_fuzzer+0x45eca2)
    #9 0x7fa08774183f  (/lib/x86_64-linux-gnu/libc.so.6+0x2083f)
    #10 0x40a5a8  (/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds_bind9_9f24385eb8a2bc6fb33e75dbdae3dfe52925ab00/revisions/dns_rdata_fromwire_text_fuzzer+0x40a5a8)
ORIGINAL STACKTRACE ON REVISION D7AA979A6C3F5A639012EC5981992FC8A3867525 (43 LINES)
[Environment] UBSAN_OPTIONS=print_stacktrace=1:silence_unsigned_overflow=1
+----------------------------------------Release Build Stacktrace----------------------------------------+
Command: /mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds_bind9_9f24385eb8a2bc6fb33e75dbdae3dfe52925ab00/revisions/dns_rdata_fromwire_text_fuzzer -rss_limit_mb=2560 -timeout=60 -runs=100 /mnt/scratch0/clusterfuzz/bot/inputs/fuzzer-testcases/b3e3b33147ec29ee51c4add23be2f25febb5b351b84bf2047ba1e3c4c126abe6
Time ran: 0.04110836982727051
INFO: Running with entropic power schedule (0xFF, 100).
INFO: Seed: 4192504056
INFO: Loaded 1 modules   (113688 inline 8-bit counters): 113688 [0x103ace8, 0x1056900),
INFO: Loaded 1 PC tables (113688 PCs): 113688 [0x1056900,0x1212a80),
/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds_bind9_9f24385eb8a2bc6fb33e75dbdae3dfe52925ab00/revisions/dns_rdata_fromwire_text_fuzzer: Running 1 inputs 100 time(s) each.
Running: /mnt/scratch0/clusterfuzz/bot/inputs/fuzzer-testcases/b3e3b33147ec29ee51c4add23be2f25febb5b351b84bf2047ba1e3c4c126abe6
mem.c:739:2: runtime error: null pointer returned from function declared to never return null
include/isc/mem.h:478:1: note: returns_nonnull attribute specified here
    #0 0x95a4bb in isc__mem_get bind9/lib/isc/mem.c:740:1
    #1 0x93c28f in isc_buffer_allocate bind9/lib/isc/buffer.c:543:25
    #2 0x5254b2 in unknown_fromtext bind9/lib/dns/rdata.c:882:2
    #3 0x523e6d in dns_rdata_fromtext bind9/lib/dns/rdata.c:979:13
    #4 0x4b5fff in LLVMFuzzerTestOneInput bind9/fuzz/dns_rdata_fromwire_text.c:173:11
    #5 0x443d93 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:599:15
    #6 0x42f4d2 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:323:6
    #7 0x4351ae in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:856:9
    #8 0x45eca2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10
    #9 0x7fd7daa3f83f in __libc_start_main /build/glibc-e6zv40/glibc-2.23/csu/libc-start.c:291
    #10 0x40a5a8 in _start
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior mem.c:739:2 in
+----------------------------------------Release Build Unsymbolized Stacktrace (diff)----------------------------------------+
mem.c:739:2: runtime error: null pointer returned from function declared to never return null
include/isc/mem.h:478:1: note: returns_nonnull attribute specified here
    #0 0x95a4bb  (/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds_bind9_9f24385eb8a2bc6fb33e75dbdae3dfe52925ab00/revisions/dns_rdata_fromwire_text_fuzzer+0x95a4bb)
    #1 0x93c28f  (/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds_bind9_9f24385eb8a2bc6fb33e75dbdae3dfe52925ab00/revisions/dns_rdata_fromwire_text_fuzzer+0x93c28f)
    #2 0x5254b2  (/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds_bind9_9f24385eb8a2bc6fb33e75dbdae3dfe52925ab00/revisions/dns_rdata_fromwire_text_fuzzer+0x5254b2)
    #3 0x523e6d  (/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds_bind9_9f24385eb8a2bc6fb33e75dbdae3dfe52925ab00/revisions/dns_rdata_fromwire_text_fuzzer+0x523e6d)
    #4 0x4b5fff  (/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds_bind9_9f24385eb8a2bc6fb33e75dbdae3dfe52925ab00/revisions/dns_rdata_fromwire_text_fuzzer+0x4b5fff)
    #5 0x443d93  (/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds_bind9_9f24385eb8a2bc6fb33e75dbdae3dfe52925ab00/revisions/dns_rdata_fromwire_text_fuzzer+0x443d93)
    #6 0x42f4d2  (/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds_bind9_9f24385eb8a2bc6fb33e75dbdae3dfe52925ab00/revisions/dns_rdata_fromwire_text_fuzzer+0x42f4d2)
    #7 0x4351ae  (/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds_bind9_9f24385eb8a2bc6fb33e75dbdae3dfe52925ab00/revisions/dns_rdata_fromwire_text_fuzzer+0x4351ae)
    #8 0x45eca2  (/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds_bind9_9f24385eb8a2bc6fb33e75dbdae3dfe52925ab00/revisions/dns_rdata_fromwire_text_fuzzer+0x45eca2)
    #9 0x7fd7daa3f83f  (/lib/x86_64-linux-gnu/libc.so.6+0x2083f)
    #10 0x40a5a8  (/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds_bind9_9f24385eb8a2bc6fb33e75dbdae3dfe52925ab00/revisions/dns_rdata_fromwire_text_fuzzer+0x40a5a8)
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information