==273915==Hint: address points to the zero page. #0 0x5c6e4fcd41b0 in __sanitizer::internal_strlen(char const*) (/home/georg/work/mariadb/cc_3.3/bld/tools/rpl_fuzzer+0x12b1b0) (BuildId: 77fb88dc305567282e3dea63779fa8f6c7450324) #1 0x5c6e4fc3e34f in printf_common(void*, char const*, __va_list_tag*) asan_interceptors.cpp.o #2 0x5c6e4fc3ea15 in vsnprintf (/home/georg/work/mariadb/cc_3.3/bld/tools/rpl_fuzzer+0x95a15) (BuildId: 77fb88dc305567282e3dea63779fa8f6c7450324) #3 0x7b85f8bb02a6 in rpl_set_error /home/georg/work/mariadb/cc_3.3/libmariadb/mariadb_rpl.c:134:3 #4 0x7b85f8bb2ed2 in mariadb_rpl_fetch /home/georg/work/mariadb/cc_3.3/libmariadb/mariadb_rpl.c:1070:10 #5 0x5c6e4fcfe9d8 in LLVMFuzzerTestOneInput /home/georg/work/mariadb/cc_3.3/tools/rpl_fuzzer.c:57:23 #6 0x5c6e4fbfb3e9 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/home/georg/work/mariadb/cc_3.3/bld/tools/rpl_fuzzer+0x523e9) (BuildId: 77fb88dc305567282e3dea63779fa8f6c7450 ==275228== ERROR: libFuzzer: out-of-memory (malloc(4294904344)) To change the out-of-memory limit use -rss_limit_mb= #0 0x5ad1b0738365 in __sanitizer_print_stack_trace (/home/georg/work/mariadb/cc_3.3/bld/tools/rpl_fuzzer+0x11d365) (BuildId: 77fb88dc305567282e3dea63779fa8f6c7450324) #1 0x5ad1b0686e2c in fuzzer::PrintStackTrace() (/home/georg/work/mariadb/cc_3.3/bld/tools/rpl_fuzzer+0x6be2c) (BuildId: 77fb88dc305567282e3dea63779fa8f6c7450324) #2 0x5ad1b066ab9a in fuzzer::Fuzzer::HandleMalloc(unsigned long) (/home/georg/work/mariadb/cc_3.3/bld/tools/rpl_fuzzer+0x4fb9a) (BuildId: 77fb88dc305567282e3dea63779fa8f6c7450324) #3 0x5ad1b066aa9f in fuzzer::MallocHook(void const volatile*, unsigned long) (/home/georg/work/mariadb/cc_3.3/bld/tools/rpl_fuzzer+0x4fa9f) (BuildId: 77fb88dc305567282e3dea63779fa8f6c7450324) #4 0x5ad1b07402a6 in __sanitizer::RunMallocHooks(void*, unsigned long) (/home/georg/work/mariadb/cc_3.3/bld/tools/rpl_fuzzer+0x1252a6) (BuildId: 77fb88dc305567282e3dea63779fa8f6c7450324) #5 0x5ad1b068ad00 in __asan::Allocator::Allocate(unsigned long, unsigned long, __sanitizer::BufferedStackTrace*, __asan::AllocType, bool) (/home/georg/work/mariadb/cc_3.3/bld/tools/rpl_fuzzer+0x6fd00) (BuildId: 77fb88dc305567282e3dea63779fa8f6c7450324) #6 0x5ad1b068a6c7 in __asan::asan_malloc(unsigned long, __sanitizer::BufferedStackTrace*) (/home/georg/work/mariadb/cc_3.3/bld/tools/rpl_fuzzer+0x6f6c7) (BuildId: 77fb88dc305567282e3dea63779fa8f6c7450324) #7 0x5ad1b072c888 in malloc (/home/georg/work/mariadb/cc_3.3/bld/tools/rpl_fuzzer+0x111888) (BuildId: 77fb88dc305567282e3dea63779fa8f6c7450324) #8 0x7fedb99da1fe in ma_alloc_root /home/georg/work/mariadb/cc_3.3/libmariadb/ma_alloc.c:91:33 #9 0x7fedb99eef55 in mariadb_rpl_fetch /home/georg/work/mariadb/cc_3.3/libmariadb/mariadb_rpl.c:1076:34 #10 0x5ad1b07709d8 in LLVMFuzzerTestOneInput /home/georg/work/mariadb/cc_3.3/tools/rpl_fuzzer.c:57:23 #11 0x5ad1b066d3e9 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/home/georg/work/mariadb/cc_3.3/bld/tools/rpl_fuzzer+0x523e9) (BuildId: 77fb88dc305567282e3dea63779fa8f6c7450324) ==276076==The signal is caused by a READ memory access. #0 0x5885c85501b0 in __sanitizer::internal_strlen(char const*) (/home/georg/work/mariadb/cc_3.3/bld/tools/rpl_fuzzer+0x12b1b0) (BuildId: 77fb88dc305567282e3dea63779fa8f6c7450324) #1 0x5885c84ba34f in printf_common(void*, char const*, __va_list_tag*) asan_interceptors.cpp.o #2 0x5885c84baa15 in vsnprintf (/home/georg/work/mariadb/cc_3.3/bld/tools/rpl_fuzzer+0x95a15) (BuildId: 77fb88dc305567282e3dea63779fa8f6c7450324) #3 0x7676471b02a6 in rpl_set_error /home/georg/work/mariadb/cc_3.3/libmariadb/mariadb_rpl.c:134:3 #4 0x7676471b30a1 in mariadb_rpl_fetch /home/georg/work/mariadb/cc_3.3/libmariadb/mariadb_rpl.c:1095:9 #5 0x5885c857a9d8 in LLVMFuzzerTestOneInput /home/georg/work/mariadb/cc_3.3/tools/rpl_fuzzer.c:57:23 #6 0x5885c84773e9 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/home/georg/work/mariadb/cc_3.3/bld/tools/rpl_fuzzer+0x523e9) (BuildId: 77fb88dc305567282e3dea63779fa8f6c7450324) #7 0x5885c84769f9 in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool, bool*) (/home/georg/work/mariadb/cc_3.3/bld/tools/rpl_fuzzer+0x519f9) (BuildId: 77fb88dc305567282e3dea63779fa8f6c7450324) #8 0x5885c84783a9 in fuzzer::Fuzzer::MutateAndTestOne() (/home/georg/work/mariadb/cc_3.3/bld/tools/rpl_fuzzer+0x533a9) (BuildId: 77fb88dc305567282e3dea63779fa8f6c7450324) #9 0x5885c8478ef5 in fuzzer::Fuzzer::Loop(std::vector>&) (/home/georg/work/mariadb/cc_3.3/bld/tools/rpl_fuzzer+0x53ef5) (BuildId: 77fb88dc305567282e3dea63779fa8f6c7450324) #10 0x5885c846550d in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/home/georg/work/mariadb/cc_3.3/bld/tools/rpl_fuzzer+0x4050d) (BuildId: 77fb88dc305567282e3dea63779fa8f6c7450324) #11 0x5885c84919c6 in main (/home/georg/work/mariadb/cc_3.3/bld/tools/rpl_fuzzer+0x6c9c6) (BuildId: 77fb88dc305567282e3dea63779fa8f6c7450324) #12 0x767646e2a1c9 in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16 #13 0x767646e2a28a in __libc_start_main csu/../csu/libc-start.c:360:3 #14 0x5885c8459ae4 in _start (/home/georg/work/mariadb/cc_3.3/bld/tools/rpl_fuzzer+0x34ae4) (BuildId: 77fb88dc305567282e3dea63779fa8f6c7450324) =276221==The signal is caused by a WRITE memory access. ==276221==Hint: address points to the zero page. #0 0x7aa0457b1999 in rpl_alloc_set_string_and_len /home/georg/work/mariadb/cc_3.3/libmariadb/mariadb_rpl.c:274:16 #1 0x7aa0457b55b2 in mariadb_rpl_fetch /home/georg/work/mariadb/cc_3.3/libmariadb/mariadb_rpl.c:1839:11 #2 0x5b7c9ea9a9d8 in LLVMFuzzerTestOneInput /home/georg/work/mariadb/cc_3.3/tools/rpl_fuzzer.c:57:23 #3 0x5b7c9e9973e9 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/home/georg/work/mariadb/cc_3.3/bld/tools/rpl_fuzzer+0x523e9) (BuildId: 77fb88dc305567282e3dea63779fa8f6c7450324) ==277264==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7f31865b1999 bp 0x7ffc19692cc0 sp 0x7ffc19692c90 T0) ==277264==The signal is caused by a WRITE memory access. ==277264==Hint: address points to the zero page. #0 0x7f31865b1999 in rpl_alloc_set_string_and_len /home/georg/work/mariadb/cc_3.3/libmariadb/mariadb_rpl.c:274:16 #1 0x7f31865b55e4 in mariadb_rpl_fetch /home/georg/work/mariadb/cc_3.3/libmariadb/mariadb_rpl.c:1849:11 #2 0x5824777959d8 in LLVMFuzzerTestOneInput /home/georg/work/mariadb/cc_3.3/tools/rpl_fuzzer.c:57:23 #3 0x5824776923e9 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/home/georg/work/mariadb/cc_3.3/bld/tools/rpl_fuzzer+0x523e9) (BuildId: 77fb88dc305567282e3dea63779fa8f6c7450324) #4 0x5824776919f9 in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool, bool*) (/home/georg/work/mariadb/cc_3.3/bld/tools/rpl_fuzzer+0x519f9) (BuildId: 77fb88dc305567282e3dea63779fa8f6c7450324) #5 0x5824776933a9 in fuzzer::Fuzzer::MutateAndTestOne() (/home/georg/work/mariadb/cc_3.3/bld/tools/rpl_fuzzer+0x533a9) (BuildId: 77fb88dc305567282e3dea63779fa8f6c7450324) #6 0x582477693ef5 in fuzzer::Fuzzer::Loop(std::vector>&) (/home/georg/work/mariadb/cc_3.3/bld/tools/rpl_fuzzer+0x53ef5) (BuildId: 77fb88dc305567282e3dea63779fa8f6c7450324) #7 0x58247768050d in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/home/georg/work/mariadb/cc_3.3/bld/tools/rpl_fuzzer+0x4050d) (BuildId: 77fb88dc305567282e3dea63779fa8f6c7450324) #8 0x5824776ac9c6 in main (/home/georg/work/mariadb/cc_3.3/bld/tools/rpl_fuzzer+0x6c9c6) (BuildId: 77fb88dc305567282e3dea63779fa8f6c7450324) #9 0x7f318622a1c9 in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16 #10 0x7f318622a28a in __libc_start_main csu/../csu/libc-start.c:360:3 #11 0x582477674ae4 in _start (/home/georg/work/mariadb/cc_3.3/bld/tools/rpl_fuzzer+0x34ae4) (BuildId: 77fb88dc305567282e3dea63779fa8f6c7450324) ==278285== ERROR: libFuzzer: out-of-memory (malloc(17179869208)) To change the out-of-memory limit use -rss_limit_mb= #0 0x6084d33cd365 in __sanitizer_print_stack_trace (/home/georg/work/mariadb/cc_3.3/bld/tools/rpl_fuzzer+0x11d365) (BuildId: 77fb88dc305567282e3dea63779fa8f6c7450324) #1 0x6084d331be2c in fuzzer::PrintStackTrace() (/home/georg/work/mariadb/cc_3.3/bld/tools/rpl_fuzzer+0x6be2c) (BuildId: 77fb88dc305567282e3dea63779fa8f6c7450324) #2 0x6084d32ffb9a in fuzzer::Fuzzer::HandleMalloc(unsigned long) (/home/georg/work/mariadb/cc_3.3/bld/tools/rpl_fuzzer+0x4fb9a) (BuildId: 77fb88dc305567282e3dea63779fa8f6c7450324) #3 0x6084d32ffa9f in fuzzer::MallocHook(void const volatile*, unsigned long) (/home/georg/work/mariadb/cc_3.3/bld/tools/rpl_fuzzer+0x4fa9f) (BuildId: 77fb88dc305567282e3dea63779fa8f6c7450324) #4 0x6084d33d52a6 in __sanitizer::RunMallocHooks(void*, unsigned long) (/home/georg/work/mariadb/cc_3.3/bld/tools/rpl_fuzzer+0x1252a6) (BuildId: 77fb88dc305567282e3dea63779fa8f6c7450324) #5 0x6084d331fd00 in __asan::Allocator::Allocate(unsigned long, unsigned long, __sanitizer::BufferedStackTrace*, __asan::AllocType, bool) (/home/georg/work/mariadb/cc_3.3/bld/tools/rpl_fuzzer+0x6fd00) (BuildId: 77fb88dc305567282e3dea63779fa8f6c7450324) #6 0x6084d331f6c7 in __asan::asan_malloc(unsigned long, __sanitizer::BufferedStackTrace*) (/home/georg/work/mariadb/cc_3.3/bld/tools/rpl_fuzzer+0x6f6c7) (BuildId: 77fb88dc305567282e3dea63779fa8f6c7450324) #7 0x6084d33c1888 in malloc (/home/georg/work/mariadb/cc_3.3/bld/tools/rpl_fuzzer+0x111888) (BuildId: 77fb88dc305567282e3dea63779fa8f6c7450324) #8 0x71d2ce8fd1fe in ma_alloc_root /home/georg/work/mariadb/cc_3.3/libmariadb/ma_alloc.c:91:33 #9 0x71d2ce9108ac in ma_calloc_root /home/georg/work/mariadb/cc_3.3/libmariadb/mariadb_rpl.c:245:11 #10 0x71d2ce91420e in mariadb_rpl_fetch /home/georg/work/mariadb/cc_3.3/libmariadb/mariadb_rpl.c:1748:26 #11 0x6084d34059d8 in LLVMFuzzerTestOneInput /home/georg/work/mariadb/cc_3.3/tools/rpl_fuzzer.c:57:23 #12 0x6084d33023e9 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/home/georg/work/mariadb/cc_3.3/bld/tools/rpl_fuzzer+0x523e9) (BuildId: 77fb88dc305567282e3dea63779fa8f6c7450324) ==278765==ERROR: AddressSanitizer: memcpy-param-overlap: memory ranges [0x759b8e735210,0x759b8e73530e) and [0x759b8e735155, 0x759b8e735253) overlap #0 0x5d676c9cb43d in memcpy (/home/georg/work/mariadb/cc_3.3/bld/tools/rpl_fuzzer+0x11043d) (BuildId: 77fb88dc305567282e3dea63779fa8f6c7450324) #1 0x774b85b169bb in rpl_alloc_set_string_and_len /home/georg/work/mariadb/cc_3.3/libmariadb/mariadb_rpl.c:277:3 #2 0x774b85b163c0 in mariadb_rpl_extract_rows /home/georg/work/mariadb/cc_3.3/libmariadb/mariadb_rpl.c:580:15 #3 0x5d676ca111dc in LLVMFuzzerTestOneInput /home/georg/work/mariadb/cc_3.3/tools/rpl_fuzzer.c:71:40 #4 0x5d676c90d3e9 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/home/georg/work/mariadb/cc_3.3/bld/tools/rpl_fuzzer+0x523e9) (BuildId: 77fb88dc305567282e3dea63779fa8f6c7450324) =280524==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x7301788ea0e8 at pc 0x61834b0c655c bp 0x7ffd2823a510 sp 0x7ffd28239cd8 WRITE of size 653109 at 0x7301788ea0e8 thread T0 #0 0x61834b0c655b in fread (/home/georg/work/mariadb/cc_3.3/bld/tools/rpl_fuzzer+0x8d55b) (BuildId: 77fb88dc305567282e3dea63779fa8f6c7450324) #1 0x74b1733b7a03 in ma_read /home/georg/work/mariadb/cc_3.3/libmariadb/ma_io.c:187:8 #2 0x74b1733b368d in mariadb_rpl_fetch /home/georg/work/mariadb/cc_3.3/libmariadb/mariadb_rpl.c:1224:11 #3 0x61834b18e9d8 in LLVMFuzzerTestOneInput /home/georg/work/mariadb/cc_3.3/tools/rpl_fuzzer.c:57:23 #4 0x61834b08b3e9 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/home/georg/work/mariadb/cc_3.3/bld/tools/rpl_fuzzer+0x523e9) (BuildId: 77fb88dc305567282e3dea63779fa8f6c7450324) 0x7d0d8e3830e8 is located 0 bytes after 8168-byte region [0x7d0d8e381100,0x7d0d8e3830e8) allocated by thread T0 here: #0 0x5fad1973c828 in malloc (/home/georg/work/mariadb/cc_3.3/bld/tools/rpl_fuzzer+0x111828) (BuildId: 77fb88dc305567282e3dea63779fa8f6c7450324) #1 0x7ebd8139e1fe in ma_alloc_root /home/georg/work/mariadb/cc_3.3/libmariadb/ma_alloc.c:91:33 #2 0x7ebd813b35d8 in mariadb_rpl_fetch /home/georg/work/mariadb/cc_3.3/libmariadb/mariadb_rpl.c:1214:34 #3 0x5fad197809d8 in LLVMFuzzerTestOneInput /home/georg/work/mariadb/cc_3.3/tools/rpl_fuzzer.c:57:23 #4 0x5fad1967d3e9 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/home/georg/work/mariadb/cc_3.3/bld/tools/rpl_fuzzer+0x523e9) (BuildId: 77fb88dc305567282e3dea63779fa8f6c7450324) ==281643==ERROR: AddressSanitizer: negative-size-param: (size=-2) #0 0x5da4a8647bc2 in memset (/home/georg/work/mariadb/cc_3.3/bld/tools/rpl_fuzzer+0x10fbc2) (BuildId: 77fb88dc305567282e3dea63779fa8f6c7450324) #1 0x76ca423cfee5 in ma_calloc_root /home/georg/work/mariadb/cc_3.3/libmariadb/mariadb_rpl.c:246:5 #2 0x76ca423d3f66 in mariadb_rpl_fetch /home/georg/work/mariadb/cc_3.3/libmariadb/mariadb_rpl.c:2045:21 #3 0x5da4a868d9d8 in LLVMFuzzerTestOneInput /home/georg/work/mariadb/cc_3.3/tools/rpl_fuzzer.c:57:23 #4 0x5da4a858a3e9 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/home/georg/work/mariadb/cc_3.3/bld/tools/rpl_fuzzer+0x523e9) (BuildId: 77fb88dc305567282e3dea63779fa8f6c7450324) 0x7cae86516940 is located 64 bytes inside of 8168-byte region [0x7cae86516900,0x7cae865188e8) allocated by thread T0 here: #0 0x5ae7daa56828 in malloc (/home/georg/work/mariadb/cc_3.3/bld/tools/rpl_fuzzer+0x111828) (BuildId: 77fb88dc305567282e3dea63779fa8f6c7450324) #1 0x7e5e834ec1fe in ma_alloc_root /home/georg/work/mariadb/cc_3.3/libmariadb/ma_alloc.c:91:33 #2 0x7e5e835015d8 in mariadb_rpl_fetch /home/georg/work/mariadb/cc_3.3/libmariadb/mariadb_rpl.c:1214:34 #3 0x5ae7daa9a9d8 in LLVMFuzzerTestOneInput /home/georg/work/mariadb/cc_3.3/tools/rpl_fuzzer.c:57:23 #4 0x5ae7da9973e9 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/home/georg/work/mariadb/cc_3.3/bld/tools/rpl_fuzzer+0x523e9) (BuildId: 77fb88dc305567282e3dea63779fa8f6c7450324) =282226==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000001 (pc 0x77627738d3c5 bp 0x7fffb94e13c0 sp 0x7fffb94e0e98 T0) ==282226==The signal is caused by a READ memory access. ==282226==Hint: address points to the zero page. #0 0x77627738d3c5 in __strnlen_avx2 string/../sysdeps/x86_64/multiarch/strlen-avx2.S:76 #1 0x776277269839 in __printf_buffer stdio-common/vfprintf-process-arg.c:433:17 #2 0x77627728fd90 in __vsnprintf_internal libio/vsnprintf.c:96:3 #3 0x77627728fd90 in vsnprintf libio/vsnprintf.c:103:10 #4 0x56639ef95a27 in vsnprintf (/home/georg/work/mariadb/cc_3.3/bld/tools/rpl_fuzzer+0x95a27) (BuildId: 77fb88dc305567282e3dea63779fa8f6c7450324) #5 0x7762775b02a6 in rpl_set_error /home/georg/work/mariadb/cc_3.3/libmariadb/mariadb_rpl.c:134:3 #6 0x7762775b0894 in mariadb_rpl_extract_rows /home/georg/work/mariadb/cc_3.3/libmariadb/mariadb_rpl.c:359:5 #7 0x56639f0561dc in LLVMFuzzerTestOneInput /home/georg/work/mariadb/cc_3.3/tools/rpl_fuzzer.c:71:40 #8 0x56639ef523e9 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/home/georg/work/mariadb/cc_3.3/bld/tools/rpl_fuzzer+0x523e9) (BuildId: 77fb88dc305567282e3dea63779fa8f6c7450324) ==282374==ERROR: AddressSanitizer: negative-size-param: (size=-1) #0 0x62d2c72794f3 in memcpy (/home/georg/work/mariadb/cc_3.3/bld/tools/rpl_fuzzer+0x1104f3) (BuildId: 77fb88dc305567282e3dea63779fa8f6c7450324) #1 0x72b6f05b1feb in rpl_alloc_set_string_and_len /home/georg/work/mariadb/cc_3.3/libmariadb/mariadb_rpl.c:277:3 #2 0x72b6f05b1d24 in mariadb_rpl_extract_rows /home/georg/work/mariadb/cc_3.3/libmariadb/mariadb_rpl.c:760:15 #3 0x62d2c72bf1dc in LLVMFuzzerTestOneInput /home/georg/work/mariadb/cc_3.3/tools/rpl_fuzzer.c:71:40 #4 0x62d2c71bb3e9 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/home/georg/work/mariadb/cc_3.3/bld/tools/rpl_fuzzer+0x523e9) (BuildId: 77fb88dc305567282e3dea63779fa8f6c7450324) #5 0x62d2c71ba9f9 in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool, bool*) (/home/georg/work/mariadb/cc_3.3/bld/tools/rpl_fuzzer+0x519f9) (BuildId: 77fb88dc305567282e3dea63779fa8f6c7450324) #6 0x62d2c71bc3a9 in fuzzer::Fuzzer::MutateAndTestOne() (/home/georg/work/mariadb/cc_3.3/bld/tools/rpl_fuzzer+0x533a9) (BuildId: 77fb88dc305567282e3dea63779fa8f6c7450324) #7 0x62d2c71bcef5 in fuzzer::Fuzzer::Loop(std::vector>&) (/home/georg/work/mariadb/cc_3.3/bld/tools/rpl_fuzzer+0x53ef5) (BuildId: 77fb88dc305567282e3dea63779fa8f6c7450324) #8 0x62d2c71a950d in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/home/georg/work/mariadb/cc_3.3/bld/tools/rpl_fuzzer+0x4050d) (BuildId: 77fb88dc305567282e3dea63779fa8f6c7450324) #9 0x62d2c71d59c6 in main (/home/georg/work/mariadb/cc_3.3/bld/tools/rpl_fuzzer+0x6c9c6) (BuildId: 77fb88dc305567282e3dea63779fa8f6c7450324) #10 0x72b6f022a1c9 in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16 #11 0x72b6f022a28a in __libc_start_main csu/../csu/libc-start.c:360:3 #12 0x62d2c719dae4 in _start (/home/georg/work/mariadb/cc_3.3/bld/tools/rpl_fuzzer+0x34ae4) (BuildId: 77fb88dc305567282e3dea63779fa8f6c7450324) ==282915==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x71067a779ff9 bp 0x7ffdaa8bbc70 sp 0x7ffdaa8bbc40 T0) ==282915==The signal is caused by a WRITE memory access. ==282915==Hint: address points to the zero page. #0 0x71067a779ff9 in rpl_alloc_set_string_and_len /home/georg/work/mariadb/cc_3.3/libmariadb/mariadb_rpl.c:274:16 #1 0x71067a77dc6e in mariadb_rpl_fetch /home/georg/work/mariadb/cc_3.3/libmariadb/mariadb_rpl.c:1993:11 ==283463==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7fb5a33b1ff9 bp 0x7ffd4d35c070 sp 0x7ffd4d35c040 T0) ==283463==The signal is caused by a WRITE memory access. ==283463==Hint: address points to the zero page. #0 0x7fb5a33b1ff9 in rpl_alloc_set_string_and_len /home/georg/work/mariadb/cc_3.3/libmariadb/mariadb_rpl.c:274:16 #1 0x7fb5a33b5c6e in mariadb_rpl_fetch /home/georg/work/mariadb/cc_3.3/libmariadb/mariadb_rpl.c:1993:11 #2 0x6099ab4b99d8 in LLVMFuzzerTestOneInput /home/georg/work/mariadb/cc_3.3/tools/rpl_fuzzer.c:57:23 #3 0x6099ab3b63e9 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/home/georg/work/mariadb/cc_3.3/bld/tools/rpl_fuzzer+0x523e9) (BuildId: 77fb88dc305567282e3dea63779fa8f6c7450324) ==309845== ERROR: libFuzzer: deadly signal #0 0x63a776aab365 in __sanitizer_print_stack_trace (/home/georg/work/mariadb/cc_3.3/bld/tools/rpl_fuzzer+0x11d365) (BuildId: 77fb88dc305567282e3dea63779fa8f6c7450324) #1 0x63a7769f9e2c in fuzzer::PrintStackTrace() (/home/georg/work/mariadb/cc_3.3/bld/tools/rpl_fuzzer+0x6be2c) (BuildId: 77fb88dc305567282e3dea63779fa8f6c7450324) #2 0x63a7769dee37 in fuzzer::Fuzzer::CrashCallback() (/home/georg/work/mariadb/cc_3.3/bld/tools/rpl_fuzzer+0x50e37) (BuildId: 77fb88dc305567282e3dea63779fa8f6c7450324) #3 0x736f31a4532f (/lib/x86_64-linux-gnu/libc.so.6+0x4532f) (BuildId: 8e9fd827446c24067541ac5390e6f527fb5947bb) #4 0x736f31a9eb2b in __pthread_kill_implementation nptl/pthread_kill.c:43:17 #5 0x736f31a9eb2b in __pthread_kill_internal nptl/pthread_kill.c:78:10 #6 0x736f31a9eb2b in pthread_kill nptl/pthread_kill.c:89:10 #7 0x736f31a4527d in raise signal/../sysdeps/posix/raise.c:26:13 #8 0x736f31a288fe in abort stdlib/abort.c:79:7 #9 0x736f31a2881a in __assert_fail_base assert/assert.c:96:3 #10 0x736f31a3b516 in __assert_fail assert/assert.c:105:3 #11 0x736f3214a1fa in decimal2string /home/georg/work/mariadb/cc_3.3/libmariadb/ma_decimal.c:231:5 #12 0x736f321701c1 in mariadb_rpl_extract_rows /home/georg/work/mariadb/cc_3.3/libmariadb/mariadb_rpl.c:556:11 #13 0x63a776ae41dc in LLVMFuzzerTestOneInput /home/georg/work/mariadb/cc_3.3/tools/rpl_fuzzer.c:71:40 #14 0x63a7769e03e9 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/home/georg/work/mariadb/cc_3.3/bld/tools/rpl_fuzzer+0x523e9) (BuildId: 77fb88dc305567282e3dea63779fa8f6c7450324) ==339054== ERROR: libFuzzer: out-of-memory (malloc(2627509432)) To change the out-of-memory limit use -rss_limit_mb= #0 0x61877e821365 in __sanitizer_print_stack_trace (/home/georg/work/mariadb/cc_3.3/bld/tools/rpl_fuzzer+0x11e365) (BuildId: 0bddeff61d0c0864d2416a74a831d38a0bfa2ec9) #1 0x61877e76fe2c in fuzzer::PrintStackTrace() (/home/georg/work/mariadb/cc_3.3/bld/tools/rpl_fuzzer+0x6ce2c) (BuildId: 0bddeff61d0c0864d2416a74a831d38a0bfa2ec9) #2 0x61877e753b9a in fuzzer::Fuzzer::HandleMalloc(unsigned long) (/home/georg/work/mariadb/cc_3.3/bld/tools/rpl_fuzzer+0x50b9a) (BuildId: 0bddeff61d0c0864d2416a74a831d38a0bfa2ec9) #3 0x61877e753a9f in fuzzer::MallocHook(void const volatile*, unsigned long) (/home/georg/work/mariadb/cc_3.3/bld/tools/rpl_fuzzer+0x50a9f) (BuildId: 0bddeff61d0c0864d2416a74a831d38a0bfa2ec9) #4 0x61877e8292a6 in __sanitizer::RunMallocHooks(void*, unsigned long) (/home/georg/work/mariadb/cc_3.3/bld/tools/rpl_fuzzer+0x1262a6) (BuildId: 0bddeff61d0c0864d2416a74a831d38a0bfa2ec9) #5 0x61877e773d00 in __asan::Allocator::Allocate(unsigned long, unsigned long, __sanitizer::BufferedStackTrace*, __asan::AllocType, bool) (/home/georg/work/mariadb/cc_3.3/bld/tools/rpl_fuzzer+0x70d00) (BuildId: 0bddeff61d0c0864d2416a74a831d38a0bfa2ec9) #6 0x61877e7736c7 in __asan::asan_malloc(unsigned long, __sanitizer::BufferedStackTrace*) (/home/georg/work/mariadb/cc_3.3/bld/tools/rpl_fuzzer+0x706c7) (BuildId: 0bddeff61d0c0864d2416a74a831d38a0bfa2ec9) #7 0x61877e815888 in malloc (/home/georg/work/mariadb/cc_3.3/bld/tools/rpl_fuzzer+0x112888) (BuildId: 0bddeff61d0c0864d2416a74a831d38a0bfa2ec9) #8 0x7d35a49c11fe in ma_alloc_root /home/georg/work/mariadb/cc_3.3/libmariadb/ma_alloc.c:91:33 #9 0x7d35a49d4fcc in ma_calloc_root /home/georg/work/mariadb/cc_3.3/libmariadb/mariadb_rpl.c:245:11 #10 0x7d35a49d76c3 in mariadb_rpl_fetch /home/georg/work/mariadb/cc_3.3/libmariadb/mariadb_rpl.c:1542:54 #11 0x61877e859aff in LLVMFuzzerTestOneInput /home/georg/work/mariadb/cc_3.3/tools/rpl_fuzzer.c:61:23 #12 0x61877e7563e9 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/home/georg/work/mariadb/cc_3.3/bld/tools/rpl_fuzzer+0x533e9) (BuildId: 0bddeff61d0c0864d2416a74a831d38a0bfa ================================================================= ==340253==ERROR: LeakSanitizer: detected memory leaks Direct leak of 368 byte(s) in 1 object(s) allocated from: #0 0x616f69cfc828 in malloc (/home/georg/work/mariadb/cc_3.3/bld/tools/rpl_fuzzer+0x112828) (BuildId: 0bddeff61d0c0864d2416a74a831d38a0bfa2ec9) #1 0x7019d4a4b3fc in mariadb_rpl_fetch /home/georg/work/mariadb/cc_3.3/libmariadb/mariadb_rpl.c:1182:44 #2 0x616f69d40aff in LLVMFuzzerTestOneInput /home/georg/work/mariadb/cc_3.3/tools/rpl_fuzzer.c:61:23 #3 0x616f69c3d3e9 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/home/georg/work/mariadb/cc_3.3/bld/tools/rpl_fuzzer+0x533e9) (BuildId: 0bddeff61d0c0864d2416a74a831d38a0bfa2ec9) #4 0x616f69c3c9f9 in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool, bool*) (/home/georg/work/mariadb/cc_3.3/bld/tools/rpl_fuzzer+0x529f9) (BuildId: 0bddeff61d0c0864d2416a74a831d38a0bfa2ec9) #5 0x616f69c3e772 in fuzzer::Fuzzer::ReadAndExecuteSeedCorpora(std::vector>&) (/home/georg/work/mariadb/cc_3.3/bld/tools/rpl_fuzzer+0x54772) (BuildId: 0bddeff61d0c0864d2416a74a831d38a0bfa2ec9) #6 0x616f69c3ec90 in fuzzer::Fuzzer::Loop(std::vector>&) (/home/georg/work/mariadb/cc_3.3/bld/tools/rpl_fuzzer+0x54c90) (BuildId: 0bddeff61d0c0864d2416a74a831d38a0bfa2ec9) #7 0x616f69c2b50d in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/home/georg/work/mariadb/cc_3.3/bld/tools/rpl_fuzzer+0x4150d) (BuildId: 0bddeff61d0c0864d2416a74a831d38a0bfa2ec9) #8 0x616f69c579c6 in main (/home/georg/work/mariadb/cc_3.3/bld/tools/rpl_fuzzer+0x6d9c6) (BuildId: 0bddeff61d0c0864d2416a74a831d38a0bfa2ec9) #9 0x7019d422a1c9 in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16 #10 0x7019d422a28a in __libc_start_main csu/../csu/libc-start.c:360:3 #11 0x616f69c1fae4 in _start (/home/georg/work/mariadb/cc_3.3/bld/tools/rpl_fuzzer+0x35ae4) (BuildId: 0bddeff61d0c0864d2416a74a831d38a0bfa2ec9)