Bug 66637 - SEGV in apr_dbm_exists
Summary: SEGV in apr_dbm_exists
Status: NEW
Alias: None
Product: Apache httpd-2
Classification: Unclassified
Component: mod_authn_dbm (show other bugs)
Version: 2.4.54
Hardware: PC Linux
: P2 normal (vote)
Target Milestone: ---
Assignee: Apache HTTPD Bugs Mailing List
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2023-06-09 09:58 UTC by sihan2021
Modified: 2023-06-09 09:58 UTC (History)
0 users


Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description sihan2021 2023-06-09 09:58:22 UTC 
Hello, Httpd developers! We recently ran some fuzz testing on htdbm 2.4.54 and encountered a SEGV bug. 

## Command To Reproduce the bug:
./htdbm -nx-B

## Environment
- OS: Ubuntu 20.04
- gcc 9.4.0
- htdbm 2.4.54

## ASAN Report 
=================================================================
==957573==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000020 (pc 0x7f807ea42304 bp 0x7fffb70745b0 sp 0x7fffb7074458 T0)
==957573==The signal is caused by a READ memory access.
==957573==Hint: address points to the zero page.
    #0 0x7f807ea42304 in apr_dbm_exists (/lib/x86_64-linux-gnu/libaprutil-1.so.0+0x14304)
    #1 0x4cf224 in htdbm_del /home/root/sp/Dataset/Httpd/httpd_aflpp/support/htdbm.c:184:10
    #2 0x4cd605 in main /home/root/sp/Dataset/Httpd/httpd_aflpp/support/htdbm.c:436:17
    #3 0x7f807e64d082 in __libc_start_main /build/glibc-SzIz7B/glibc-2.31/csu/../csu/libc-start.c:308:16
    #4 0x41d58d in _start (/home/root/sp/Dataset/Httpd/httpd_aflpp/install/bin/htdbm+0x41d58d)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV (/lib/x86_64-linux-gnu/libaprutil-1.so.0+0x14304) in apr_dbm_exists
==957573==ABORTING

Many Thanks.