Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-88820

Undefined behavior in QDateTime::fromString

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: P2: Important
    • Resolution: Done
    • Affects Version/s: 5.15.2
    • Fix Version/s: 6.0.1
    • Component/s: Core: Date/Time
    • Environment:
      Ubuntu 20.04 LTS 64 bit

      Description

      1. Configure Qt with:
        -sanitize fuzzer-no-link -sanitize undefined
        
      2. Build Qt.
      3. Use this Qt build to build your fuzz target for QDateTime.
      4. Let it run on the attached input file.
        ./fromstring input
        

        You will see output like:

        INFO: Seed: 1937882766
        INFO: Loaded 1 modules   (251117 inline 8-bit counters): 251117 [0x13a1e28, 0x13df315), 
        INFO: Loaded 1 PC tables (251117 PCs): 251117 [0x13df318,0x17b41e8), 
        ./fromstring: Running 1 inputs 1 time(s) each.
        Running: freshcorpus/039ae44bd8458eef04527ce989e0d427d7cb9248
        /home/qtrob/dev/src/qt-5.15.2-base_svg/qtbase/src/corelib/time/qcalendarmath_p.h:68:13: runtime error: signed integer overflow: -9223372036854775808 - 6 cannot be represented in type 'long long'
        SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /home/qtrob/dev/src/qt-5.15.2-base_svg/qtbase/src/corelib/time/qcalendarmath_p.h:68:13 in 
        /home/qtrob/dev/src/qt-5.15.2-base_svg/qtbase/src/corelib/time/qcalendarmath_p.h:71:12: runtime error: signed integer overflow: -9223372036854775808 - 9223372036854775800 cannot be represented in type 'long long'
        SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /home/qtrob/dev/src/qt-5.15.2-base_svg/qtbase/src/corelib/time/qcalendarmath_p.h:71:12 in 
        Executed freshcorpus/039ae44bd8458eef04527ce989e0d427d7cb9248 in 7 ms
        ***
        *** NOTE: fuzzing was not performed, you have only
        ***       executed the target code on a fixed set of inputs.
        ***
        

        Attachments

        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

          Activity

            People

            Assignee:
            andreasbuhr Andreas Buhr
            Reporter:
            rlohning Robert Löhning
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:

                Gerrit Reviews

                There are no open Gerrit changes