Created attachment 17969 [details] test case This is an OSS-fuzz result that we let fall through to public disclosure. The test case is not public, so we're treating it as semi-embargoed still. UndefinedBehaviorSanitizer:DEADLYSIGNAL ==18871==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x56c4c3c2e000 (pc 0x7d5d99099b41 bp 0x7ffea63b5920 sp 0x7ffea63b58d8 T18871) ==18871==The signal is caused by a WRITE memory access. #0 0x7d5d99099b41 in memset-vec-unaligned-erms.S:151 /build/glibc-SzIz7B/glibc-2.31/sysdeps/x86_64/multiarch/memset-vec-unaligned-erms.S:151 #1 0x56c4c15d0852 in ndr_push_zero samba/librpc/ndr/ndr_basic.c:772:2 #2 0x56c4c157ddd2 in ndr_pull_compression_xpress_huff_raw_chunk samba/librpc/ndr/ndr_compression.c:734:2 #3 0x56c4c157ddd2 in ndr_pull_compression_start samba/librpc/ndr/ndr_compression.c:857:3 #4 0x56c4c156ebaa in ndr_pull_CLAIMS_SET_METADATA samba/bin/default/librpc/gen_ndr/ndr_claims.c:1149:6 #5 0x56c4c14e190b in LLVMFuzzerTestOneInput samba/bin/default/lib/fuzzing/fuzz_ndr_claims_TYPE_STRUCT.c:276:13 #6 0x56c4c14228e3 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:611:15 #7 0x56c4c140e042 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:324:6 #8 0x56c4c14138ec in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:860:9 #9 0x56c4c143ce22 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 #10 0x7d5d98f32082 in __libc_start_main /build/glibc-SzIz7B/glibc-2.31/csu/libc-start.c:308:16 #11 0x56c4c140420d in _start
This bug was referenced in samba master: 47b6696dcdfe7c5cb6e58ac6586ba45d39c39cc6
Verified as fixed in https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=57728#c4