You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Compiler name and version number: Ubuntu clang 14.0.0
Description
Expected behavior: The code is running normally
Actual behavior: executing code crash, invalid parameters generated
Steps to reproduce
In test_invdyn_kinematics.cpp, if the value of level is greater than or equal to 31, In the DillCreator constructor, BT_ID_POW(2, level) will exceed the maximum value of the int type (2147483647). Therefore, when you assign this value to m_num_bodies, it may cause an overflow and produce a negative value.
#include <cmath>
#include <cstdio>
#include <cstdlib>
#include <iostream>
#include <gtest/gtest.h>
#include "../Extras/InverseDynamics/CoilCreator.hpp"
#include "../Extras/InverseDynamics/DillCreator.hpp"
#include "../Extras/InverseDynamics/SimpleTreeCreator.hpp"
#include "BulletInverseDynamics/MultiBodyTree.hpp"
using namespace btInverseDynamics;
const int kLevel = 31;
const int kNumBodies = BT_ID_POW(2, kLevel);
TEST(InvDynKinematicsDifferentiation, errorAbsolute)
{
//CAVEAT:these values are hand-tuned to work for the specific trajectory defined above.
#ifdef BT_ID_USE_DOUBLE_PRECISION
const idScalar kDeltaT = 1e-7;
const idScalar kAcceptableError = 1e-4;
#else
const idScalar kDeltaT = 1e-4;
const idScalar kAcceptableError = 5e-3;
#endif
const idScalar kDuration = 0.01;
DillCreator dill_creator(kLevel);
}
Output
Here is what the output shows:
INFO: Seed: 618122775
INFO: Loaded 1 modules (11817 inline 8-bit counters): 11817 [0x966728, 0x969551),
INFO: Loaded 1 PC tables (11817 PCs): 11817 [0x891458,0x8bf6e8),
INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 4096 bytes
INFO: A corpus is not provided, starting from an empty corpus
#2 INITED cov: 787 ft: 788 corp: 1/1b exec/s: 0 rss: 34Mb
b3Error[/root/UTopia/exp/bullet3/Extras/InverseDynamics/DillCreator.cpp,86]:
invalid body parameter (0, num_bodies: -2147483648)
b3Error[/root/UTopia/exp/bullet3/Extras/InverseDynamics/DillCreator.cpp,37]:
recurseDill failed
==2406814== ERROR: libFuzzer: deadly signal
#0 0x5e0e11 in __sanitizer_print_stack_trace (/root/UTopia/exp/bullet3/output/fuzzers/InvDynKinematicsDifferentiation_errorAbsolute_Test+0x5e0e11)
#1 0x52bf78 in fuzzer::PrintStackTrace() (/root/UTopia/exp/bullet3/output/fuzzers/InvDynKinematicsDifferentiation_errorAbsolute_Test+0x52bf78)
#2 0x5110c3 in fuzzer::Fuzzer::CrashCallback() (/root/UTopia/exp/bullet3/output/fuzzers/InvDynKinematicsDifferentiation_errorAbsolute_Test+0x5110c3)
#3 0x732986a7541f (/lib/x86_64-linux-gnu/libpthread.so.0+0x1441f)
#4 0x73298673600a in raise (/lib/x86_64-linux-gnu/libc.so.6+0x4300a)
#5 0x732986715858 in abort (/lib/x86_64-linux-gnu/libc.so.6+0x22858)
#6 0x626f2a in btInverseDynamicsBullet3::DillCreator::DillCreator(int) /root/UTopia/exp/bullet3/Extras/InverseDynamics/DillCreator.cpp:38:3
#7 0x60f91f in InvDynKinematicsDifferentiation_errorAbsolute_Test::TestBody() /root/UTopia/exp/bullet3/test/InverseDynamics/test_invdyn_kinematics.cpp:346:14
#8 0x6131d5 in enterAutofuzz::AutofuzzTest::runTest() /root/UTopia/exp/bullet3/test/InverseDynamics/test_invdyn_kinematics.cpp:457:9
#9 0x612dc2 in enterAutofuzz /root/UTopia/exp/bullet3/test/InverseDynamics/test_invdyn_kinematics.cpp:468:10
#10 0x73614c in TestOneProtoInput(AutoFuzz::FuzzArgsProfile const&) /root/UTopia/exp/bullet3/test/InverseDynamics/fuzz_entry.cc:45:3
#11 0x735fb4 in LLVMFuzzerTestOneInput /root/UTopia/exp/bullet3/test/InverseDynamics/fuzz_entry.cc:38:1
#12 0x512781 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/root/UTopia/exp/bullet3/output/fuzzers/InvDynKinematicsDifferentiation_errorAbsolute_Test+0x512781)
#13 0x511ec5 in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool*) (/root/UTopia/exp/bullet3/output/fuzzers/InvDynKinematicsDifferentiation_errorAbsolute_Test+0x511ec5)
#14 0x514167 in fuzzer::Fuzzer::MutateAndTestOne() (/root/UTopia/exp/bullet3/output/fuzzers/InvDynKinematicsDifferentiation_errorAbsolute_Test+0x514167)
#15 0x514e65 in fuzzer::Fuzzer::Loop(std::__Fuzzer::vector<fuzzer::SizedFile, fuzzer::fuzzer_allocator<fuzzer::SizedFile> >&) (/root/UTopia/exp/bullet3/output/fuzzers/InvDynKinematicsDifferentiation_errorAbsolute_Test+0x514e65)
#16 0x50381e in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/root/UTopia/exp/bullet3/output/fuzzers/InvDynKinematicsDifferentiation_errorAbsolute_Test+0x50381e)
#17 0x52c662 in main (/root/UTopia/exp/bullet3/output/fuzzers/InvDynKinematicsDifferentiation_errorAbsolute_Test+0x52c662)
#18 0x732986717082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082)
#19 0x4d859d in _start (/root/UTopia/exp/bullet3/output/fuzzers/InvDynKinematicsDifferentiation_errorAbsolute_Test+0x4d859d)
NOTE: libFuzzer has rudimentary signal handlers.
Combine libFuzzer with AddressSanitizer or similar for better crash reports.
SUMMARY: libFuzzer: deadly signal
MS: 2 ChangeByte-Custom-; base unit: adc83b19e793491b1c6ea0fd8b46cd9f32e592fc
0x66,0x75,0x7a,0x7a,0x76,0x61,0x72,0x36,0x3a,0x20,0x35,0x38,0xa,
fuzzvar6: 58\x0a
artifact_prefix='./'; Test unit written to ./crash-c8369d99e3d271abeb43e3e3a26989981a36c0fd
Base64: ZnV6enZhcjY6IDU4Cg==
The text was updated successfully, but these errors were encountered:
Bug Report
Environment
Description
Steps to reproduce
In test_invdyn_kinematics.cpp, if the value of level is greater than or equal to 31, In the DillCreator constructor, BT_ID_POW(2, level) will exceed the maximum value of the int type (2147483647). Therefore, when you assign this value to m_num_bodies, it may cause an overflow and produce a negative value.
Output
Here is what the output shows:
The text was updated successfully, but these errors were encountered: