<div dir="ltr">In IEEE754 arithmetic, division by zero results in +/- infinity, not by a crash.<div><br></div><div>Hence, crashes are only expected if dividing by integer zero, as demonstrated below:</div><div><br></div><div><font face="monospace, monospace">$ cat IEEE754_division_by_zero.c</font></div><div><div><font face="monospace, monospace"><br></font></div><div><font face="monospace, monospace">#include <stdio.h></font></div><div><font face="monospace, monospace"><br></font></div><div><font face="monospace, monospace">int main (void) {</font></div><div><font face="monospace, monospace"><span style="white-space:pre"> </span>double dresult, dzero = 0, dten = 10;</font></div><div><font face="monospace, monospace"> int iresult, izero = 0, iten = 10;</font></div><div><span class="gmail-Apple-tab-span" style="white-space:pre"><font face="monospace, monospace"> </font></span></div><div><font face="monospace, monospace"><span style="white-space:pre"> </span>puts ("Dividing by double zero");</font></div><div><font face="monospace, monospace"><span style="white-space:pre"> </span>dresult = dten / dzero;</font></div><div><font face="monospace, monospace"><span style="white-space:pre"> </span>printf ("dresult = %g\n", dresult);</font></div><div><span class="gmail-Apple-tab-span" style="white-space:pre"><font face="monospace, monospace"> </font></span></div><div><font face="monospace, monospace"><span style="white-space:pre"> </span>puts ("Dividing by integer zero");</font></div><div><font face="monospace, monospace"><span style="white-space:pre"> </span>iresult = iten / izero;</font></div><div><font face="monospace, monospace"><span style="white-space:pre"> </span>printf ("iresult = %d\n", iresult);</font></div><div><span style="font-family:monospace,monospace">}</span><br></div></div><div><br></div><div><div><font face="monospace, monospace">$ gcc ieee754division_by_zero.c <br></font></div><div><font face="monospace, monospace">$ a <br></font></div><div><font face="monospace, monospace">Dividing by double zero </font></div><div><font face="monospace, monospace">dresult = 1.#INF </font></div><div><font face="monospace, monospace">Dividing by integer zero </font></div><div><font face="monospace, monospace"><br></font></div></div><div><font face="monospace, monospace">$</font></div></div><div class="gmail_extra"><br><div class="gmail_quote">2017-05-23 12:50 GMT+02:00 Kristian Evers <span dir="ltr"><<a href="mailto:kreve@sdfe.dk" target="_blank">kreve@sdfe.dk</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div lang="DA" link="blue" vlink="purple">
<div class="m_-9192640025659684942WordSection1">
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">Even,<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u> <u></u></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">Windows is what I have on hand at work, so there’s that… I am sure everything is a lot smoother on Linux. I’ll try a bit more on windows and see
if it is usable or not. I might modify the code slightly if my effort turn out successful.<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u> <u></u></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">I was specifically looking at one of the Division by zero errors (1801) and expected a proper crash, but as you have experienced with GDAL, nothing
really happened. Better testing and rejection of input values are definitely a good place to start.<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u> <u></u></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">How is the fuzzer generating the input values? Completely at random, or does it somehow get help with setting up the proj-strings?<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u> <u></u></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">/Kristian<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u> <u></u></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u> <u></u></span></p>
<div>
<div style="border:none;border-top:solid #b5c4df 1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">Fra:</span></b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> <a href="mailto:proj-bounces@lists.maptools.org" target="_blank">proj-bounces@lists.maptools.<wbr>org</a> [mailto:<a href="mailto:proj-bounces@lists.maptools.org" target="_blank">proj-bounces@lists.<wbr>maptools.org</a>]
<b>På vegne af </b>Even Rouault<br>
<b>Sendt:</b> 23. maj 2017 11:56<span class=""><br>
<b>Til:</b> <a href="mailto:proj@lists.maptools.org" target="_blank">proj@lists.maptools.org</a><br>
<b>Emne:</b> Re: [Proj] Submitting proj.4 to Google OSS Fuzz ?<u></u><u></u></span></span></p>
</div>
</div>
<p class="MsoNormal"><u></u> <u></u></p>
<p style="margin:0cm;margin-bottom:.0001pt"><span style="font-size:9.0pt;font-family:"Sans Serif","serif"">On mardi 23 mai 2017 11:29:01 CEST Even Rouault wrote:<u></u><u></u></span></p><div><div class="h5">
<p style="margin:0cm;margin-bottom:.0001pt"><span style="font-size:9.0pt;font-family:"Sans Serif","serif"">> On mardi 23 mai 2017 08:49:29 CEST Kristian Evers wrote:<u></u><u></u></span></p>
<p style="margin:0cm;margin-bottom:.0001pt"><span style="font-size:9.0pt;font-family:"Sans Serif","serif"">> > Even,<u></u><u></u></span></p>
<p style="margin:0cm;margin-bottom:.0001pt"><span style="font-size:9.0pt;font-family:"Sans Serif","serif"">> >
<u></u><u></u></span></p>
<p style="margin:0cm;margin-bottom:.0001pt"><span style="font-size:9.0pt;font-family:"Sans Serif","serif"">> > Good news, indeed. And a bunch of bugs has already been found!<u></u><u></u></span></p>
<p style="margin:0cm;margin-bottom:.0001pt"><span style="font-size:9.0pt;font-family:"Sans Serif","serif"">> >
<u></u><u></u></span></p>
<p style="margin:0cm;margin-bottom:.0001pt"><span style="font-size:9.0pt;font-family:"Sans Serif","serif"">> > I am trying to reproduce them on my own system and struggling a bit on<u></u><u></u></span></p>
<p style="margin:0cm;margin-bottom:.0001pt"><span style="font-size:9.0pt;font-family:"Sans Serif","serif"">> > how. If I<u></u><u></u></span></p>
<p style="margin:0cm;margin-bottom:.0001pt"><span style="font-size:9.0pt;font-family:"Sans Serif","serif"">> understand correctly I am supposed to compile the fuzzing target like so:<u></u><u></u></span></p>
<p style="margin:0cm;margin-bottom:.0001pt"><span style="font-size:9.0pt;font-family:"Sans Serif","serif"">> > > g++ -g -std=c++11 standard_fuzzer.cpp -o standard_fuzzer -DSTANDALONE<u></u><u></u></span></p>
<p style="margin:0cm;margin-bottom:.0001pt"><span style="font-size:9.0pt;font-family:"Sans Serif","serif"">> > > ../../src/.libs/libproj.a -lpthread<u></u><u></u></span></p>
<p style="margin:0cm;margin-bottom:.0001pt"><span style="font-size:9.0pt;font-family:"Sans Serif","serif"">> >
<u></u><u></u></span></p>
<p style="margin:0cm;margin-bottom:.0001pt"><span style="font-size:9.0pt;font-family:"Sans Serif","serif"">> > And then run the executable with the reproducer testcase file from<u></u><u></u></span></p>
<p style="margin:0cm;margin-bottom:.0001pt"><span style="font-size:9.0pt;font-family:"Sans Serif","serif"">> > OSS-Fuzz. After a bit of modification I got the standard_fuzzer working<u></u><u></u></span></p>
<p style="margin:0cm;margin-bottom:.0001pt"><span style="font-size:9.0pt;font-family:"Sans Serif","serif"">> > on my system (win7+mingw), but I don't know how to interpret the output<u></u><u></u></span></p>
<p style="margin:0cm;margin-bottom:.0001pt"><span style="font-size:9.0pt;font-family:"Sans Serif","serif"">> > when I run the program against the testcase. Everything seem to exit<u></u><u></u></span></p>
<p style="margin:0cm;margin-bottom:.0001pt"><span style="font-size:9.0pt;font-family:"Sans Serif","serif"">> > gracefully with return code 0. Is this normal or should I expect the<u></u><u></u></span></p>
<p style="margin:0cm;margin-bottom:.0001pt"><span style="font-size:9.0pt;font-family:"Sans Serif","serif"">> > program to crash in a noisy way?<u></u><u></u></span></p>
<p style="margin:0cm;margin-bottom:.0001pt"><span style="font-size:9.0pt;font-family:"Sans Serif","serif"">>
<u></u><u></u></span></p>
<p style="margin:0cm;margin-bottom:.0001pt"><span style="font-size:9.0pt;font-family:"Sans Serif","serif"">> Kristian,<u></u><u></u></span></p>
<p style="margin:0cm;margin-bottom:.0001pt"><span style="font-size:9.0pt;font-family:"Sans Serif","serif"">>
<u></u><u></u></span></p>
<p style="margin:0cm;margin-bottom:.0001pt"><span style="font-size:9.0pt;font-family:"Sans Serif","serif"">> You may get obvious crashes in some cases, but some errors are memory leaks<u></u><u></u></span></p>
<p style="margin:0cm;margin-bottom:.0001pt"><span style="font-size:9.0pt;font-family:"Sans Serif","serif"">> or more subtle memory misuses that will generally not result in a crash. I<u></u><u></u></span></p>
<p style="margin:0cm;margin-bottom:.0001pt"><span style="font-size:9.0pt;font-family:"Sans Serif","serif"">> wouldn't use Windows to debug that (or perhaps with DrMemory ?) , but<u></u><u></u></span></p>
<p style="margin:0cm;margin-bottom:.0001pt"><span style="font-size:9.0pt;font-family:"Sans Serif","serif"">> rather Linux + Valgrind Or try building with -fsanitize=address,undefined<u></u><u></u></span></p>
<p style="margin:0cm;margin-bottom:.0001pt"><span style="font-size:9.0pt;font-family:"Sans Serif","serif"">> in CFLAGS and LDFLAGS (that's what OSS Fuzz uses to detect issues) if they<u></u><u></u></span></p>
<p style="margin:0cm;margin-bottom:.0001pt"><span style="font-size:9.0pt;font-family:"Sans Serif","serif"">> are supported on mingw<u></u><u></u></span></p>
<p style="margin:0cm;margin-bottom:.0001pt">
<span style="font-size:9.0pt;font-family:"Sans Serif","serif""> <u></u><u></u></span></p>
<p style="margin:0cm;margin-bottom:.0001pt"><span style="font-size:9.0pt;font-family:"Sans Serif","serif"">I see a number of division by zero issues are reported. From my experience now with GDAL and OSS Fuzz, a number of
them will not cause runtime crash. For example, when it is a floating point division by zero (contrary to integer division by zero which lead to crash). Apparently -fsanitize=undefined considers this as undefined behaviour.<u></u><u></u></span></p>
<p style="margin:0cm;margin-bottom:.0001pt"><span style="font-size:9.0pt;font-family:"Sans Serif","serif"">I haven't looked at the details of the issues but perhaps we lack some validation of parameters and should probably
refuse crazy values at pj_init() time (although I can see some validation done in pj_ell_set). More generally we should try to validate what we can at initialization time rather than in the forward or reverse methods of projections.<u></u><u></u></span></p>
<p style="margin:0cm;margin-bottom:.0001pt">
<span style="font-size:9.0pt;font-family:"Sans Serif","serif""> <u></u><u></u></span></p>
<p style="margin:0cm;margin-bottom:.0001pt"><span lang="EN-US" style="font-size:9.0pt;font-family:"Sans Serif","serif"">More generally I'd expect we have a lack of rubustness regarding those rather pedantic undefined behaviour
warnings when feeding infinity, NaN and other such inputs either in proj.4 string or in coordinates (but given the way the fuzzer likely works, I don't think it is likely to try feeding "nan" or "inf" strings in the fuzzed input since nothing in the code compares
against those strings. </span><span style="font-size:9.0pt;font-family:"Sans Serif","serif"">Perhas they should be added in a dictionary to make them more likely if we want to test for that)<u></u><u></u></span></p>
<p style="margin:0cm;margin-bottom:.0001pt"><span style="font-size:9.0pt;font-family:"Sans Serif","serif"">It is also possible to whitelist / blacklist the type of sanitizers we want to use.<u></u><u></u></span></p>
<p style="margin:0cm;margin-bottom:.0001pt"><span style="font-size:9.0pt;font-family:"Sans Serif","serif"">See the 'sanitizers' attribute of the project.yaml file:
<a href="https://github.com/google/oss-fuzz/blob/master/docs/new_project_guide.md" target="_blank">
https://github.com/google/oss-<wbr>fuzz/blob/master/docs/new_<wbr>project_guide.md</a><u></u><u></u></span></p>
<p style="margin:0cm;margin-bottom:.0001pt">
<span style="font-size:9.0pt;font-family:"Sans Serif","serif""> <u></u><u></u></span></p>
<p style="margin:0cm;margin-bottom:.0001pt"><span style="font-size:9.0pt;font-family:"Sans Serif","serif"">Even<u></u><u></u></span></p>
<p style="margin:0cm;margin-bottom:.0001pt">
<span style="font-size:9.0pt;font-family:"Sans Serif","serif""> <u></u><u></u></span></p>
<p style="margin:0cm;margin-bottom:.0001pt">
<span style="font-size:9.0pt;font-family:"Sans Serif","serif""> <u></u><u></u></span></p>
<p style="margin:0cm;margin-bottom:.0001pt"><span style="font-size:9.0pt;font-family:"Sans Serif","serif"">--
<u></u><u></u></span></p>
<p style="margin:0cm;margin-bottom:.0001pt"><span style="font-size:9.0pt;font-family:"Sans Serif","serif"">Spatialys - Geospatial professional services<u></u><u></u></span></p>
<p style="margin:0cm;margin-bottom:.0001pt"><span style="font-size:9.0pt;font-family:"Sans Serif","serif""><a href="http://www.spatialys.com" target="_blank">http://www.spatialys.com</a><u></u><u></u></span></p>
</div></div></div>
</div>
<br>______________________________<wbr>_________________<br>
Proj mailing list<br>
<a href="mailto:Proj@lists.maptools.org">Proj@lists.maptools.org</a><br>
<a href="http://lists.maptools.org/mailman/listinfo/proj" rel="noreferrer" target="_blank">http://lists.maptools.org/<wbr>mailman/listinfo/proj</a><br></blockquote></div><br></div>