We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
I just did a git pull and a fresh build of MsQuic on Win-10 using MSVC's cl ver. 19.39.33428 for x64.
git pull
cl
Running bin\Release\recvfuzz.exe, prints:
bin\Release\recvfuzz.exe
Using seed value: 1968512925 Remote address: 127.0.0.1:9999 Failed to create sec config!
Then WinDbg kicks in; some modules and the offending instruction:
... ModLoad: 00007ffe`b5030000 00007ffe`b50c8000 C:\Windows\system32\schannel.DLL ModLoad: 00007ffe`97280000 00007ffe`97295000 C:\Windows\SYSTEM32\mskeyprotect.dll (4494.27e0): Access violation - code c0000005 (!!! second chance !!!) recvfuzz!CxPlatTlsInitialize+0x3d: 00007ff7`008aab6d 8b4810 mov ecx,dword ptr [rax+10h] ds:00000000`00000010=????????
Call-stack:
recvfuzz!CxPlatTlsInitialize(struct CXPLAT_TLS_CONFIG * Config = 0x000000c6`bdafcd60, struct CXPLAT_TLS_PROCESS_STATE * State = 0x000000c6`bdafdf30, struct CXPLAT_TLS ** NewTlsContext = 0x000000c6`bdafdf20)+0x3d recvfuzz!TlsContext::TlsContext(void)+0x213 recvfuzz!WriteInitialCryptoFrame(unsigned short * Offset = 0x000000c6`bdafe158, unsigned short BufferLength = 0x1000, unsigned char * Buffer = 0x000000c6`bdafe270 "H???")+0x30 recvfuzz!WriteClientInitialPacket(unsigned int PacketNumber = 0x34c, unsigned char CidLength = 0x08 '', unsigned short BufferLength = 0, unsigned char * Buffer = 0x000000c6`bdaff360 "", unsigned short * PacketLength = 0x000000c6`bdaff2f4, unsigned short * HeaderLength = 0x000000c6`bdaff2f0)+0x9c recvfuzz!buildInitialPacket(struct CXPLAT_SOCKET * Binding = 0x0000028c`ccf84890, struct CXPLAT_ROUTE * Route = 0x000000c6`bdaff5f0, int64 * PacketCount = 0x000000c6`bdaff658, int64 * TotalByteCount = 0x000000c6`bdaff660, bool fuzzing = true)+0x16b recvfuzz!fuzz(struct CXPLAT_SOCKET * Binding = 0x0000028c`ccf84890, struct CXPLAT_ROUTE * Route = 0x000000c6`bdaff6d0)+0x18a recvfuzz!start(void)+0x547 recvfuzz!main(int argc = 0n1, char ** argv = 0x0000028c`cae7f858)+0x124 recvfuzz!invoke_main(void)+0x22 recvfuzz!__scrt_common_main_seh(void)+0x10c KERNEL32!BaseThreadInitThunk+0x14 ntdll!RtlUserThreadStart+0x21
Root-cause; since in src/platform/tls_schannel.c (line 1542):
src/platform/tls_schannel.c
if (Config->IsServer != !(Config->SecConfig->Flags & QUIC_CREDENTIAL_FLAG_CLIENT)) { // ^__ this is NULL!! ... }
Where/how should the Config->SecConfig value be set?
Config->SecConfig
Win 10. Build 19045, version 22H2 (OS-build 19045.3996).
main
Run recvfuzz.exe with no parameters. Seems it doesn't matter.
recvfuzz.exe
Not crash. Duh!
See above.
Not really.
The text was updated successfully, but these errors were encountered:
Did you run our prepare-machine.ps1 script first?
prepare-machine.ps1
Sorry, something went wrong.
Yes; pwsh scripts\prepare-machine.ps1 -ForTest
pwsh scripts\prepare-machine.ps1 -ForTest
We haven't testing this out much on OpenSSL yet. Did you figure anything out here?
No branches or pull requests
Describe the bug
I just did a
git pull
and a fresh build of MsQuic on Win-10 using MSVC'scl
ver. 19.39.33428 for x64.Running
bin\Release\recvfuzz.exe
, prints:Then WinDbg kicks in; some modules and the offending instruction:
Call-stack:
Root-cause; since in
src/platform/tls_schannel.c
(line 1542):Where/how should the
Config->SecConfig
value be set?Affected OS
Additional OS information
Win 10. Build 19045, version 22H2 (OS-build 19045.3996).
MsQuic version
main
Steps taken to reproduce bug
Run
recvfuzz.exe
with no parameters. Seems it doesn't matter.Expected behavior
Not crash. Duh!
Actual outcome
See above.
Additional details
Not really.
The text was updated successfully, but these errors were encountered: