Hi! We've been fuzzing nodejs using sydr-fuzz and targets for https://github.com/ispras/oss-sydr-fuzz made by @stasos24.

Work environment

OS: Ubuntu 20.04
nodejs version: v16.x 7051ba4

Bug description

Dereference near null in deps/icu-small/source/i18n/dtptngen.cpp:388:31.

Steps to reproduce

1. Build docker container from https://github.com/ispras/oss-sydr-fuzz/tree/master/projects/nodejs:

    sudo docker build -t oss-sydr-fuzz-nodejs .
   

2. Run docker container:

    sudo docker run --privileged --network host -v /etc/localtime:/etc/localtime:ro --rm -it -v $PWD:/fuzz oss-sydr-fuzz-nodejs /bin/bash
   

3. Execute sanitizers built target with input that leads to crash (crash-c3fbe25a7f8f3d8aced6fa547461bd5b6b4b3df8.txt
   ):

    /v8_compile_afl < crash-c3fbe25a7f8f3d8aced6fa547461bd5b6b4b3df8.txt
   

4. You will see the following ouput:

    AddressSanitizer:DEADLYSIGNAL
    =================================================================
    ==51==ERROR: AddressSanitizer: SEGV on unknown address 0x0000000012b8 (pc 0x0000037a5979 bp 0x7ffe4cefe1e0 sp 0x7ffe4cefe190 T0)
    ==51==The signal is caused by a READ memory access.
       #0 0x37a5979 in icu_71::DateTimePatternGenerator::operator=(icu_71::DateTimePatternGenerator const&) /node_afl/out/../deps/icu-small/source/i18n/dtptngen.cpp:388:31
       #1 0x37cdeec in icu_71::DateTimePatternGenerator::clone() const /node_afl/out/../deps/icu-small/source/i18n/dtptngen.cpp:1960:16
       #2 0x2ea2055 in v8::internal::(anonymous namespace)::DateTimePatternGeneratorCache::CreateGenerator(icu_71::Locale const&) /node_afl/out/../deps/v8/src/objects/js-date-time-format.cc:1458:23
       #3 0x2e9c5a1 in v8::internal::JSDateTimeFormat::New(v8::internal::Isolate*, v8::internal::Handle<v8::internal::Map>, v8::internal::Handle<v8::internal::Object>, v8::internal::Handle<v8::internal::Object>, char const*) /node_afl/out/../deps/v8/src/objects/js-date-time-format.cc:1603:34
       #4 0x2d3e5fc in v8::internal::Object v8::internal::(anonymous namespace)::LegacyFormatConstructor<v8::internal::JSDateTimeFormat>(v8::internal::BuiltinArguments, v8::internal::Isolate*, v8::Isolate::UseCounterFeature, v8::internal::Handle<v8::internal::Object>, char const*) /node_afl/out/../deps/v8/src/builtins/builtins-intl.cc:278:3
       #5 0x2d3e5fc in v8::internal::Builtin_Impl_DateTimeFormatConstructor(v8::internal::BuiltinArguments, v8::internal::Isolate*) /node_afl/out/../deps/v8/src/builtins/builtins-intl.cc:515:10
       #6 0x2d3e5fc in v8::internal::Builtin_DateTimeFormatConstructor(int, unsigned long*, v8::internal::Isolate*) /node_afl/out/../deps/v8/src/builtins/builtins-intl.cc:512:1
       #7 0x1c04898 in Builtins_CEntry_Return1_DontSaveFPRegs_ArgvOnStack_BuiltinExit out/Release/obj.target/v8_snapshot/geni/embedded.o
   
    AddressSanitizer can not provide additional info.
    SUMMARY: AddressSanitizer: SEGV /node_afl/out/../deps/icu-small/source/i18n/dtptngen.cpp:388:31 in icu_71::DateTimePatternGenerator::operator=(icu_71::DateTimePatternGenerator const&)
     ==51==ABORTING