Issue 45619 in oss-fuzz: elfutils:fuzz-elf-get-sections: Misaligned-address in elf_cvt_Verdef
Status: New Owner: CC: elfut...@sourceware.org, evv...@gmail.com, izz...@google.com Labels: ClusterFuzz Reproducible Stability-UndefinedBehaviorSanitizer Engine-libfuzzer OS-Linux Proj-elfutils Reported-2022-03-16 Type: Bug New issue 45619 by ClusterFuzz-External: elfutils:fuzz-elf-get-sections: Misaligned-address in elf_cvt_Verdef https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=45619 Detailed Report: https://oss-fuzz.com/testcase?key=5857986591981568 Project: elfutils Fuzzing Engine: libFuzzer Fuzz Target: fuzz-elf-get-sections Job Type: libfuzzer_ubsan_elfutils Platform Id: linux Crash Type: Misaligned-address Crash Address: Crash State: elf_cvt_Verdef __libelf_set_data_list_rdlock __elf_getdata_rdlock Sanitizer: undefined (UBSAN) Regressed: https://oss-fuzz.com/revisions?job=libfuzzer_ubsan_elfutils&range=202203160607:202203161200 Reproducer Testcase: https://oss-fuzz.com/download?testcase_id=5857986591981568 Issue filed automatically. See https://google.github.io/oss-fuzz/advanced-topics/reproducing for instructions to reproduce this bug locally. When you fix this bug, please * mention the fix revision(s). * state whether the bug was a short-lived regression or an old bug in any stable releases. * add any other useful information. This information can help downstream consumers. If you need to contact the OSS-Fuzz team with a question, concern, or any other feedback, please file an issue at https://github.com/google/oss-fuzz/issues. Comments on individual Monorail issues are not monitored. -- You received this message because: 1. You were specifically CC'd on the issue You may adjust your notification preferences at: https://bugs.chromium.org/hosting/settings Reply to this email to add a comment.
Re: Issue 45619 in oss-fuzz: elfutils:fuzz-elf-get-sections: Misaligned-address in elf_cvt_Verdef
Hi, On Wed, Mar 16, 2022 at 02:58:26PM -0700, ClusterFuzz-External via monorail via Elfutils-devel wrote: > Status: New > Owner: > CC: elfut...@sourceware.org, evv...@gmail.com, izz...@google.com > Labels: ClusterFuzz Reproducible Stability-UndefinedBehaviorSanitizer > Engine-libfuzzer OS-Linux Proj-elfutils Reported-2022-03-16 > Type: Bug > > New issue 45619 by ClusterFuzz-External: elfutils:fuzz-elf-get-sections: > Misaligned-address in elf_cvt_Verdef > https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=45619 > > Detailed Report: https://oss-fuzz.com/testcase?key=5857986591981568 Anyone any idea how to replicate this? The detailed report appears to require some kind of login. > Project: elfutils > Fuzzing Engine: libFuzzer > Fuzz Target: fuzz-elf-get-sections > Job Type: libfuzzer_ubsan_elfutils > Platform Id: linux Where does this "fuzz-elf-get-sections" target come from? > Crash Type: Misaligned-address > Crash Address: > Crash State: > elf_cvt_Verdef > __libelf_set_data_list_rdlock > __elf_getdata_rdlock > > Sanitizer: undefined (UBSAN) > > Regressed: > https://oss-fuzz.com/revisions?job=libfuzzer_ubsan_elfutils&range=202203160607:202203161200 > > Reproducer Testcase: > https://oss-fuzz.com/download?testcase_id=5857986591981568 This testcase seems to have no section headers, so it is unclear how to get to the above crash state. Cheers, Mark
Issue 45620 in oss-fuzz: elfutils:fuzz-elf-get-sections: Timeout in fuzz-elf-get-sections
Status: New Owner: CC: elfut...@sourceware.org, da...@adalogics.com, evv...@gmail.com, izz...@google.com Labels: ClusterFuzz Reproducible Engine-libfuzzer OS-Linux Proj-elfutils Reported-2022-03-17 Type: Bug New issue 45620 by ClusterFuzz-External: elfutils:fuzz-elf-get-sections: Timeout in fuzz-elf-get-sections https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=45620 Detailed Report: https://oss-fuzz.com/testcase?key=5416220013232128 Project: elfutils Fuzzing Engine: libFuzzer Fuzz Target: fuzz-elf-get-sections Job Type: libfuzzer_asan_elfutils Platform Id: linux Crash Type: Timeout (exceeds 60 secs) Crash Address: Crash State: fuzz-elf-get-sections Sanitizer: address (ASAN) Regressed: https://oss-fuzz.com/revisions?job=libfuzzer_asan_elfutils&range=202203160607:202203161200 Reproducer Testcase: https://oss-fuzz.com/download?testcase_id=5416220013232128 Issue filed automatically. See https://google.github.io/oss-fuzz/advanced-topics/reproducing for instructions to reproduce this bug locally. When you fix this bug, please * mention the fix revision(s). * state whether the bug was a short-lived regression or an old bug in any stable releases. * add any other useful information. This information can help downstream consumers. If you need to contact the OSS-Fuzz team with a question, concern, or any other feedback, please file an issue at https://github.com/google/oss-fuzz/issues. Comments on individual Monorail issues are not monitored. -- You received this message because: 1. You were specifically CC'd on the issue You may adjust your notification preferences at: https://bugs.chromium.org/hosting/settings Reply to this email to add a comment.
Re: Issue 45620 in oss-fuzz: elfutils:fuzz-elf-get-sections: Timeout in fuzz-elf-get-sections
Hi, On Wed, Mar 16, 2022 at 05:08:04PM -0700, ClusterFuzz-External via monorail via Elfutils-devel wrote: > Status: New > Owner: > CC: elfut...@sourceware.org, da...@adalogics.com, evv...@gmail.com, > izz...@google.com > Labels: ClusterFuzz Reproducible Engine-libfuzzer OS-Linux Proj-elfutils > Reported-2022-03-17 > Type: Bug > > New issue 45620 by ClusterFuzz-External: elfutils:fuzz-elf-get-sections: > Timeout in fuzz-elf-get-sections > https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=45620 > > Detailed Report: https://oss-fuzz.com/testcase?key=5416220013232128 Again the detailed report seems to require some kind of login. > Project: elfutils > Fuzzing Engine: libFuzzer > Fuzz Target: fuzz-elf-get-sections > Job Type: libfuzzer_asan_elfutils > Platform Id: linux > > Crash Type: Timeout (exceeds 60 secs) > Crash Address: > Crash State: > fuzz-elf-get-sections > > Sanitizer: address (ASAN) > > Regressed: > https://oss-fuzz.com/revisions?job=libfuzzer_asan_elfutils&range=202203160607:202203161200 > > Reproducer Testcase: > https://oss-fuzz.com/download?testcase_id=5416220013232128 This again looks like the previous reported case. The reproducer is clearly an invalid file without section headers. Does anybody know what this "fuzz-elf-get-sections" thing is. It would be good to know the source code if this to understand how to reproduce this report. Thanks, Mark
Issue 43449 in oss-fuzz: elfutils:fuzz-dwfl-core: Timeout in fuzz-dwfl-core
Updates: Cc: da...@adalogics.com Comment #2 on issue 43449 by ClusterFuzz-External: elfutils:fuzz-dwfl-core: Timeout in fuzz-dwfl-core https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=43449#c2 (No comment was entered for this change.) -- You received this message because: 1. You were specifically CC'd on the issue You may adjust your notification preferences at: https://bugs.chromium.org/hosting/settings Reply to this email to add a comment.
Issue 43505 in oss-fuzz: elfutils:fuzz-dwfl-core: Use-of-uninitialized-value in handle_file_note
Updates: Cc: da...@adalogics.com Comment #4 on issue 43505 by ClusterFuzz-External: elfutils:fuzz-dwfl-core: Use-of-uninitialized-value in handle_file_note https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=43505#c4 (No comment was entered for this change.) -- You received this message because: 1. You were specifically CC'd on the issue You may adjust your notification preferences at: https://bugs.chromium.org/hosting/settings Reply to this email to add a comment.
Issue 45619 in oss-fuzz: elfutils:fuzz-elf-get-sections: Misaligned-address in elf_cvt_Verdef
Updates: Cc: da...@adalogics.com Comment #1 on issue 45619 by ClusterFuzz-External: elfutils:fuzz-elf-get-sections: Misaligned-address in elf_cvt_Verdef https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=45619#c1 (No comment was entered for this change.) -- You received this message because: 1. You were specifically CC'd on the issue You may adjust your notification preferences at: https://bugs.chromium.org/hosting/settings Reply to this email to add a comment.
Re: Issue 43449 in oss-fuzz: elfutils:fuzz-dwfl-core: Timeout in fuzz-dwfl-core
Hi, On Wed, Mar 16, 2022 at 05:38:11PM -0700, ClusterFuzz-External via monorail via Elfutils-devel wrote: > Comment #2 on issue 43449 by ClusterFuzz-External: elfutils:fuzz-dwfl-core: > Timeout in fuzz-dwfl-core > https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=43449#c2 As one of the comments on this says "it takes the fuzzer about 15 seconds to process this file without ASan so it doesn't seem to be an elfutils issue". 15 seconds sounds like a very long time, especially without asan. ASAN often takes a long time on 64bit arches. I would recommend to only use it on 32bit targets if possible. However it isn't clear to me what this "fuzz-dwfl-core" is, where the source is and how to replicate this. Cheers, Mark
Re: Issue 43505 in oss-fuzz: elfutils:fuzz-dwfl-core: Use-of-uninitialized-value in handle_file_note
Hi, Does anybody know why/where these message suddenly come from? There have now been multiple today and yesterday. Unfortunately the reply-to address seems to just bounce any of my replies. On Wed, Mar 16, 2022 at 05:38:15PM -0700, ClusterFuzz-External via monorail via Elfutils-devel wrote: > Comment #4 on issue 43505 by ClusterFuzz-External: elfutils:fuzz-dwfl-core: > Use-of-uninitialized-value in handle_file_note > https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=43505#c4 As one of the comments in this bug report says "it seems MSan doesn't like unions that aren't initialized explicitly". But the backtrace given in the report doesn't seem to match the current elfutils code. So maybe this is against some old elfutils version? Cheers, Mark
Issue 45628 in oss-fuzz: elfutils:fuzz-libdwfl: Heap-buffer-overflow in strtol
Status: New
Owner:
CC: elfut...@sourceware.org, da...@adalogics.com, evv...@gmail.com,
izz...@google.com
Labels: ClusterFuzz Stability-Memory-AddressSanitizer Reproducible OS-Linux
Security_Severity-Medium Engine-honggfuzz Proj-elfutils Reported-2022-03-17
Type: Bug-Security
New issue 45628 by ClusterFuzz-External: elfutils:fuzz-libdwfl:
Heap-buffer-overflow in strtol
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=45628
Detailed Report: https://oss-fuzz.com/testcase?key=4673586076450816
Project: elfutils
Fuzzing Engine: honggfuzz
Fuzz Target: fuzz-libdwfl
Job Type: honggfuzz_asan_elfutils
Platform Id: linux
Crash Type: Heap-buffer-overflow READ {*}
Crash Address: 0x7fffe2c93000
Crash State:
strtol
__libelf_next_arhdr_wrlock
elf_begin
Sanitizer: address (ASAN)
Recommended Security Severity: Medium
Regressed:
https://oss-fuzz.com/revisions?job=honggfuzz_asan_elfutils&range=202203161800:20220317
Reproducer Testcase: https://oss-fuzz.com/download?testcase_id=4673586076450816
Issue filed automatically.
See https://google.github.io/oss-fuzz/advanced-topics/reproducing for
instructions to reproduce this bug locally.
When you fix this bug, please
* mention the fix revision(s).
* state whether the bug was a short-lived regression or an old bug in any
stable releases.
* add any other useful information.
This information can help downstream consumers.
If you need to contact the OSS-Fuzz team with a question, concern, or any other
feedback, please file an issue at https://github.com/google/oss-fuzz/issues.
Comments on individual Monorail issues are not monitored.
--
You received this message because:
1. You were specifically CC'd on the issue
You may adjust your notification preferences at:
https://bugs.chromium.org/hosting/settings
Reply to this email to add a comment.
Issue 45629 in oss-fuzz: elfutils:fuzz-libdwfl: Indirect-leak in __libelf_read_mmaped_file
Status: New Owner: CC: elfut...@sourceware.org, da...@adalogics.com, evv...@gmail.com, izz...@google.com Labels: ClusterFuzz Stability-Memory-AddressSanitizer Reproducible Stability-Memory-LeakSanitizer Engine-libfuzzer OS-Linux Proj-elfutils Reported-2022-03-17 Type: Bug New issue 45629 by ClusterFuzz-External: elfutils:fuzz-libdwfl: Indirect-leak in __libelf_read_mmaped_file https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=45629 Detailed Report: https://oss-fuzz.com/testcase?key=5280476447768576 Project: elfutils Fuzzing Engine: libFuzzer Fuzz Target: fuzz-libdwfl Job Type: libfuzzer_asan_elfutils Platform Id: linux Crash Type: Indirect-leak Crash Address: Crash State: __libelf_read_mmaped_file read_file lock_dup_elf Sanitizer: address (ASAN) Regressed: https://oss-fuzz.com/revisions?job=libfuzzer_asan_elfutils&range=202203161800:20220317 Reproducer Testcase: https://oss-fuzz.com/download?testcase_id=5280476447768576 Issue filed automatically. See https://google.github.io/oss-fuzz/advanced-topics/reproducing for instructions to reproduce this bug locally. When you fix this bug, please * mention the fix revision(s). * state whether the bug was a short-lived regression or an old bug in any stable releases. * add any other useful information. This information can help downstream consumers. If you need to contact the OSS-Fuzz team with a question, concern, or any other feedback, please file an issue at https://github.com/google/oss-fuzz/issues. Comments on individual Monorail issues are not monitored. -- You received this message because: 1. You were specifically CC'd on the issue You may adjust your notification preferences at: https://bugs.chromium.org/hosting/settings Reply to this email to add a comment.
Issue 45630 in oss-fuzz: elfutils:fuzz-libelf: Use-of-uninitialized-value in validate_str
Status: New Owner: CC: elfut...@sourceware.org, da...@adalogics.com, evv...@gmail.com, izz...@google.com Labels: ClusterFuzz Reproducible Stability-Memory-MemorySanitizer Engine-libfuzzer OS-Linux Security_Severity-Medium Proj-elfutils Reported-2022-03-17 Type: Bug-Security New issue 45630 by ClusterFuzz-External: elfutils:fuzz-libelf: Use-of-uninitialized-value in validate_str https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=45630 Detailed Report: https://oss-fuzz.com/testcase?key=5658767587409920 Project: elfutils Fuzzing Engine: libFuzzer Fuzz Target: fuzz-libelf Job Type: libfuzzer_msan_elfutils Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address: Crash State: validate_str elf_strptr fuzz_logic_one Sanitizer: memory (MSAN) Recommended Security Severity: Medium Regressed: https://oss-fuzz.com/revisions?job=libfuzzer_msan_elfutils&range=202203161800:20220317 Reproducer Testcase: https://oss-fuzz.com/download?testcase_id=5658767587409920 Issue filed automatically. See https://google.github.io/oss-fuzz/advanced-topics/reproducing for instructions to reproduce this bug locally. When you fix this bug, please * mention the fix revision(s). * state whether the bug was a short-lived regression or an old bug in any stable releases. * add any other useful information. This information can help downstream consumers. If you need to contact the OSS-Fuzz team with a question, concern, or any other feedback, please file an issue at https://github.com/google/oss-fuzz/issues. Comments on individual Monorail issues are not monitored. -- You received this message because: 1. You were specifically CC'd on the issue You may adjust your notification preferences at: https://bugs.chromium.org/hosting/settings Reply to this email to add a comment.
Issue 45631 in oss-fuzz: elfutils:fuzz-libdwfl: Use-of-uninitialized-value in __libdw_gunzip
Status: New Owner: CC: elfut...@sourceware.org, da...@adalogics.com, evv...@gmail.com, izz...@google.com Labels: ClusterFuzz Reproducible Stability-Memory-MemorySanitizer Engine-libfuzzer OS-Linux Security_Severity-Medium Proj-elfutils Reported-2022-03-17 Type: Bug-Security New issue 45631 by ClusterFuzz-External: elfutils:fuzz-libdwfl: Use-of-uninitialized-value in __libdw_gunzip https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=45631 Detailed Report: https://oss-fuzz.com/testcase?key=5742116662280192 Project: elfutils Fuzzing Engine: libFuzzer Fuzz Target: fuzz-libdwfl Job Type: libfuzzer_msan_elfutils Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address: Crash State: __libdw_gunzip decompress libdw_open_elf Sanitizer: memory (MSAN) Recommended Security Severity: Medium Regressed: https://oss-fuzz.com/revisions?job=libfuzzer_msan_elfutils&range=202203161800:20220317 Reproducer Testcase: https://oss-fuzz.com/download?testcase_id=5742116662280192 Issue filed automatically. See https://google.github.io/oss-fuzz/advanced-topics/reproducing for instructions to reproduce this bug locally. When you fix this bug, please * mention the fix revision(s). * state whether the bug was a short-lived regression or an old bug in any stable releases. * add any other useful information. This information can help downstream consumers. If you need to contact the OSS-Fuzz team with a question, concern, or any other feedback, please file an issue at https://github.com/google/oss-fuzz/issues. Comments on individual Monorail issues are not monitored. -- You received this message because: 1. You were specifically CC'd on the issue You may adjust your notification preferences at: https://bugs.chromium.org/hosting/settings Reply to this email to add a comment.
Issue 45633 in oss-fuzz: elfutils:fuzz-libdwfl: Use-of-uninitialized-value in __libelf_read_mmaped_file
Status: New Owner: CC: elfut...@sourceware.org, da...@adalogics.com, evv...@gmail.com, izz...@google.com Labels: ClusterFuzz Reproducible Stability-Memory-MemorySanitizer Engine-libfuzzer OS-Linux Security_Severity-Medium Proj-elfutils Reported-2022-03-17 Type: Bug-Security New issue 45633 by ClusterFuzz-External: elfutils:fuzz-libdwfl: Use-of-uninitialized-value in __libelf_read_mmaped_file https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=45633 Detailed Report: https://oss-fuzz.com/testcase?key=6298551989174272 Project: elfutils Fuzzing Engine: libFuzzer Fuzz Target: fuzz-libdwfl Job Type: libfuzzer_msan_elfutils Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address: Crash State: __libelf_read_mmaped_file elf_memory decompress Sanitizer: memory (MSAN) Recommended Security Severity: Medium Regressed: https://oss-fuzz.com/revisions?job=libfuzzer_msan_elfutils&range=202203161800:20220317 Reproducer Testcase: https://oss-fuzz.com/download?testcase_id=6298551989174272 Issue filed automatically. See https://google.github.io/oss-fuzz/advanced-topics/reproducing for instructions to reproduce this bug locally. When you fix this bug, please * mention the fix revision(s). * state whether the bug was a short-lived regression or an old bug in any stable releases. * add any other useful information. This information can help downstream consumers. If you need to contact the OSS-Fuzz team with a question, concern, or any other feedback, please file an issue at https://github.com/google/oss-fuzz/issues. Comments on individual Monorail issues are not monitored. -- You received this message because: 1. You were specifically CC'd on the issue You may adjust your notification preferences at: https://bugs.chromium.org/hosting/settings Reply to this email to add a comment.
Issue 45634 in oss-fuzz: elfutils:fuzz-libdwfl: Misaligned-address in file_read_elf
Status: New Owner: CC: elfut...@sourceware.org, da...@adalogics.com, evv...@gmail.com, izz...@google.com Labels: ClusterFuzz Reproducible Stability-UndefinedBehaviorSanitizer Engine-libfuzzer OS-Linux Proj-elfutils Reported-2022-03-17 Type: Bug New issue 45634 by ClusterFuzz-External: elfutils:fuzz-libdwfl: Misaligned-address in file_read_elf https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=45634 Detailed Report: https://oss-fuzz.com/testcase?key=5069818166902784 Project: elfutils Fuzzing Engine: libFuzzer Fuzz Target: fuzz-libdwfl Job Type: libfuzzer_ubsan_elfutils Platform Id: linux Crash Type: Misaligned-address Crash Address: Crash State: file_read_elf __libelf_read_mmaped_file read_file Sanitizer: undefined (UBSAN) Regressed: https://oss-fuzz.com/revisions?job=libfuzzer_ubsan_elfutils&range=202203161800:20220317 Reproducer Testcase: https://oss-fuzz.com/download?testcase_id=5069818166902784 Issue filed automatically. See https://google.github.io/oss-fuzz/advanced-topics/reproducing for instructions to reproduce this bug locally. When you fix this bug, please * mention the fix revision(s). * state whether the bug was a short-lived regression or an old bug in any stable releases. * add any other useful information. This information can help downstream consumers. If you need to contact the OSS-Fuzz team with a question, concern, or any other feedback, please file an issue at https://github.com/google/oss-fuzz/issues. Comments on individual Monorail issues are not monitored. -- You received this message because: 1. You were specifically CC'd on the issue You may adjust your notification preferences at: https://bugs.chromium.org/hosting/settings Reply to this email to add a comment.
Issue 45635 in oss-fuzz: elfutils:fuzz-libdwfl: Timeout in fuzz-libdwfl
Status: New Owner: CC: elfut...@sourceware.org, da...@adalogics.com, evv...@gmail.com, izz...@google.com Labels: ClusterFuzz Reproducible Engine-libfuzzer OS-Linux Proj-elfutils Reported-2022-03-17 Type: Bug New issue 45635 by ClusterFuzz-External: elfutils:fuzz-libdwfl: Timeout in fuzz-libdwfl https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=45635 Detailed Report: https://oss-fuzz.com/testcase?key=5237809772888064 Project: elfutils Fuzzing Engine: libFuzzer Fuzz Target: fuzz-libdwfl Job Type: libfuzzer_ubsan_elfutils Platform Id: linux Crash Type: Timeout (exceeds 60 secs) Crash Address: Crash State: fuzz-libdwfl Sanitizer: undefined (UBSAN) Regressed: https://oss-fuzz.com/revisions?job=libfuzzer_ubsan_elfutils&range=202203161800:20220317 Reproducer Testcase: https://oss-fuzz.com/download?testcase_id=5237809772888064 Issue filed automatically. See https://google.github.io/oss-fuzz/advanced-topics/reproducing for instructions to reproduce this bug locally. When you fix this bug, please * mention the fix revision(s). * state whether the bug was a short-lived regression or an old bug in any stable releases. * add any other useful information. This information can help downstream consumers. If you need to contact the OSS-Fuzz team with a question, concern, or any other feedback, please file an issue at https://github.com/google/oss-fuzz/issues. Comments on individual Monorail issues are not monitored. -- You received this message because: 1. You were specifically CC'd on the issue You may adjust your notification preferences at: https://bugs.chromium.org/hosting/settings Reply to this email to add a comment.
