The values in the kernel image header aren't properly aligned.
Use memcpy and the LE16, LE32 macros to assign and check the
values.
Signed-off-by: Mark Wielaard
---
libdwfl/ChangeLog | 5 +
libdwfl/image-header.c | 24 ++--
2 files changed, 23 insertions(+), 6 delet
When reporting ar members they should be closed when they cannot
be processed. A comment in offline.c said that process_file called
elf_end if it returned NULL. But this is incorrect. And other places
that call process_file do call elf_end explicitly when it returns
NULL.
Signed-off-by: Mark Wiela
Hi Mark,
> I guess the idea is that there could be an atoi implementation that
> starts from the end of the string? But I think that is super unlikely
> since atoi (and strtol) is defined on the initial portion of the
> character array. The algorithm is described as working from the start
> and on
Comment #3 on issue 45628 by evv...@gmail.com: elfutils:fuzz-libdwfl:
Heap-buffer-overflow in strtol
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=45628#c3
> See https://google.github.io/oss-fuzz/advanced-topics/reproducing for
> instructions to reproduce this bug locally.
FWIW this b
Hi Evgeny,
On Fri, Mar 18, 2022 at 12:11:50PM +0300, Evgeny Vereshchagin wrote:
> > The ar_size field is a 10 character string, not zero terminated, of
> > decimal digits right padded with spaces. Make sure it actually starts
> > with a digit before calling atol on it. We already make sure it is
The Verdef, Verdaux, Verneed and Vernaux structures contain fields
which point to the next structures. Make sure these offsets are
correctly aligned for the structures they point to.
Signed-off-by: Mark Wielaard
---
libelf/ChangeLog | 6 ++
libelf/version_xlate.h | 17 +---
Hi,
> The ar_size field is a 10 character string, not zero terminated, of
> decimal digits right padded with spaces. Make sure it actually starts
> with a digit before calling atol on it. We already make sure it is
> zero terminated. Otherwise atol might produce unexpected results.
As far as I
Hi,
> I looked over the "ClusterFuzz-External via monorail" emails and found
> some "real" issues.
Given that the new fuzz targets seem to just fail to compile with
```
projects/elfutils/fuzz-libdwfl.c:48:10: error: unused variable 'res'
[-Werror,-Wunused-variable]
Dwarf *res = dwfl_module_get
Status: New
Owner:
CC: elfut...@sourceware.org, da...@adalogics.com, evv...@gmail.com,
izz...@google.com
Labels: ClusterFuzz Reproducible Stability-Memory-MemorySanitizer
Engine-libfuzzer OS-Linux Security_Severity-Medium Proj-elfutils
Reported-2022-03-18
Type: Bug-Security
New issue 4570
