Issue 42877 in oss-fuzz: elfutils:fuzz-dwfl-core: Crash in dwfl_segment_report_module

Status: New Owner: CC: elfut...@sourceware.org, evv...@gmail.com, izz...@google.com Labels: ClusterFuzz Reproducible Stability-UndefinedBehaviorSanitizer Engine-libfuzzer OS-Linux Security_Severity-Medium Proj-elfutils Reported-2021-12-23 Type: Bug-Security New issue 42877 by ClusterFuzz-E

Issue 42877 in oss-fuzz: elfutils:fuzz-dwfl-core: Crash in dwfl_segment_report_module

Updates: Labels: Fuzz-Blocker Comment #1 on issue 42877 by ClusterFuzz-External: elfutils:fuzz-dwfl-core: Crash in dwfl_segment_report_module https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=42877#c1 This crash occurs very frequently on linux platform and is likely preventing the f

Re: Issue 42877 in oss-fuzz: elfutils:fuzz-dwfl-core: Crash in dwfl_segment_report_module

Hi, On Thu, Dec 23, 2021 at 10:01:35AM -0800, ClusterFuzz-External via monorail via Elfutils-devel wrote: > Status: New > Owner: > CC: elfut...@sourceware.org, evv...@gmail.com, izz...@google.com > Labels: ClusterFuzz Reproducible Stability-UndefinedBehaviorSanitizer > Engine-libfuzzer OS-

OSS-Fuzz issue 42877

Hi Mark, I'm not subscribed to the mailing list so I can't seem to reply to https://sourceware.org/pipermail/elfutils-devel/2021q4/004595.html directly. All those issues can be reproduced by downloading public testcases and passing them to ./fuzz/dwfl-core. That particular issue can be reproduced

[PATCH] libdwfl: Make sure dwfl_elf_phdr_memory_callback returns at least minread

The callers of dwfl_elf_phdr_memory_callback assume at least minread bytes are read and available. Make sure to check start is smaller than elf->maximum_size before reading more. Return false if end - start is smaller than minread. Found by afl-fuzz. Signed-off-by: Mark Wielaard --- libdwfl/Cha

[PATCH] libdwfl: Call xlatetom on aligned buffers in dwfl_link_map_report

Make sure that when calling xlatetom for Phdrs and Dyns in dwfl_link_map_report the input buffer is correctly aligned by calling memcpy and setting in.d_buf to out.d_buf. https://sourceware.org/bugzilla/show_bug.cgi?id=28720 Signed-off-by: Mark Wielaard --- libdwfl/ChangeLog | 5 + libdwf

[PATCH] libdwfl: Calculate addr to read by hand in link_map.c read_addrs.

The gcc undefined sanitizer doesn't like the trick we use to calculate the (possibly) unaligned addresses to read. So calculate them by hand as unsigned char pointers. https://sourceware.org/bugzilla/show_bug.cgi?id=28720 Signed-off-by: Mark Wielaard --- libdwfl/ChangeLog | 4 libdwfl/li

[Bug libdw/28720] UBSan: member access within misaligned address 0x7f6e8d80f142 for type 'struct Elf32_Phdr', which requires 4 byte alignment

https://sourceware.org/bugzilla/show_bug.cgi?id=28720 Mark Wielaard changed: What|Removed |Added Ever confirmed|0 |1 Status|UNCONFIRMED

Re: OSS-Fuzz issue 42877

Hi Evgeny, On Fri, Dec 24, 2021 at 12:49:53AM +0300, Evgeny Vereshchagin wrote: > All those issues can be reproduced by downloading public testcases and > passing them to ./fuzz/dwfl-core. That particular issue can be reproduced with > ``` > autoreconf -i -f > ./configure --enable-maintainer-mode