Replying to this email means your email address will be shared with the team that works on this product. https://issues.oss-fuzz.com/issues/440209728
Changed [email protected] added comment #2: It can be reproduced by building elfutils with ASan, downloading the testcase from https://oss-fuzz.com/download?testcase_id=4759819040129024 and running `readelf -a`: ``` autoreconf -i -f ./configure --enable-maintainer-mode --enable-sanitize-address make V=1 wget -O TESTCASE-440209728 https://oss-fuzz.com/download?testcase_id=4759819040129024 LD_LIBRARY_PATH=$(pwd)/libdw:$(pwd)/libelf ./src/readelf -a TESTCASE-440209728 ``` ``` AddressSanitizer:DEADLYSIGNAL ================================================================= ==138361==ERROR: AddressSanitizer: SEGV on unknown address 0x7fa56d3aa7d0 (pc 0x7fa56d60df4a bp 0x7fa56d7bc980 sp 0x7fff5c779cb0 T0) ==138361==The signal is caused by a WRITE memory access. #0 0x7fa56d60df4a in __asan::Allocator::Deallocate(void*, unsigned long, unsigned long, __sanitizer::BufferedStackTrace*, __asan::AllocType) (/lib64/libasan.so.8+0xdf4a) (BuildId: 10b8ccd49f75c21babf1d7abe51bb63589d8471f) #1 0x7fa56d6e5bb9 in free.part.0 (/lib64/libasan.so.8+0xe5bb9) (BuildId: 10b8ccd49f75c21babf1d7abe51bb63589d8471f) #2 0x7fa56d5c1e8f in elf_end /home/vagrant/elfutils/libelf/elf_end.c:122 #3 0x7fa56d2df666 in libdw_open_elf /home/vagrant/elfutils/libdwfl/open.c:163 #4 0x7fa56d2dfbd6 in __libdw_open_file /home/vagrant/elfutils/libdwfl/open.c:199 #5 0x7fa56d2b1ea1 in __libdwfl_report_offline /home/vagrant/elfutils/libdwfl/offline.c:289 #6 0x00000040fb04 in create_dwfl /home/vagrant/elfutils/src/readelf.c:970 #7 0x00000040fe62 in process_file /home/vagrant/elfutils/src/readelf.c:1014 #8 0x00000040295c in main /home/vagrant/elfutils/src/readelf.c:482 #9 0x7fa56d011574 in __libc_start_call_main (/lib64/libc.so.6+0x3574) (BuildId: 48c4b9b1efb1df15da8e787f489128bf31893317) #10 0x7fa56d011627 in __libc_start_main@GLIBC_2.2.5 (/lib64/libc.so.6+0x3627) (BuildId: 48c4b9b1efb1df15da8e787f489128bf31893317) #11 0x0000004047d4 in _start (/home/vagrant/elfutils/src/readelf+0x4047d4) (BuildId: f53bce073c5090b8a49889e1f590b6b4a4023a28) ==138361==Register values: rax = 0x0000000000000002 rbx = 0x00007fa56d3aa7e0 rcx = 0x0000000000000000 rdx = 0x0000000000000003 rdi = 0x00007fa56d3aa7e0 rsi = 0x00007fa56d3aa7e0 rbp = 0x00007fa56d7bc980 rsp = 0x00007fff5c779cb0 r8 = 0x00007fff5c779d10 r9 = 0x0000000000000001 r10 = 0x0000000000000001 r11 = 0x00007fa56d5c1e90 r12 = 0x00007fff5c779d10 r13 = 0x00007fa56d3aa7d0 r14 = 0x0000000000000001 r15 = 0x0000000000000000 AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV /home/vagrant/elfutils/libelf/elf_end.c:122 in elf_end ==138361==ABORTING ``` _______________________________ Reference Info: 440209728 elfutils:fuzz-libdwfl: Abrt in elf_end component: Public Trackers > 1362134 > OSS Fuzz status: New reporter: [email protected] cc: [email protected], [email protected], [email protected], and 1 more collaborators: [email protected] type: Bug access level: Default access priority: P2 severity: S4 hotlist: Reproducible, Stability-UndefinedBehaviorSanitizer retention: Component default Project: elfutils Reported: Aug 21, 2025 Generated by Google IssueTracker notification system.
