Replying to this email means your email address will be shared with the team that works on this product. https://issues.oss-fuzz.com/issues/440144412
Changed [email protected] added comment #2: It can be reproduced by building elfutils with ASan, downloading the testcase from https://oss-fuzz.com/download?testcase_id=5624595337248768 and running `elfutils -a`. As far as I can see the ASan backtrace here is the same as the one reported in https://issues.oss-fuzz.com/issues/440209728 so it seems it's a duplicate. ``` autoreconf -i -f ./configure --enable-maintainer-mode --enable-sanitize-address make V=1 wget -O TESTCASE-440144412 https://oss-fuzz.com/download?testcase_id=5624595337248768 LD_LIBRARY_PATH=$(pwd)/libdw:$(pwd)/libelf ./src/readelf -a TESTCASE-440144412 ``` ``` AddressSanitizer:DEADLYSIGNAL ================================================================= ==141181==ERROR: AddressSanitizer: SEGV on unknown address 0x7f12e43ab810 (pc 0x7f12e460df4a bp 0x7f12e47bc980 sp 0x7ffee74938c0 T0) ==141181==The signal is caused by a WRITE memory access. #0 0x7f12e460df4a in __asan::Allocator::Deallocate(void*, unsigned long, unsigned long, __sanitizer::BufferedStackTrace*, __asan::AllocType) (/lib64/libasan.so.8+0xdf4a) (BuildId: 10b8ccd49f75c21babf1d7abe51bb63589d8471f) #1 0x7f12e46e5bb9 in free.part.0 (/lib64/libasan.so.8+0xe5bb9) (BuildId: 10b8ccd49f75c21babf1d7abe51bb63589d8471f) #2 0x7f12e4df4e8f in elf_end /home/vagrant/elfutils/libelf/elf_end.c:122 #3 0x7f12e42dfd66 in libdw_open_elf /home/vagrant/elfutils/libdwfl/open.c:163 #4 0x7f12e42e02d6 in __libdw_open_file /home/vagrant/elfutils/libdwfl/open.c:199 #5 0x7f12e42b25a1 in __libdwfl_report_offline /home/vagrant/elfutils/libdwfl/offline.c:289 #6 0x00000040fb04 in create_dwfl /home/vagrant/elfutils/src/readelf.c:970 #7 0x00000040fe62 in process_file /home/vagrant/elfutils/src/readelf.c:1014 #8 0x00000040295c in main /home/vagrant/elfutils/src/readelf.c:482 #9 0x7f12e4411574 in __libc_start_call_main (/lib64/libc.so.6+0x3574) (BuildId: 48c4b9b1efb1df15da8e787f489128bf31893317) #10 0x7f12e4411627 in __libc_start_main@GLIBC_2.2.5 (/lib64/libc.so.6+0x3627) (BuildId: 48c4b9b1efb1df15da8e787f489128bf31893317) #11 0x0000004047d4 in _start (/home/vagrant/elfutils/src/readelf+0x4047d4) (BuildId: 3631d44f26b38cb673867ac59d8fc922824d4cbd) ==141181==Register values: rax = 0x0000000000000002 rbx = 0x00007f12e43ab820 rcx = 0x0000000000000000 rdx = 0x0000000000000003 rdi = 0x00007f12e43ab820 rsi = 0x00007f12e43ab820 rbp = 0x00007f12e47bc980 rsp = 0x00007ffee74938c0 r8 = 0x00007ffee7493920 r9 = 0x0000000000000001 r10 = 0x0000000000000001 r11 = 0x00007f12e4df4e90 r12 = 0x00007ffee7493920 r13 = 0x00007f12e43ab810 r14 = 0x0000000000000001 r15 = 0x0000000000000000 AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV /home/vagrant/elfutils/libelf/elf_end.c:122 in elf_end ==141181==ABORTING ``` _______________________________ Reference Info: 440144412 elfutils:fuzz-libdwfl: Check failed in CheckUnwind component: Public Trackers > 1362134 > OSS Fuzz status: New reporter: [email protected] cc: [email protected], [email protected], [email protected], and 1 more collaborators: [email protected] type: Vulnerability access level: Default access priority: P2 severity: S1 hotlist: Reproducible, Stability-Memory-MemorySanitizer retention: Component default Project: elfutils Reported: Aug 21, 2025 Generated by Google IssueTracker notification system.
