Replying to this email means your email address will be shared with the
team that works on this product.
https://issues.oss-fuzz.com/issues/442161254
Changed
[email protected] added comment #2:
I haven't been able to reproduce it locally yet with the testcase I
downloaded from https://oss-fuzz.com/download?testcase_id=5773761388544000
but
just in case here's the backtrace OSS-Fuzz reported when it ran
https://github.com/google/oss-fuzz/blob/master/projects/elfutils/fuzz-libdwfl.c
with
that testcase:
```
==399==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address
0x7b9cb99599b4 (pc 0x7b9cbba52a80 bp 0x7ffc9ee88b00 sp 0x7ffc9ee88a88 T399)
==399==The signal is caused by a READ memory access.
#0 0x7b9cbba52a80 in memmove-vec-unaligned-erms.S:383
/build/glibc-LcI20x/glibc-2.31/sysdeps/x86_64/multiarch/memmove-vec-unaligned-erms.S:383
#1 0x56437c5b5f76 in memcpy
/usr/include/x86_64-linux-gnu/bits/string_fortified.h:34:10
#2 0x56437c5b5f76 in load_shdr_wrlock
/src/elfutils/libelf/elf32_getshdr.c:111:4
#3 0x56437c5a79c1 in gelf_getshdr
/src/elfutils/libelf/gelf_getshdr.c:86:21
#4 0x56437c549265 in scn_dwarf_type
/src/elfutils/libdw/dwarf_begin_elf.c:106:21
#5 0x56437c548d39 in global_read
/src/elfutils/libdw/dwarf_begin_elf.c:460:30
#6 0x56437c548d39 in dwarf_begin_elf
/src/elfutils/libdw/dwarf_begin_elf.c:627:9
#7 0x56437c4de1fe in load_dw
/src/elfutils/libdwfl/dwfl_module_getdwarf.c:1369:13
#8 0x56437c4dcf14 in find_dw
/src/elfutils/libdwfl/dwfl_module_getdwarf.c:1422:16
#9 0x56437c4dcf14 in dwfl_module_getdwarf
/src/elfutils/libdwfl/dwfl_module_getdwarf.c:1477:3
#10 0x56437c4d9685 in LLVMFuzzerTestOneInput
/src/fuzz-libdwfl.c:54:3
#11 0x56437c43ba20 in fuzzer::Fuzzer::ExecuteCallback(unsigned
char const*, unsigned long)
/src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:614:13
#12 0x56437c426c95 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char
const*, unsigned long)
/src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:327:6
#13 0x56437c42c72f in fuzzer::FuzzerDriver(int*, char***, int
(*)(unsigned char const*, unsigned long))
/src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:862:9
#14 0x56437c4579d2 in main
/src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10
#15 0x7b9cbb8eb082 in __libc_start_main
/build/glibc-LcI20x/glibc-2.31/csu/libc-start.c:308:16
#16 0x56437c41ee7d in _start
UndefinedBehaviorSanitizer can not provide additional info.
SUMMARY: UndefinedBehaviorSanitizer: SEGV
(/lib/x86_64-linux-gnu/libc.so.6+0x18ba80) (BuildId:
0702430aef5fa3dda43986563e9ffcc47efbd75e)
==399==ABORTING
```
_______________________________
Reference Info: 442161254 elfutils:fuzz-libdwfl: Crash in load_shdr_wrlock
component: Public Trackers > 1362134 > OSS Fuzz
status: New
reporter: [email protected]
cc: [email protected], [email protected], [email protected],
and 1 more
collaborators: [email protected]
type: Vulnerability
access level: Default access
priority: P2
severity: S2
hotlist: Reproducible, Stability-UndefinedBehaviorSanitizer
retention: Component default
Project: elfutils
Reported: Aug 31, 2025
Generated by Google IssueTracker notification system.
