Issue 43356 in oss-fuzz: elfutils:fuzz-dwfl-core: Misaligned-address in Elf32_cvt_Dyn
Status: New Owner: CC: elfut...@sourceware.org, evv...@gmail.com, izz...@google.com Labels: ClusterFuzz Reproducible Stability-UndefinedBehaviorSanitizer Engine-libfuzzer OS-Linux Proj-elfutils Reported-2022-01-06 Type: Bug New issue 43356 by ClusterFuzz-External: elfutils:fuzz-dwfl-core: Misaligned-address in Elf32_cvt_Dyn https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=43356 Detailed Report: https://oss-fuzz.com/testcase?key=6013023414779904 Project: elfutils Fuzzing Engine: libFuzzer Fuzz Target: fuzz-dwfl-core Job Type: libfuzzer_ubsan_elfutils Platform Id: linux Crash Type: Misaligned-address Crash Address: Crash State: Elf32_cvt_Dyn elf32_xlatetom dwfl_segment_report_module Sanitizer: undefined (UBSAN) Regressed: https://oss-fuzz.com/revisions?job=libfuzzer_ubsan_elfutils&range=202201051200:202201051800 Reproducer Testcase: https://oss-fuzz.com/download?testcase_id=6013023414779904 Issue filed automatically. See https://google.github.io/oss-fuzz/advanced-topics/reproducing for instructions to reproduce this bug locally. When you fix this bug, please * mention the fix revision(s). * state whether the bug was a short-lived regression or an old bug in any stable releases. * add any other useful information. This information can help downstream consumers. If you need to contact the OSS-Fuzz team with a question, concern, or any other feedback, please file an issue at https://github.com/google/oss-fuzz/issues. Comments on individual Monorail issues are not monitored. -- You received this message because: 1. You were specifically CC'd on the issue You may adjust your notification preferences at: https://bugs.chromium.org/hosting/settings Reply to this email to add a comment.
[Bug libdw/28720] UBSan: member access within misaligned address 0x7f6e8d80f142 for type 'struct Elf32_Phdr', which requires 4 byte alignment
https://sourceware.org/bugzilla/show_bug.cgi?id=28720 Evgeny Vereshchagin changed: What|Removed |Added Resolution|--- |FIXED Status|ASSIGNED|RESOLVED --- Comment #12 from Evgeny Vereshchagin --- Forgot to close the issue. As far as I can see there are two issues left. They were reported in https://sourceware.org/pipermail/elfutils-devel/2022q1/004623.html and https://sourceware.org/pipermail/elfutils-devel/2022q1/004629.html Thanks! -- You are receiving this mail because: You are on the CC list for the bug.
Issue 43356 in oss-fuzz: elfutils:fuzz-dwfl-core: Misaligned-address in Elf32_cvt_Dyn
Comment #1 on issue 43356 by evv...@gmail.com: elfutils:fuzz-dwfl-core: Misaligned-address in Elf32_cvt_Dyn https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=43356#c1 It can be reproduced by downloading the reproducer testcase and passing it to eu-stack: ``` autoreconf -i -f ./configure --enable-maintainer-mode --enable-sanitize-address --enable-sanitize-undefined make -j$(nproc) V=1 wget -O CRASH 'https://oss-fuzz.com/download?testcase_id=6013023414779904' UBSAN_OPTIONS=print_stacktrace=1 LD_LIBRARY_PATH="./libdw;./libelf" ./src/stack --core CRASH gelf_xlate.h:48:1: runtime error: member access within misaligned address 0x7f98edb0206a for type 'struct Elf32_Dyn', which requires 4 byte alignment 0x7f98edb0206a: note: pointer points here 20 20 20 00 00 00 8a 20 20 20 20 00 00 00 10 20 20 20 20 ff 20 20 20 ff ff ff ff 00 00 00 00 00 ^ #0 0x7f98f23ef91f in Elf32_cvt_Dyn /home/vagrant/elfutils/libelf/gelf_xlate.h:48 #1 0x7f98f23ed9f9 in elf32_xlatetom /home/vagrant/elfutils/libelf/elf32_xlatetom.c:104 #2 0x7f98f20eac75 in dwfl_segment_report_module /home/vagrant/elfutils/libdwfl/dwfl_segment_report_module.c:848 #3 0x7f98f20f4ffd in _new.dwfl_core_file_report /home/vagrant/elfutils/libdwfl/core-file.c:563 #4 0x403b34 in parse_opt /home/vagrant/elfutils/src/stack.c:595 #5 0x7f98f1199471 in argp_parse (/lib64/libc.so.6+0x11e471) #6 0x402a7d in main /home/vagrant/elfutils/src/stack.c:695 #7 0x7f98f10a855f in __libc_start_call_main (/lib64/libc.so.6+0x2d55f) #8 0x7f98f10a860b in __libc_start_main_impl (/lib64/libc.so.6+0x2d60b) #9 0x402f44 in _start (/home/vagrant/elfutils/src/stack+0x402f44) ``` -- You received this message because: 1. You were specifically CC'd on the issue You may adjust your notification preferences at: https://bugs.chromium.org/hosting/settings Reply to this email to add a comment.
Issue 43307 in oss-fuzz: elfutils:fuzz-dwfl-core: Crash in read_addrs
Comment #2 on issue 43307 by evv...@gmail.com: elfutils:fuzz-dwfl-core: Crash in read_addrs https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=43307#c2 It can be reproduced by downloading the reproducer testcase and passing it to eu-stack: ``` autoreconf -i -f ./configure --enable-maintainer-mode --enable-sanitize-address --enable-sanitize-undefined make -j$(nproc) V=1 wget -O oss-fuzz-43307 'https://oss-fuzz.com/download?testcase_id=4696722113167360' LD_LIBRARY_PATH="./libdw;./libelf" ./src/stack --core ./oss-fuzz-43307 AddressSanitizer:DEADLYSIGNAL = ==159086==ERROR: AddressSanitizer: SEGV on unknown address 0x7f1c426f6fe0 (pc 0x7f1c47758399 bp 0x60b01170 sp 0x7ffdf9aca7a0 T0) ==159086==The signal is caused by a READ memory access. #0 0x7f1c47758399 in read_8ubyte_unaligned_noncvt ../libdw/memory-access.h:301 #1 0x7f1c47758399 in read_addrs /home/vagrant/elfutils/libdwfl/link_map.c:288 #2 0x7f1c47758399 in report_r_debug /home/vagrant/elfutils/libdwfl/link_map.c:341 #3 0x7f1c47758399 in dwfl_link_map_report /home/vagrant/elfutils/libdwfl/link_map.c:1117 #4 0x7f1c4775df31 in _new.dwfl_core_file_report /home/vagrant/elfutils/libdwfl/core-file.c:552 #5 0x403b34 in parse_opt /home/vagrant/elfutils/src/stack.c:595 #6 0x7f1c46802471 in argp_parse (/lib64/libc.so.6+0x11e471) #7 0x402a7d in main /home/vagrant/elfutils/src/stack.c:695 #8 0x7f1c4671155f in __libc_start_call_main (/lib64/libc.so.6+0x2d55f) #9 0x7f1c4671160b in __libc_start_main_impl (/lib64/libc.so.6+0x2d60b) #10 0x402f44 in _start (/home/vagrant/elfutils/src/stack+0x402f44) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV ../libdw/memory-access.h:301 in read_8ubyte_unaligned_noncvt ==159086==ABORTING ``` -- You received this message because: 1. You were specifically CC'd on the issue You may adjust your notification preferences at: https://bugs.chromium.org/hosting/settings Reply to this email to add a comment.
