Issue 45628 in oss-fuzz: elfutils:fuzz-libdwfl: Heap-buffer-overflow in strtol
Comment #1 on issue 45628 by da...@adalogics.com: elfutils:fuzz-libdwfl: Heap-buffer-overflow in strtol https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=45628#c1 Attaches the reproducer testcase Attachments: clusterfuzz-testcase-minimized-fuzz-libdwfl-4673586076450816.fuzz 16.0 KB -- You received this message because: 1. You were specifically CC'd on the issue You may adjust your notification preferences at: https://bugs.chromium.org/hosting/settings Reply to this email to add a comment.
Issue 45628 in oss-fuzz: elfutils:fuzz-libdwfl: Heap-buffer-overflow in strtol
Comment #2 on issue 45628 by da...@adalogics.com: elfutils:fuzz-libdwfl: Heap-buffer-overflow in strtol https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=45628#c2 Stack trace from detailed report: ==2680==ERROR: AddressSanitizer: unknown-crash on address 0x7fd79225d000 at pc 0x0044fd53 bp 0x7ffd96c8ead0 sp 0x7ffd96c8e288 READ of size 249 at 0x7fd79225d000 thread T0 SCARINESS: 16 (multi-byte-read-unknown-crash) #0 0x44fd52 in StrtolFixAndCheck(void*, char const*, char**, char*, int) /src/llvm-project/compiler-rt/lib/sanitizer_common/sanitizer_common_interceptors.inc:3440:3 #1 0x488f30 in strtol /src/llvm-project/compiler-rt/lib/asan/asan_interceptors.cpp:484:3 #2 0x5a4f1b in atol /usr/include/stdlib.h:368:10 #3 0x5a4f1b in read_long_names /src/elfutils/libelf/elf_begin.c:766:13 #4 0x5a4f1b in __libelf_next_arhdr_wrlock /src/elfutils/libelf/elf_begin.c:912:8 #5 0x5a65c2 in dup_elf /src/elfutils/libelf/elf_begin.c:1061:10 #6 0x5a65c2 in lock_dup_elf /src/elfutils/libelf/elf_begin.c:1119:10 #7 0x5a65c2 in elf_begin /src/elfutils/libelf/elf_begin.c:1165:11 #8 0x4e3732 in process_archive /src/elfutils/libdwfl/offline.c:251:17 #9 0x4e3732 in process_file /src/elfutils/libdwfl/offline.c:125:14 #10 0x4e4136 in __libdwfl_report_offline /src/elfutils/libdwfl/offline.c:287:22 #11 0x4e4136 in dwfl_report_offline /src/elfutils/libdwfl/offline.c:316:10 #12 0x4e120d in LLVMFuzzerTestOneInput /src/fuzz-libdwfl.c:47:22 #13 0x4d732b in main #14 0x7fd7930a70b2 in __libc_start_main /build/glibc-eX1tMB/glibc-2.31/csu/libc-start.c:308:16 #15 0x41d65d in _start -- You received this message because: 1. You were specifically CC'd on the issue You may adjust your notification preferences at: https://bugs.chromium.org/hosting/settings Reply to this email to add a comment.
Issue 45629 in oss-fuzz: elfutils:fuzz-libdwfl: Indirect-leak in __libelf_read_mmaped_file
Comment #2 on issue 45629 by da...@adalogics.com: elfutils:fuzz-libdwfl: Indirect-leak in __libelf_read_mmaped_file https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=45629#c2 ASAN report Indirect leak of 264 byte(s) in 1 object(s) allocated from: #0 0x524ae2 in __interceptor_calloc /src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:138:3 #1 0x622d34 in allocate_elf /src/elfutils/libelf/common.h:74:17 #2 0x622d34 in __libelf_read_mmaped_file /src/elfutils/libelf/elf_begin.c:578:10 #3 0x6283cf in read_file /src/elfutils/libelf/elf_begin.c:701:28 #4 0x628037 in dup_elf /src/elfutils/libelf/elf_begin.c:1067:12 #5 0x628037 in lock_dup_elf /src/elfutils/libelf/elf_begin.c:1119:10 #6 0x627c93 in elf_begin /src/elfutils/libelf/elf_begin.c:0 #7 0x56009b in process_archive /src/elfutils/libdwfl/offline.c:251:17 #8 0x56009b in process_file /src/elfutils/libdwfl/offline.c:125:14 #9 0x560a48 in __libdwfl_report_offline /src/elfutils/libdwfl/offline.c:287:22 #10 0x560a48 in dwfl_report_offline /src/elfutils/libdwfl/offline.c:316:10 #11 0x55dc32 in LLVMFuzzerTestOneInput /src/fuzz-libdwfl.c:47:22 #12 0x455522 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:611:15 #13 0x4410d2 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:324:6 #14 0x44693c in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:860:9 #15 0x46f2d2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 #16 0x7f61fb6210b2 in __libc_start_main /build/glibc-eX1tMB/glibc-2.31/csu/libc-start.c:308:16 Indirect leak of 264 byte(s) in 1 object(s) allocated from: #0 0x524ae2 in __interceptor_calloc /src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:138:3 #1 0x622bc1 in allocate_elf /src/elfutils/libelf/common.h:74:17 #2 0x622bc1 in file_read_ar /src/elfutils/libelf/elf_begin.c:59:9 #3 0x622bc1 in __libelf_read_mmaped_file /src/elfutils/libelf/elf_begin.c:570:14 #4 0x6283cf in read_file /src/elfutils/libelf/elf_begin.c:701:28 #5 0x627be1 in elf_begin /src/elfutils/libelf/elf_begin.c:0 #6 0x56b2ac in libdw_open_elf /src/elfutils/libdwfl/open.c:131:14 #7 0x56b1ac in __libdw_open_file /src/elfutils/libdwfl/open.c:197:10 #8 0x5609d2 in __libdwfl_report_offline /src/elfutils/libdwfl/offline.c:281:22 #9 0x5609d2 in dwfl_report_offline /src/elfutils/libdwfl/offline.c:316:10 #10 0x55dc32 in LLVMFuzzerTestOneInput /src/fuzz-libdwfl.c:47:22 #11 0x455522 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:611:15 #12 0x4410d2 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:324:6 #13 0x44693c in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:860:9 #14 0x46f2d2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 #15 0x7f61fb6210b2 in __libc_start_main /build/glibc-eX1tMB/glibc-2.31/csu/libc-start.c:308:16 SUMMARY: AddressSanitizer: 528 byte(s) leaked in 2 allocation(s). INFO: a leak has been found in the initial corpus. INFO: to ignore leaks on libFuzzer side use -detect_leaks=0. -- You received this message because: 1. You were specifically CC'd on the issue You may adjust your notification preferences at: https://bugs.chromium.org/hosting/settings Reply to this email to add a comment.
Issue 45629 in oss-fuzz: elfutils:fuzz-libdwfl: Indirect-leak in __libelf_read_mmaped_file
Comment #3 on issue 45629 by da...@adalogics.com: elfutils:fuzz-libdwfl: Indirect-leak in __libelf_read_mmaped_file https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=45629#c3 (No comment was entered for this change.) Attachments: clusterfuzz-testcase-minimized-fuzz-libdwfl-5280476447768576 68 bytes -- You received this message because: 1. You were specifically CC'd on the issue You may adjust your notification preferences at: https://bugs.chromium.org/hosting/settings Reply to this email to add a comment.
Issue 45630 in oss-fuzz: elfutils:fuzz-libelf: Use-of-uninitialized-value in validate_str
Comment #2 on issue 45630 by da...@adalogics.com: elfutils:fuzz-libelf: Use-of-uninitialized-value in validate_str https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=45630#c2 MSAN report: Running: /mnt/scratch0/clusterfuzz/bot/inputs/fuzzer-testcases/crash-ecd598ded30b07196a2ab343f59f7a25442f0560 ==744==WARNING: MemorySanitizer: use-of-uninitialized-value #0 0x538d7b in validate_str /src/elfutils/libelf/elf_strptr.c:61:4 #1 0x5383fe in elf_strptr /src/elfutils/libelf/elf_strptr.c:188:11 #2 0x527361 in fuzz_logic_one /src/fuzz-libelf.c:37:26 #3 0x527cec in LLVMFuzzerTestOneInput /src/fuzz-libelf.c:82:3 #4 0x4551d2 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:611:15 #5 0x440d82 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:324:6 #6 0x4465ec in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:860:9 #7 0x46ef82 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 #8 0x7fd73ce3f0b2 in __libc_start_main /build/glibc-eX1tMB/glibc-2.31/csu/libc-start.c:308:16 #9 0x41f4cd in _start Uninitialized value was created by a heap allocation #0 0x4d49ad in __interceptor_malloc /src/llvm-project/compiler-rt/lib/msan/msan_interceptors.cpp:911:3 #1 0x53feb1 in __libelf_decompress /src/elfutils/libelf/elf_compress.c:227:19 #2 0x5408d7 in __libelf_decompress_elf /src/elfutils/libelf/elf_compress.c:300:19 #3 0x538903 in get_zdata /src/elfutils/libelf/elf_strptr.c:45:17 #4 0x537c19 in elf_strptr /src/elfutils/libelf/elf_strptr.c:135:38 #5 0x527361 in fuzz_logic_one /src/fuzz-libelf.c:37:26 #6 0x527cec in LLVMFuzzerTestOneInput /src/fuzz-libelf.c:82:3 #7 0x4551d2 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:611:15 #8 0x440d82 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:324:6 #9 0x4465ec in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:860:9 #10 0x46ef82 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 #11 0x7fd73ce3f0b2 in __libc_start_main /build/glibc-eX1tMB/glibc-2.31/csu/libc-start.c:308:16 -- You received this message because: 1. You were specifically CC'd on the issue You may adjust your notification preferences at: https://bugs.chromium.org/hosting/settings Reply to this email to add a comment.
Issue 45630 in oss-fuzz: elfutils:fuzz-libelf: Use-of-uninitialized-value in validate_str
Comment #3 on issue 45630 by da...@adalogics.com: elfutils:fuzz-libelf: Use-of-uninitialized-value in validate_str https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=45630#c3 (No comment was entered for this change.) Attachments: clusterfuzz-testcase-minimized-fuzz-libelf-5658767587409920 320 bytes -- You received this message because: 1. You were specifically CC'd on the issue You may adjust your notification preferences at: https://bugs.chromium.org/hosting/settings Reply to this email to add a comment.
Issue 45631 in oss-fuzz: elfutils:fuzz-libdwfl: Use-of-uninitialized-value in __libdw_gunzip
Comment #1 on issue 45631 by da...@adalogics.com: elfutils:fuzz-libdwfl: Use-of-uninitialized-value in __libdw_gunzip https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=45631#c1 MSAN report Running: /mnt/scratch0/clusterfuzz/bot/inputs/fuzzer-testcases/crash-cdd503eda6f927979a20a3bd4c08c8182cdf2ff5 ==593068==WARNING: MemorySanitizer: use-of-uninitialized-value #0 0x55eeb6 in zlib_fail /src/elfutils/libdwfl/gzip.c:132:3 #1 0x55eeb6 in __libdw_gunzip /src/elfutils/libdwfl/gzip.c:387:11 #2 0x540817 in decompress /src/elfutils/libdwfl/open.c:66:11 #3 0x5400d7 in what_kind /src/elfutils/libdwfl/open.c:114:12 #4 0x5400d7 in libdw_open_elf /src/elfutils/libdwfl/open.c:134:22 #5 0x53f505 in __libdw_open_file /src/elfutils/libdwfl/open.c:197:10 #6 0x52cea7 in __libdwfl_report_offline /src/elfutils/libdwfl/offline.c:281:22 #7 0x52cea7 in dwfl_report_offline /src/elfutils/libdwfl/offline.c:316:10 #8 0x52747b in LLVMFuzzerTestOneInput /src/fuzz-libdwfl.c:47:22 #9 0x4552f2 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:611:15 #10 0x440ea2 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:324:6 #11 0x44670c in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:860:9 #12 0x46f0a2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 #13 0x7f5b32dd40b2 in __libc_start_main /build/glibc-eX1tMB/glibc-2.31/csu/libc-start.c:308:16 #14 0x41f5ed in _start Uninitialized value was created by an allocation of 'code' in the stack frame of function '__libdw_gunzip' #0 0x55cde0 in __libdw_gunzip /src/elfutils/libdwfl/gzip.c:184 SUMMARY: MemorySanitizer: use-of-uninitialized-value (/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds_elfutils_3ee01cb67db1a71e7adeb7f3f14722ea62f13cd5/revisions/fuzz-libdwfl+0x55eeb6) Unique heap origins: 44 Stack depot allocated bytes: 1638400 Unique origin histories: 7 History depot allocated bytes: 196608 Exiting -- You received this message because: 1. You were specifically CC'd on the issue You may adjust your notification preferences at: https://bugs.chromium.org/hosting/settings Reply to this email to add a comment.
Issue 45631 in oss-fuzz: elfutils:fuzz-libdwfl: Use-of-uninitialized-value in __libdw_gunzip
Comment #2 on issue 45631 by da...@adalogics.com: elfutils:fuzz-libdwfl: Use-of-uninitialized-value in __libdw_gunzip https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=45631#c2 (No comment was entered for this change.) Attachments: clusterfuzz-testcase-minimized-fuzz-libdwfl-5742116662280192 4 bytes -- You received this message because: 1. You were specifically CC'd on the issue You may adjust your notification preferences at: https://bugs.chromium.org/hosting/settings Reply to this email to add a comment.
Issue 45634 in oss-fuzz: elfutils:fuzz-libdwfl: Misaligned-address in file_read_elf
Comment #1 on issue 45634 by da...@adalogics.com: elfutils:fuzz-libdwfl: Misaligned-address in file_read_elf https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=45634#c1 UBSAN report Running: /mnt/scratch0/clusterfuzz/bot/inputs/fuzzer-testcases/crash-59b5bfa44a73565527249e5a6d13b3c2a9761f29 elf_begin.c:225:21: runtime error: member access within misaligned address 0x7f9d7642404c for type 'Elf64_Shdr', which requires 8 byte alignment 0x7f9d7642404c: note: pointer points here 02 01 01 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 ^ #0 0x56a2ad in get_shnum /src/elfutils/libelf/elf_begin.c:225:21 #1 0x56a2ad in file_read_elf /src/elfutils/libelf/elf_begin.c:299:19 #2 0x567596 in __libelf_read_mmaped_file /src/elfutils/libelf/elf_begin.c:566:14 #3 0x56c9dd in read_file /src/elfutils/libelf/elf_begin.c:701:28 #4 0x56c678 in dup_elf /src/elfutils/libelf/elf_begin.c:1067:12 #5 0x56c678 in lock_dup_elf /src/elfutils/libelf/elf_begin.c:1119:10 #6 0x56c17e in elf_begin /src/elfutils/libelf/elf_begin.c:0 #7 0x4b5782 in process_archive /src/elfutils/libdwfl/offline.c:251:17 #8 0x4b5782 in process_file /src/elfutils/libdwfl/offline.c:125:14 #9 0x4b5e9f in __libdwfl_report_offline /src/elfutils/libdwfl/offline.c:287:22 #10 0x4b5e9f in dwfl_report_offline /src/elfutils/libdwfl/offline.c:316:10 #11 0x4b2f88 in LLVMFuzzerTestOneInput /src/fuzz-libdwfl.c:47:22 #12 0x43da32 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:611:15 #13 0x4295e2 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:324:6 #14 0x42ee4c in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:860:9 #15 0x4577e2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 #16 0x7f9d760b90b2 in __libc_start_main /build/glibc-eX1tMB/glibc-2.31/csu/libc-start.c:308:16 #17 0x407d2d in _start SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior elf_begin.c:225:21 in -- You received this message because: 1. You were specifically CC'd on the issue You may adjust your notification preferences at: https://bugs.chromium.org/hosting/settings Reply to this email to add a comment.
Issue 45634 in oss-fuzz: elfutils:fuzz-libdwfl: Misaligned-address in file_read_elf
Comment #2 on issue 45634 by da...@adalogics.com: elfutils:fuzz-libdwfl: Misaligned-address in file_read_elf https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=45634#c2 (No comment was entered for this change.) Attachments: clusterfuzz-testcase-minimized-fuzz-libdwfl-5069818166902784 140 bytes -- You received this message because: 1. You were specifically CC'd on the issue You may adjust your notification preferences at: https://bugs.chromium.org/hosting/settings Reply to this email to add a comment.
Issue 45635 in oss-fuzz: elfutils:fuzz-libdwfl: Timeout in fuzz-libdwfl
Comment #1 on issue 45635 by da...@adalogics.com: elfutils:fuzz-libdwfl: Timeout in fuzz-libdwfl https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=45635#c1 UBSAN report Running: /mnt/scratch0/clusterfuzz/bot/inputs/fuzzer-testcases/timeout-2aaefec51e4f82909c4edd9ae287bf51b2eb6dd7 ALARM: working on the last Unit for 61 seconds and the timeout value is 60 (use -timeout=N to change) ==225963== ERROR: libFuzzer: timeout after 61 seconds #0 0x4b1a04 in __sanitizer_print_stack_trace /src/llvm-project/compiler-rt/lib/ubsan/ubsan_diag_standalone.cpp:31:3 #1 0x457028 in fuzzer::PrintStackTrace() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerUtil.cpp:210:5 #2 0x43c3f9 in fuzzer::Fuzzer::AlarmCallback() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:301:5 #3 0x7f4c926dc3bf in libpthread.so.0 #4 0x56b144 in read_long_names /src/elfutils/libelf/elf_begin.c:760:28 #5 0x56b144 in __libelf_next_arhdr_wrlock /src/elfutils/libelf/elf_begin.c:912:8 #6 0x56c6fb in dup_elf /src/elfutils/libelf/elf_begin.c:1061:10 #7 0x56c6fb in lock_dup_elf /src/elfutils/libelf/elf_begin.c:1119:10 #8 0x56c17e in elf_begin /src/elfutils/libelf/elf_begin.c:0 #9 0x4b5782 in process_archive /src/elfutils/libdwfl/offline.c:251:17 #10 0x4b5782 in process_file /src/elfutils/libdwfl/offline.c:125:14 #11 0x4b5e9f in __libdwfl_report_offline /src/elfutils/libdwfl/offline.c:287:22 #12 0x4b5e9f in dwfl_report_offline /src/elfutils/libdwfl/offline.c:316:10 #13 0x4b2f88 in LLVMFuzzerTestOneInput /src/fuzz-libdwfl.c:47:22 #14 0x43da32 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:611:15 #15 0x4295e2 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:324:6 #16 0x42ee4c in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:860:9 #17 0x4577e2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 #18 0x7f4c924d00b2 in __libc_start_main /build/glibc-eX1tMB/glibc-2.31/csu/libc-start.c:308:16 #19 0x407d2d in _start SUMMARY: libFuzzer: timeout -- You received this message because: 1. You were specifically CC'd on the issue You may adjust your notification preferences at: https://bugs.chromium.org/hosting/settings Reply to this email to add a comment.
Issue 45635 in oss-fuzz: elfutils:fuzz-libdwfl: Timeout in fuzz-libdwfl
Comment #2 on issue 45635 by da...@adalogics.com: elfutils:fuzz-libdwfl: Timeout in fuzz-libdwfl https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=45635#c2 (No comment was entered for this change.) Attachments: clusterfuzz-testcase-minimized-fuzz-libdwfl-5237809772888064 129 bytes -- You received this message because: 1. You were specifically CC'd on the issue You may adjust your notification preferences at: https://bugs.chromium.org/hosting/settings Reply to this email to add a comment.
Issue 45636 in oss-fuzz: elfutils:fuzz-libdwfl: Crash in read_long_names
Comment #1 on issue 45636 by da...@adalogics.com: elfutils:fuzz-libdwfl: Crash in read_long_names https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=45636#c1 ASAN report = ==746==ERROR: AddressSanitizer: unknown-crash on address 0x7f1a9af3d000 at pc 0x0048a379 bp 0x7ffeb1d3c230 sp 0x7ffeb1d3b9e8 READ of size 985 at 0x7f1a9af3d000 thread T0 SCARINESS: 16 (multi-byte-read-unknown-crash) #0 0x48a378 in __interceptor_atol /src/llvm-project/compiler-rt/lib/asan/asan_interceptors.cpp:522:3 #1 0x5b4615 in read_long_names /src/elfutils/libelf/elf_begin.c:766:13 #2 0x5b2aa4 in __libelf_next_arhdr_wrlock /src/elfutils/libelf/elf_begin.c:912:8 #3 0x5b6d7d in dup_elf /src/elfutils/libelf/elf_begin.c:1061:10 #4 0x5b5028 in lock_dup_elf /src/elfutils/libelf/elf_begin.c:1119:10 #5 0x5b4e36 in elf_begin /src/elfutils/libelf/elf_begin.c:0 #6 0x4db735 in process_archive /src/elfutils/libdwfl/offline.c:251:17 #7 0x4db181 in process_file /src/elfutils/libdwfl/offline.c:125:14 #8 0x4daf3b in __libdwfl_report_offline /src/elfutils/libdwfl/offline.c:287:22 #9 0x4db2a2 in dwfl_report_offline /src/elfutils/libdwfl/offline.c:316:10 #10 0x4d842f in LLVMFuzzerTestOneInput /src/fuzz-libdwfl.c:47:22 #11 0x4d8225 in ExecuteFilesOnyByOne aflplusplus/utils/aflpp_driver/aflpp_driver.c:191:7 #12 0x4d8095 in main aflplusplus/utils/aflpp_driver/aflpp_driver.c:0 #13 0x7f1a9bd060b2 in __libc_start_main /build/glibc-eX1tMB/glibc-2.31/csu/libc-start.c:308:16 #14 0x41e58d in _start Address 0x7f1a9af3d000 is a wild pointer inside of access range of size 0x03d9. SUMMARY: AddressSanitizer: unknown-crash (/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds-afl_elfutils_b7ca3a6bcc40cef461446d759ca780e6ea3657cd/revisions/fuzz-libdwfl+0x48a378) Shadow bytes around the buggy address: 0x0fe3d35df9b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0fe3d35df9c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0fe3d35df9d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0fe3d35df9e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0fe3d35df9f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 =>0x0fe3d35dfa00:[fe]fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe 0x0fe3d35dfa10: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe 0x0fe3d35dfa20: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe 0x0fe3d35dfa30: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe 0x0fe3d35dfa40: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe 0x0fe3d35dfa50: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user:f7 Container overflow: fc Array cookie:ac Intra object redzone:bb ASan internal: fe Left alloca redzone: ca Right alloca redzone:cb ==746==ABORTING -- You received this message because: 1. You were specifically CC'd on the issue You may adjust your notification preferences at: https://bugs.chromium.org/hosting/settings Reply to this email to add a comment.
Issue 45636 in oss-fuzz: elfutils:fuzz-libdwfl: Crash in read_long_names
Comment #2 on issue 45636 by da...@adalogics.com: elfutils:fuzz-libdwfl: Crash in read_long_names https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=45636#c2 (No comment was entered for this change.) Attachments: clusterfuzz-testcase-minimized-fuzz-libdwfl-5787862593830912 8.0 KB -- You received this message because: 1. You were specifically CC'd on the issue You may adjust your notification preferences at: https://bugs.chromium.org/hosting/settings Reply to this email to add a comment.
Issue 45637 in oss-fuzz: elfutils:fuzz-libelf: Timeout in fuzz-libelf
Comment #1 on issue 45637 by da...@adalogics.com: elfutils:fuzz-libelf: Timeout in fuzz-libelf https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=45637#c1 ASAN report: Running: /mnt/scratch0/clusterfuzz/bot/inputs/fuzzer-testcases/timeout-15f79e70f92567039dd67b7c3a16ad3a180b3a6e ALARM: working on the last Unit for 61 seconds and the timeout value is 60 (use -timeout=N to change) ==5980== ERROR: libFuzzer: timeout after 61 seconds #0 0x52e5c1 in __sanitizer_print_stack_trace /src/llvm-project/compiler-rt/lib/asan/asan_stack.cpp:87:3 #1 0x46e9e8 in fuzzer::PrintStackTrace() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerUtil.cpp:210:5 #2 0x453db9 in fuzzer::Fuzzer::AlarmCallback() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:301:5 #3 0x7f7ca26eb3bf in libpthread.so.0 #4 0x571322 in elf_cvt_Verneed /src/elfutils/libelf/version_xlate.h:211:20 #5 0x56957e in convert_data /src/elfutils/libelf/elf_getdata.c:192:7 #6 0x56957e in __libelf_set_data_list_rdlock /src/elfutils/libelf/elf_getdata.c:453:7 #7 0x569a67 in __elf_getdata_rdlock /src/elfutils/libelf/elf_getdata.c:560:5 #8 0x569b1c in elf_getdata /src/elfutils/libelf/elf_getdata.c:578:12 #9 0x56d9d4 in elf_compress_gnu /src/elfutils/libelf/elf_compress_gnu.c:150:24 #10 0x55dbba in fuzz_logic_one /src/fuzz-libelf.c:48:15 #11 0x55e077 in LLVMFuzzerTestOneInput /src/fuzz-libelf.c:82:3 #12 0x4553f2 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:611:15 #13 0x440fa2 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:324:6 #14 0x44680c in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:860:9 #15 0x46f1a2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 #16 0x7f7ca24df0b2 in __libc_start_main /build/glibc-eX1tMB/glibc-2.31/csu/libc-start.c:308:16 #17 0x41f6ed in _start -- You received this message because: 1. You were specifically CC'd on the issue You may adjust your notification preferences at: https://bugs.chromium.org/hosting/settings Reply to this email to add a comment.
Issue 45637 in oss-fuzz: elfutils:fuzz-libelf: Timeout in fuzz-libelf
Comment #2 on issue 45637 by da...@adalogics.com: elfutils:fuzz-libelf: Timeout in fuzz-libelf https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=45637#c2 (No comment was entered for this change.) Attachments: clusterfuzz-testcase-minimized-fuzz-libelf-6393240885002240 684 bytes -- You received this message because: 1. You were specifically CC'd on the issue You may adjust your notification preferences at: https://bugs.chromium.org/hosting/settings Reply to this email to add a comment.
Issue 45646 in oss-fuzz: elfutils:fuzz-libdwfl: Misaligned-address in __libdw_image_header
Comment #1 on issue 45646 by da...@adalogics.com: elfutils:fuzz-libdwfl: Misaligned-address in __libdw_image_header https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=45646#c1 UBSAN report Running: /mnt/scratch0/clusterfuzz/bot/inputs/fuzzer-testcases/crash-137c106fe516c3a5c4d5fb8deeb45c4e982d59a5 image-header.c:84:7: runtime error: load of misaligned address 0x7f2499144202 for type 'uint32_t' (aka 'unsigned int'), which requires 4 byte alignment 0x7f2499144202: note: pointer points here 55 aa 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 ^ #0 0x4c04de in __libdw_image_header /src/elfutils/libdwfl/image-header.c:84:7 #1 0x4bf336 in libdw_open_elf /src/elfutils/libdwfl/open.c:141:15 #2 0x4bf1dc in __libdw_open_file /src/elfutils/libdwfl/open.c:197:10 #3 0x4b5e6d in __libdwfl_report_offline /src/elfutils/libdwfl/offline.c:281:22 #4 0x4b5e6d in dwfl_report_offline /src/elfutils/libdwfl/offline.c:316:10 #5 0x4b2f88 in LLVMFuzzerTestOneInput /src/fuzz-libdwfl.c:47:22 #6 0x43da32 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:611:15 #7 0x4295e2 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:324:6 #8 0x42ee4c in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:860:9 #9 0x4577e2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 #10 0x7f2498dd90b2 in __libc_start_main /build/glibc-eX1tMB/glibc-2.31/csu/libc-start.c:308:16 #11 0x407d2d in _start SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior image-header.c:84:7 in -- You received this message because: 1. You were specifically CC'd on the issue You may adjust your notification preferences at: https://bugs.chromium.org/hosting/settings Reply to this email to add a comment.
Issue 45646 in oss-fuzz: elfutils:fuzz-libdwfl: Misaligned-address in __libdw_image_header
Comment #2 on issue 45646 by da...@adalogics.com: elfutils:fuzz-libdwfl: Misaligned-address in __libdw_image_header https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=45646#c2 (No comment was entered for this change.) Attachments: clusterfuzz-testcase-minimized-fuzz-libdwfl-5699171619831808 593 bytes -- You received this message because: 1. You were specifically CC'd on the issue You may adjust your notification preferences at: https://bugs.chromium.org/hosting/settings Reply to this email to add a comment.
Issue 45682 in oss-fuzz: elfutils:fuzz-libelf: Misaligned-address in elf_cvt_Verneed
Comment #1 on issue 45682 by da...@adalogics.com: elfutils:fuzz-libelf: Misaligned-address in elf_cvt_Verneed https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=45682#c1 UBSAN report Running: /mnt/scratch0/clusterfuzz/bot/inputs/fuzzer-testcases/crash-cf18cd9802d6953b96a96cb2364e46ade2dccddc version_xlate.h:204:22: runtime error: member access within misaligned address 0x02dfee46 for type 'GElf_Vernaux' (aka 'Elf64_Vernaux'), which requires 4 byte alignment 0x02dfee46: note: pointer points here 4c 46 01 02 01 20 00 00 00 04 20 20 20 20 00 00 00 02 20 20 20 20 20 20 20 20 20 20 20 20 00 00 ^ #0 0x4c63b6 in elf_cvt_Verneed /src/elfutils/libelf/version_xlate.h:204:22 #1 0x4be96f in convert_data /src/elfutils/libelf/elf_getdata.c:192:7 #2 0x4be96f in __libelf_set_data_list_rdlock /src/elfutils/libelf/elf_getdata.c:453:7 #3 0x4bf17e in __elf_getdata_rdlock /src/elfutils/libelf/elf_getdata.c:560:5 #4 0x4bf39e in elf_getdata /src/elfutils/libelf/elf_getdata.c:578:12 #5 0x4c2d88 in elf_compress_gnu /src/elfutils/libelf/elf_compress_gnu.c:150:24 #6 0x4b2e03 in fuzz_logic_one /src/fuzz-libelf.c:48:15 #7 0x4b303f in LLVMFuzzerTestOneInput /src/fuzz-libelf.c:81:3 #8 0x43d812 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:611:15 #9 0x4293c2 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:324:6 #10 0x42ec2c in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:860:9 #11 0x4575c2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 #12 0x7f20c9b5d0b2 in __libc_start_main /build/glibc-eX1tMB/glibc-2.31/csu/libc-start.c:308:16 #13 0x407b0d in _start SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior version_xlate.h:204:22 in -- You received this message because: 1. You were specifically CC'd on the issue You may adjust your notification preferences at: https://bugs.chromium.org/hosting/settings Reply to this email to add a comment.
Issue 45682 in oss-fuzz: elfutils:fuzz-libelf: Misaligned-address in elf_cvt_Verneed
Comment #2 on issue 45682 by da...@adalogics.com: elfutils:fuzz-libelf: Misaligned-address in elf_cvt_Verneed https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=45682#c2 (No comment was entered for this change.) Attachments: clusterfuzz-testcase-minimized-fuzz-libelf-4968585519300608 321 bytes -- You received this message because: 1. You were specifically CC'd on the issue You may adjust your notification preferences at: https://bugs.chromium.org/hosting/settings Reply to this email to add a comment.
Issue 45705 in oss-fuzz: elfutils:fuzz-libdwfl: Indirect-leak in __libelf_next_arhdr_wrlock
Comment #1 on issue 45705 by da...@adalogics.com: elfutils:fuzz-libdwfl: Indirect-leak in __libelf_next_arhdr_wrlock https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=45705#c1 ASAN report Running: /mnt/scratch0/clusterfuzz/bot/inputs/fuzzer-testcases/leak-919ecedf38381f07ca17919209098f636c73aae7 = ==426037==ERROR: LeakSanitizer: detected memory leaks Indirect leak of 7175 byte(s) in 1 object(s) allocated from: #0 0x8179625 in __interceptor_malloc /src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:129:3 #1 0x82aa297 in read_long_names /src/elfutils/libelf/elf_begin.c:784:10 #2 0x82aa297 in __libelf_next_arhdr_wrlock /src/elfutils/libelf/elf_begin.c:912:8 #3 0x82ab8aa in dup_elf /src/elfutils/libelf/elf_begin.c:1061:10 #4 0x82ab8aa in lock_dup_elf /src/elfutils/libelf/elf_begin.c:1119:10 #5 0x82ab3a9 in elf_begin /src/elfutils/libelf/elf_begin.c:0 #6 0x81ba74d in process_archive /src/elfutils/libdwfl/offline.c:251:17 #7 0x81ba74d in process_file /src/elfutils/libdwfl/offline.c:125:14 #8 0x81bb32b in __libdwfl_report_offline /src/elfutils/libdwfl/offline.c:287:22 #9 0x81bb32b in dwfl_report_offline /src/elfutils/libdwfl/offline.c:316:10 #10 0x81b79ff in LLVMFuzzerTestOneInput /src/fuzz-libdwfl.c:47:22 #11 0x80a359d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned int) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:611:15 #12 0x808ec3e in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned int) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:324:6 #13 0x809472f in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned int)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:860:9 #14 0x80bd397 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 #15 0xf7c2cee4 in __libc_start_main Indirect leak of 208 byte(s) in 1 object(s) allocated from: #0 0x81797d1 in __interceptor_calloc /src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:138:3 #1 0x82a594b in allocate_elf /src/elfutils/libelf/common.h:74:17 #2 0x82a594b in file_read_ar /src/elfutils/libelf/elf_begin.c:59:9 #3 0x82a594b in __libelf_read_mmaped_file /src/elfutils/libelf/elf_begin.c:570:14 #4 0x82abd22 in read_file /src/elfutils/libelf/elf_begin.c:701:28 #5 0x82ab2ed in elf_begin /src/elfutils/libelf/elf_begin.c:0 #6 0x81c7d03 in libdw_open_elf /src/elfutils/libdwfl/open.c:131:14 #7 0x81c7c33 in __libdw_open_file /src/elfutils/libdwfl/open.c:197:10 #8 0x81bb2b8 in __libdwfl_report_offline /src/elfutils/libdwfl/offline.c:281:22 #9 0x81bb2b8 in dwfl_report_offline /src/elfutils/libdwfl/offline.c:316:10 #10 0x81b79ff in LLVMFuzzerTestOneInput /src/fuzz-libdwfl.c:47:22 #11 0x80a359d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned int) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:611:15 #12 0x808ec3e in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned int) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:324:6 #13 0x809472f in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned int)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:860:9 #14 0x80bd397 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 #15 0xf7c2cee4 in __libc_start_main Indirect leak of 208 byte(s) in 1 object(s) allocated from: #0 0x81797d1 in __interceptor_calloc /src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:138:3 #1 0x82a5abb in allocate_elf /src/elfutils/libelf/common.h:74:17 #2 0x82a5abb in __libelf_read_mmaped_file /src/elfutils/libelf/elf_begin.c:578:10 #3 0x82abd22 in read_file /src/elfutils/libelf/elf_begin.c:701:28 #4 0x82ab83b in dup_elf /src/elfutils/libelf/elf_begin.c:1067:12 #5 0x82ab83b in lock_dup_elf /src/elfutils/libelf/elf_begin.c:1119:10 #6 0x82ab3a9 in elf_begin /src/elfutils/libelf/elf_begin.c:0 #7 0x81ba74d in process_archive /src/elfutils/libdwfl/offline.c:251:17 #8 0x81ba74d in process_file /src/elfutils/libdwfl/offline.c:125:14 #9 0x81bb32b in __libdwfl_report_offline /src/elfutils/libdwfl/offline.c:287:22 #10 0x81bb32b in dwfl_report_offline /src/elfutils/libdwfl/offline.c:316:10 #11 0x81b79ff in LLVMFuzzerTestOneInput /src/fuzz-libdwfl.c:47:22 #12 0x80a359d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned int) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:611:15 #13 0x808ec3e in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned int) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:324:6 #14 0x809472f in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned int)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:860:9 #15 0x80bd397 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10
Issue 45705 in oss-fuzz: elfutils:fuzz-libdwfl: Indirect-leak in __libelf_next_arhdr_wrlock
Comment #2 on issue 45705 by da...@adalogics.com: elfutils:fuzz-libdwfl: Indirect-leak in __libelf_next_arhdr_wrlock https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=45705#c2 (No comment was entered for this change.) Attachments: clusterfuzz-testcase-minimized-fuzz-libdwfl-5085329692950528 11.1 KB -- You received this message because: 1. You were specifically CC'd on the issue You may adjust your notification preferences at: https://bugs.chromium.org/hosting/settings Reply to this email to add a comment.
Issue 45705 in oss-fuzz: elfutils:fuzz-libdwfl: Indirect-leak in __libelf_next_arhdr_wrlock
Comment #4 on issue 45705 by da...@adalogics.com: elfutils:fuzz-libdwfl: Indirect-leak in __libelf_next_arhdr_wrlock https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=45705#c4 Yes -- I did this because I asked in an internal email with Mark if it would be appreciated (the answer was yet). But will stop this as you're taking care of it by way of the mailing list. -- You received this message because: 1. You were specifically CC'd on the issue You may adjust your notification preferences at: https://bugs.chromium.org/hosting/settings Reply to this email to add a comment.
