Re: Some fuzzer workarounds

Hi Mark, >> I can also prevent OSS-Fuzz from reporting new bugs found by MSan >> by setting the experimental flag >> >> From >> https://google.github.io/oss-fuzz/getting-started/new-project-guide/#sanitizers >>> If you want to test a particular sanitizer to see what crashes it generates >>> with

Re: Some fuzzer workarounds

Hi Evgeny, On Tue, Mar 22, 2022 at 07:59:57PM +0300, Evgeny Vereshchagin wrote: > I can also prevent OSS-Fuzz from reporting new bugs found by MSan > by setting the experimental flag > > From > https://google.github.io/oss-fuzz/getting-started/new-project-guide/#sanitizers > > If you want to tes

[PATCH] libelf: Correct alignment of ELF_T_GNUHASH data for ELFCLASS64

ELF_T_GNUHASH data is just 32bit words for ELFCLASS32. But for ELFCLASS64 it is a mix of 32bit and 64bit words. In the elf_cvt_gnuhash function we rely on the alignment of the whole to be 64bit word aligned, even though the first 4 words are 32bits. Otherwise we might try to convert an unaligned 64

Issue 45631 in oss-fuzz: elfutils:fuzz-libdwfl: Use-of-uninitialized-value in __libdw_gunzip

Updates: Labels: Fuzz-Blocker Comment #3 on issue 45631 by ClusterFuzz-External: elfutils:fuzz-libdwfl: Use-of-uninitialized-value in __libdw_gunzip https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=45631#c3 This crash occurs very frequently on linux platform and is likely preventing

Issue 45706 in oss-fuzz: elfutils:fuzz-libdwfl: Use-of-uninitialized-value in process_file

Comment #1 on issue 45706 by evv...@gmail.com: elfutils:fuzz-libdwfl: Use-of-uninitialized-value in process_file https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=45706#c1 It's a false positive. https://github.com/google/oss-fuzz/pull/7422 should fix it. -- You received this message beca

Issue 45952 in oss-fuzz: elfutils:fuzz-libdwfl: Misaligned-address in elf_cvt_gnuhash

Status: New Owner: CC: elfut...@sourceware.org, da...@adalogics.com, evv...@gmail.com, izz...@google.com Labels: ClusterFuzz Reproducible Stability-UndefinedBehaviorSanitizer Engine-libfuzzer OS-Linux Proj-elfutils Reported-2022-03-22 Type: Bug New issue 45952 by ClusterFuzz-External: elfu

Re: Some fuzzer workarounds

Hi Mark, >> So I took the fuzz-libelf.c and fuzz-libdwfl.c files from the oss-fuzz >> repo, tweaked them so they have a normal main that takes one file >> argument to try to replicate the reports. That found some "real" >> issues I submitted patches for. Then I ran afl-fuzz on them locally >> duri

Issue 45637 in oss-fuzz: elfutils:fuzz-libelf: Timeout in fuzz-libelf

Updates: Labels: ClusterFuzz-Verified Status: Verified Comment #3 on issue 45637 by ClusterFuzz-External: elfutils:fuzz-libelf: Timeout in fuzz-libelf https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=45637#c3 ClusterFuzz testcase 6393240885002240 is verified as fixed in htt

Issue 45636 in oss-fuzz: elfutils:fuzz-libdwfl: Crash in read_long_names

Updates: Labels: ClusterFuzz-Verified Status: Verified Comment #4 on issue 45636 by ClusterFuzz-External: elfutils:fuzz-libdwfl: Crash in read_long_names https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=45636#c4 ClusterFuzz testcase 5787862593830912 is verified as fixed in

Issue 45646 in oss-fuzz: elfutils:fuzz-libdwfl: Misaligned-address in __libdw_image_header

Updates: Labels: ClusterFuzz-Verified Status: Verified Comment #3 on issue 45646 by ClusterFuzz-External: elfutils:fuzz-libdwfl: Misaligned-address in __libdw_image_header https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=45646#c3 ClusterFuzz testcase 5699171619831808 is veri

Issue 45629 in oss-fuzz: elfutils:fuzz-libdwfl: Indirect-leak in __libelf_read_mmaped_file

Updates: Labels: ClusterFuzz-Verified Status: Verified Comment #4 on issue 45629 by ClusterFuzz-External: elfutils:fuzz-libdwfl: Indirect-leak in __libelf_read_mmaped_file https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=45629#c4 ClusterFuzz testcase 5280476447768576 is veri

Issue 45635 in oss-fuzz: elfutils:fuzz-libdwfl: Timeout in fuzz-libdwfl

Updates: Labels: ClusterFuzz-Verified Status: Verified Comment #3 on issue 45635 by ClusterFuzz-External: elfutils:fuzz-libdwfl: Timeout in fuzz-libdwfl https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=45635#c3 ClusterFuzz testcase 5237809772888064 is verified as fixed in h

Issue 45705 in oss-fuzz: elfutils:fuzz-libdwfl: Indirect-leak in __libelf_next_arhdr_wrlock

Updates: Labels: ClusterFuzz-Verified Status: Verified Comment #6 on issue 45705 by ClusterFuzz-External: elfutils:fuzz-libdwfl: Indirect-leak in __libelf_next_arhdr_wrlock https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=45705#c6 ClusterFuzz testcase 5085329692950528 is ver

Issue 45634 in oss-fuzz: elfutils:fuzz-libdwfl: Misaligned-address in file_read_elf

Updates: Labels: ClusterFuzz-Verified Status: Verified Comment #3 on issue 45634 by ClusterFuzz-External: elfutils:fuzz-libdwfl: Misaligned-address in file_read_elf https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=45634#c3 ClusterFuzz testcase 5069818166902784 is verified as

Issue 45682 in oss-fuzz: elfutils:fuzz-libelf: Misaligned-address in elf_cvt_Verneed

Updates: Labels: ClusterFuzz-Verified Status: Verified Comment #3 on issue 45682 by ClusterFuzz-External: elfutils:fuzz-libelf: Misaligned-address in elf_cvt_Verneed https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=45682#c3 ClusterFuzz testcase 4968585519300608 is verified a

Issue 45628 in oss-fuzz: elfutils:fuzz-libdwfl: Heap-buffer-overflow in strtol

Updates: Labels: ClusterFuzz-Verified Status: Verified Comment #5 on issue 45628 by ClusterFuzz-External: elfutils:fuzz-libdwfl: Heap-buffer-overflow in strtol https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=45628#c5 ClusterFuzz testcase 4673586076450816 is verified as fixe

Re: [PATCH] readelf: PR28928 - wrong dynamic section entry number

Hey team, I made some changes for this patch: (1) update the commit message to make it more clear (2) tests/alldts.c needs the padding spaces for output comparison On Tue, Mar 1, 2022 at 8:54 PM Di Chen wrote: > commit 978663c5323cf402cd35b8614e41f24b587cbdd8 (HEAD -> dichen/DT_NULL, > origin/di