Hi Evgeny,
On Tue, Feb 21, 2023 at 2:29 AM Evgeny Vereshchagin
wrote:
> Aleksei I wonder if it would be possible to add those fuzz targets to
> OSS-Fuzz? There are blind spots there and I think it would be really
great to
> start covering at least some of them.
We are fuzzing a tool named STG
(h
Hello, Mark
On Mon, Feb 20, 2023 at 3:55 PM Mark Wielaard wrote:
>
> .debug sections are raw bytes and don't need conversion even when host
> and file have different endian order.
Thank you! I like this patch more for its simplicity, looks good to me.
It is expected from libdw to return strings that are null-terminated to
avoid overflowing ELF data.
* Add calculation of a safe prefix inside string sections, where any
string will be null-terminated.
* Check if offset overflows the safe prefix in dwarf_formstring.
Signed-off-by: Aleksei Vetro
Hello,
In the first version of the patch was typo "secton" everywhere.
Reuploading fixed version.
Aleksei Vetrov (1):
libdw: check that DWARF strings are null-terminated
libdw/dwarf_begin_elf.c | 37 +
libdw/dwarf_formstring.c | 5 -
libdw/libdwP.h
From: Aleksei Vetrov
It is expected from libdw to return strings that are null-terminated to
avoid overflowing ELF data.
* Add calculation of a safe prefix inside string sections, where any
string will be null-terminated.
* Check if offset overflows the safe prefix in dwarf_formstring.
Signe
From: Aleksei Vetrov
__libdw_get_uleb128 and __libdw_get_sleb128 should check if addrp has
already reached the end before unrolling the first step. It is done by
moving __libdw_max_len to the beginning of the function, which can
notice, that addrp is beyond the end. Then we just check the result
Hi Mark,
On Sat, Feb 11, 2023 at 11:43 PM Mark Wielaard wrote:
> After this code we will do:
>
> /* There might be one extra byte. */
> unsigned char b = **addrp;
> ++*addrp;
>
> So I think we want to catch that too. Easiest imho seems to move (and
> invert) the max check immediately afte
Hi Mark,
> Did you actually find situations where these functions were called with
addrp
> >= endp?
Yes, for example libdw/libdw_form.c:91:7.
> It turns out that get_[su]leb128 dominates some operations and really does
> have to be as fast as possible. So I do like to know what the impact is of
From: Aleksei Vetrov
__libdw_get_uleb128 and __libdw_get_sleb128 should check if addrp has
already reached the end before unrolling the first step. It is done by
moving __libdw_max_len to the beginning of the function, which already
has all the checks.
Signed-off-by: Aleksei Vetrov
---
libdw/m
From: Aleksei Vetrov
elf_memory call in __libdw_open_elf_memory can return NULL. It was not
checked and led to the null pointer dereference.
Signed-off-by: Aleksei Vetrov
---
libdwfl/open.c | 4
tests/dwfl-report-offline-memory.c | 9 +++--
2 files changed, 11 inse
From: Aleksei Vetrov
This method allows to read and report ELF from memory instead of opening
a file. That way arbitrary memory can be worked with, e.g. when coming
from a stream without the need to persist.
Another useful application is for fuzzing, because fuzzers might be able
to track access
11 matches
Mail list logo
