From: "ago at gentoo dot org" <sourceware-bugzilla@sourceware.org>
To: dwz@sourceware.org
Subject: [Bug default/24441] New: Some crashes found by fuzzing
Date: Tue, 01 Jan 2019 00:00:00 -0000 [thread overview]
Message-ID: <bug-24441-11298@http.sourceware.org/bugzilla/> (raw)
https://sourceware.org/bugzilla/show_bug.cgi?id=24441
Bug ID: 24441
Summary: Some crashes found by fuzzing
Product: dwz
Version: unspecified
Status: UNCONFIRMED
Severity: normal
Priority: P2
Component: default
Assignee: nobody at sourceware dot org
Reporter: ago at gentoo dot org
CC: dwz at sourceware dot org
Target Milestone: ---
Created attachment 11736
--> https://sourceware.org/bugzilla/attachment.cgi?id=11736&action=edit
crashes archive
Tested on 0.12
I'm attaching an archive with the testcases.
I see some OOB read, some NULL ptr dereference and invalid read. There are also
some assertion failure:
AddressSanitizer: SEGV
/var/tmp/portage/dev-libs/elfutils-0.170-r1/work/elfutils-0.170/libelf/elf_rawdata.c:42:6
in elf_rawdata
AddressSanitizer: SEGV
/var/tmp/portage/dev-libs/elfutils-0.170-r1/work/elfutils-0.170/libelf/gelf_update_phdr.c:131:20
in gelf_update_phdr
AddressSanitizer: SEGV /var/tmp/portage/sys-devel/dwz-0.12/work/dwz-0.12/dwz.c
in read_dwarf
AddressSanitizer: SEGV
/var/tmp/portage/sys-devel/dwz-0.12/work/dwz-0.12/dwz.c:234:10 in
buf_read_ule32
AddressSanitizer: SEGV
/var/tmp/portage/sys-libs/compiler-rt-sanitizers-8.0.0/work/compiler-rt-8.0.0.src/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:461:3
in __interceptor_strncmp
AddressSanitizer: SEGV
/var/tmp/portage/sys-libs/glibc-2.27-r6/work/glibc-2.27/string/../sysdeps/x86_64/multiarch/memmove-vec-unaligned-erms.S:349
AddressSanitizer: heap-buffer-overflow
/var/tmp/portage/sys-devel/dwz-0.12/work/dwz-0.12/dwz.c:222:10 in
buf_read_ule16
AddressSanitizer: heap-buffer-overflow
/var/tmp/portage/sys-devel/dwz-0.12/work/dwz-0.12/dwz.c:8610:4 in
adjust_exprloc
AddressSanitizer: heap-buffer-overflow
/var/tmp/portage/sys-devel/dwz-0.12/work/dwz-0.12/dwz.c:8614:4 in
adjust_exprloc
AddressSanitizer: heap-buffer-overflow
/var/tmp/portage/sys-devel/dwz-0.12/work/dwz-0.12/dwz.c:8615:4 in
adjust_exprloc
AddressSanitizer: heap-buffer-overflow
/var/tmp/portage/sys-devel/dwz-0.12/work/dwz-0.12/dwz.c:8618:11 in
adjust_exprloc
Assertion failure
dwz: dwz.c:1721: int read_loclist(DSO *, dw_die_ref, GElf_Addr): Assertion `ptr
+ len <= endsec' failed.
dwz: dwz.c:7542: int build_abbrevs_for_die(htab_t, dw_cu_ref, dw_die_ref,
dw_cu_ref, dw_die_ref, struct abbrev_tag *, unsigned int *, struct obstack *,
_Bool): Assertion `refd != NULL' failed.
dwz: dwz.c:7868: unsigned int update_new_die_offsets(dw_die_ref, unsigned int,
dw_die_ref **): Assertion `die->u.p2.die_intracu_udata_size == 0 ||
die->die_ref_seen' failed.
dwz: dwz.c:8561: void adjust_exprloc(dw_cu_ref, dw_die_ref, dw_cu_ref,
dw_die_ref, unsigned char *, size_t): Assertion `refd != NULL &&
!refd->die_remove' failed.
dwz: dwz.c:8583: void adjust_exprloc(dw_cu_ref, dw_die_ref, dw_cu_ref,
dw_die_ref, unsigned char *, size_t): Assertion `refd != NULL' failed.
dwz: dwz.c:8790: unsigned char *write_die(unsigned char *, dw_cu_ref,
dw_die_ref, dw_cu_ref, dw_die_ref): Assertion `refd != NULL' failed.
dwz: dwz.c:9899: int read_dwarf(DSO *, _Bool): Assertion `data != NULL &&
data->d_buf != NULL' failed.
--
You are receiving this mail because:
You are on the CC list for the bug.
next reply other threads:[~2019-04-10 15:06 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-01-01 0:00 ago at gentoo dot org [this message]
2019-01-01 0:00 ` [Bug default/24441] " vries at gcc dot gnu.org
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=bug-24441-11298@http.sourceware.org/bugzilla/ \
--to=sourceware-bugzilla@sourceware.org \
--cc=dwz@sourceware.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).