[Bug default/24441] New: Some crashes found by fuzzing

public inbox for dwz@sourceware.org
 help / color / mirror / Atom feed

From: "ago at gentoo dot org" <sourceware-bugzilla@sourceware.org>
To: dwz@sourceware.org
Subject: [Bug default/24441] New: Some crashes found by fuzzing
Date: Tue, 01 Jan 2019 00:00:00 -0000	[thread overview]
Message-ID: <bug-24441-11298@http.sourceware.org/bugzilla/> (raw)

https://sourceware.org/bugzilla/show_bug.cgi?id=24441

            Bug ID: 24441
           Summary: Some crashes found by fuzzing
           Product: dwz
           Version: unspecified
            Status: UNCONFIRMED
          Severity: normal
          Priority: P2
         Component: default
          Assignee: nobody at sourceware dot org
          Reporter: ago at gentoo dot org
                CC: dwz at sourceware dot org
  Target Milestone: ---

Created attachment 11736
  --> https://sourceware.org/bugzilla/attachment.cgi?id=11736&action=edit
crashes archive

Tested on 0.12
I'm attaching an archive with the testcases.

I see some OOB read, some NULL ptr dereference and invalid read. There are also
some assertion failure:

 AddressSanitizer: SEGV
/var/tmp/portage/dev-libs/elfutils-0.170-r1/work/elfutils-0.170/libelf/elf_rawdata.c:42:6
in elf_rawdata
 AddressSanitizer: SEGV
/var/tmp/portage/dev-libs/elfutils-0.170-r1/work/elfutils-0.170/libelf/gelf_update_phdr.c:131:20
in gelf_update_phdr
 AddressSanitizer: SEGV /var/tmp/portage/sys-devel/dwz-0.12/work/dwz-0.12/dwz.c
in read_dwarf
 AddressSanitizer: SEGV
/var/tmp/portage/sys-devel/dwz-0.12/work/dwz-0.12/dwz.c:234:10 in
buf_read_ule32
 AddressSanitizer: SEGV
/var/tmp/portage/sys-libs/compiler-rt-sanitizers-8.0.0/work/compiler-rt-8.0.0.src/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:461:3
in __interceptor_strncmp
 AddressSanitizer: SEGV
/var/tmp/portage/sys-libs/glibc-2.27-r6/work/glibc-2.27/string/../sysdeps/x86_64/multiarch/memmove-vec-unaligned-erms.S:349
 AddressSanitizer: heap-buffer-overflow
/var/tmp/portage/sys-devel/dwz-0.12/work/dwz-0.12/dwz.c:222:10 in
buf_read_ule16
 AddressSanitizer: heap-buffer-overflow
/var/tmp/portage/sys-devel/dwz-0.12/work/dwz-0.12/dwz.c:8610:4 in
adjust_exprloc
 AddressSanitizer: heap-buffer-overflow
/var/tmp/portage/sys-devel/dwz-0.12/work/dwz-0.12/dwz.c:8614:4 in
adjust_exprloc
 AddressSanitizer: heap-buffer-overflow
/var/tmp/portage/sys-devel/dwz-0.12/work/dwz-0.12/dwz.c:8615:4 in
adjust_exprloc
 AddressSanitizer: heap-buffer-overflow
/var/tmp/portage/sys-devel/dwz-0.12/work/dwz-0.12/dwz.c:8618:11 in
adjust_exprloc


Assertion failure
dwz: dwz.c:1721: int read_loclist(DSO *, dw_die_ref, GElf_Addr): Assertion `ptr
+ len <= endsec' failed.
dwz: dwz.c:7542: int build_abbrevs_for_die(htab_t, dw_cu_ref, dw_die_ref,
dw_cu_ref, dw_die_ref, struct abbrev_tag *, unsigned int *, struct obstack *,
_Bool): Assertion `refd != NULL' failed.
dwz: dwz.c:7868: unsigned int update_new_die_offsets(dw_die_ref, unsigned int,
dw_die_ref **): Assertion `die->u.p2.die_intracu_udata_size == 0 ||
die->die_ref_seen' failed.
dwz: dwz.c:8561: void adjust_exprloc(dw_cu_ref, dw_die_ref, dw_cu_ref,
dw_die_ref, unsigned char *, size_t): Assertion `refd != NULL &&
!refd->die_remove' failed.
dwz: dwz.c:8583: void adjust_exprloc(dw_cu_ref, dw_die_ref, dw_cu_ref,
dw_die_ref, unsigned char *, size_t): Assertion `refd != NULL' failed.
dwz: dwz.c:8790: unsigned char *write_die(unsigned char *, dw_cu_ref,
dw_die_ref, dw_cu_ref, dw_die_ref): Assertion `refd != NULL' failed.
dwz: dwz.c:9899: int read_dwarf(DSO *, _Bool): Assertion `data != NULL &&
data->d_buf != NULL' failed.

-- 
You are receiving this mail because:
You are on the CC list for the bug.

next             reply	other threads:[~2019-04-10 15:06 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-01-01  0:00 ago at gentoo dot org [this message]
2019-01-01  0:00 ` [Bug default/24441] " vries at gcc dot gnu.org

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=bug-24441-11298@http.sourceware.org/bugzilla/ \
    --to=sourceware-bugzilla@sourceware.org \
    --cc=dwz@sourceware.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).