* [Bug default/24441] New: Some crashes found by fuzzing
@ 2019-01-01 0:00 ago at gentoo dot org
2019-01-01 0:00 ` [Bug default/24441] " vries at gcc dot gnu.org
0 siblings, 1 reply; 2+ messages in thread
From: ago at gentoo dot org @ 2019-01-01 0:00 UTC (permalink / raw)
To: dwz
https://sourceware.org/bugzilla/show_bug.cgi?id=24441
Bug ID: 24441
Summary: Some crashes found by fuzzing
Product: dwz
Version: unspecified
Status: UNCONFIRMED
Severity: normal
Priority: P2
Component: default
Assignee: nobody at sourceware dot org
Reporter: ago at gentoo dot org
CC: dwz at sourceware dot org
Target Milestone: ---
Created attachment 11736
--> https://sourceware.org/bugzilla/attachment.cgi?id=11736&action=edit
crashes archive
Tested on 0.12
I'm attaching an archive with the testcases.
I see some OOB read, some NULL ptr dereference and invalid read. There are also
some assertion failure:
AddressSanitizer: SEGV
/var/tmp/portage/dev-libs/elfutils-0.170-r1/work/elfutils-0.170/libelf/elf_rawdata.c:42:6
in elf_rawdata
AddressSanitizer: SEGV
/var/tmp/portage/dev-libs/elfutils-0.170-r1/work/elfutils-0.170/libelf/gelf_update_phdr.c:131:20
in gelf_update_phdr
AddressSanitizer: SEGV /var/tmp/portage/sys-devel/dwz-0.12/work/dwz-0.12/dwz.c
in read_dwarf
AddressSanitizer: SEGV
/var/tmp/portage/sys-devel/dwz-0.12/work/dwz-0.12/dwz.c:234:10 in
buf_read_ule32
AddressSanitizer: SEGV
/var/tmp/portage/sys-libs/compiler-rt-sanitizers-8.0.0/work/compiler-rt-8.0.0.src/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:461:3
in __interceptor_strncmp
AddressSanitizer: SEGV
/var/tmp/portage/sys-libs/glibc-2.27-r6/work/glibc-2.27/string/../sysdeps/x86_64/multiarch/memmove-vec-unaligned-erms.S:349
AddressSanitizer: heap-buffer-overflow
/var/tmp/portage/sys-devel/dwz-0.12/work/dwz-0.12/dwz.c:222:10 in
buf_read_ule16
AddressSanitizer: heap-buffer-overflow
/var/tmp/portage/sys-devel/dwz-0.12/work/dwz-0.12/dwz.c:8610:4 in
adjust_exprloc
AddressSanitizer: heap-buffer-overflow
/var/tmp/portage/sys-devel/dwz-0.12/work/dwz-0.12/dwz.c:8614:4 in
adjust_exprloc
AddressSanitizer: heap-buffer-overflow
/var/tmp/portage/sys-devel/dwz-0.12/work/dwz-0.12/dwz.c:8615:4 in
adjust_exprloc
AddressSanitizer: heap-buffer-overflow
/var/tmp/portage/sys-devel/dwz-0.12/work/dwz-0.12/dwz.c:8618:11 in
adjust_exprloc
Assertion failure
dwz: dwz.c:1721: int read_loclist(DSO *, dw_die_ref, GElf_Addr): Assertion `ptr
+ len <= endsec' failed.
dwz: dwz.c:7542: int build_abbrevs_for_die(htab_t, dw_cu_ref, dw_die_ref,
dw_cu_ref, dw_die_ref, struct abbrev_tag *, unsigned int *, struct obstack *,
_Bool): Assertion `refd != NULL' failed.
dwz: dwz.c:7868: unsigned int update_new_die_offsets(dw_die_ref, unsigned int,
dw_die_ref **): Assertion `die->u.p2.die_intracu_udata_size == 0 ||
die->die_ref_seen' failed.
dwz: dwz.c:8561: void adjust_exprloc(dw_cu_ref, dw_die_ref, dw_cu_ref,
dw_die_ref, unsigned char *, size_t): Assertion `refd != NULL &&
!refd->die_remove' failed.
dwz: dwz.c:8583: void adjust_exprloc(dw_cu_ref, dw_die_ref, dw_cu_ref,
dw_die_ref, unsigned char *, size_t): Assertion `refd != NULL' failed.
dwz: dwz.c:8790: unsigned char *write_die(unsigned char *, dw_cu_ref,
dw_die_ref, dw_cu_ref, dw_die_ref): Assertion `refd != NULL' failed.
dwz: dwz.c:9899: int read_dwarf(DSO *, _Bool): Assertion `data != NULL &&
data->d_buf != NULL' failed.
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 2+ messages in thread
* [Bug default/24441] Some crashes found by fuzzing
2019-01-01 0:00 [Bug default/24441] New: Some crashes found by fuzzing ago at gentoo dot org
@ 2019-01-01 0:00 ` vries at gcc dot gnu.org
0 siblings, 0 replies; 2+ messages in thread
From: vries at gcc dot gnu.org @ 2019-01-01 0:00 UTC (permalink / raw)
To: dwz
https://sourceware.org/bugzilla/show_bug.cgi?id=24441
Tom de Vries <vries at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |vries at gcc dot gnu.org
--- Comment #1 from Tom de Vries <vries at gcc dot gnu.org> ---
Looking at the assertions reproducible with trunk, prefixed with occurrence
count:
1257 dwz: dwz.c:1768: read_loclist: Assertion `ptr + len <= endsec' failed.
PR24172
60 dwz: dwz.c:8782: write_die: Assertion `refd != NULL' failed.
PR24169
56 dwz: dwz.c:8552: adjust_exprloc: Assertion `refd != NULL &&
!refd->die_remove' failed.
PR24195
48 dwz: dwz.c:9901: read_dwarf: Assertion `data != NULL' failed.
New
46 dwz: dwz.c:7859: update_new_die_offsets: Assertion
`die->u.p2.die_intracu_udata_size == 0 || die->die_ref_seen' failed.
New
14 dwz: dwz.c:7533: build_abbrevs_for_die: Assertion `refd != NULL'
failed.
New
2 dwz: dwz.c:8575: adjust_exprloc: Assertion `refd != NULL' failed.
New
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2019-04-15 0:52 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-01-01 0:00 [Bug default/24441] New: Some crashes found by fuzzing ago at gentoo dot org
2019-01-01 0:00 ` [Bug default/24441] " vries at gcc dot gnu.org
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).