From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 29801 invoked by alias); 10 Apr 2019 15:06:20 -0000 Mailing-List: contact dwz-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Post: List-Help: List-Subscribe: Sender: dwz-owner@sourceware.org Received: (qmail 29751 invoked by uid 48); 10 Apr 2019 15:06:17 -0000 From: "ago at gentoo dot org" To: dwz@sourceware.org Subject: [Bug default/24441] New: Some crashes found by fuzzing Date: Tue, 01 Jan 2019 00:00:00 -0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: dwz X-Bugzilla-Component: default X-Bugzilla-Version: unspecified X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: ago at gentoo dot org X-Bugzilla-Status: UNCONFIRMED X-Bugzilla-Resolution: X-Bugzilla-Priority: P2 X-Bugzilla-Assigned-To: nobody at sourceware dot org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_id short_desc product version bug_status bug_severity priority component assigned_to reporter cc target_milestone attachments.created Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://sourceware.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-SW-Source: 2019-q2/txt/msg00015.txt.bz2 https://sourceware.org/bugzilla/show_bug.cgi?id=3D24441 Bug ID: 24441 Summary: Some crashes found by fuzzing Product: dwz Version: unspecified Status: UNCONFIRMED Severity: normal Priority: P2 Component: default Assignee: nobody at sourceware dot org Reporter: ago at gentoo dot org CC: dwz at sourceware dot org Target Milestone: --- Created attachment 11736 --> https://sourceware.org/bugzilla/attachment.cgi?id=3D11736&action=3Ded= it crashes archive Tested on 0.12 I'm attaching an archive with the testcases. I see some OOB read, some NULL ptr dereference and invalid read. There are = also some assertion failure: AddressSanitizer: SEGV /var/tmp/portage/dev-libs/elfutils-0.170-r1/work/elfutils-0.170/libelf/elf_= rawdata.c:42:6 in elf_rawdata AddressSanitizer: SEGV /var/tmp/portage/dev-libs/elfutils-0.170-r1/work/elfutils-0.170/libelf/gelf= _update_phdr.c:131:20 in gelf_update_phdr AddressSanitizer: SEGV /var/tmp/portage/sys-devel/dwz-0.12/work/dwz-0.12/d= wz.c in read_dwarf AddressSanitizer: SEGV /var/tmp/portage/sys-devel/dwz-0.12/work/dwz-0.12/dwz.c:234:10 in buf_read_ule32 AddressSanitizer: SEGV /var/tmp/portage/sys-libs/compiler-rt-sanitizers-8.0.0/work/compiler-rt-8.0= .0.src/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:461:3 in __interceptor_strncmp AddressSanitizer: SEGV /var/tmp/portage/sys-libs/glibc-2.27-r6/work/glibc-2.27/string/../sysdeps/x= 86_64/multiarch/memmove-vec-unaligned-erms.S:349 AddressSanitizer: heap-buffer-overflow /var/tmp/portage/sys-devel/dwz-0.12/work/dwz-0.12/dwz.c:222:10 in buf_read_ule16 AddressSanitizer: heap-buffer-overflow /var/tmp/portage/sys-devel/dwz-0.12/work/dwz-0.12/dwz.c:8610:4 in adjust_exprloc AddressSanitizer: heap-buffer-overflow /var/tmp/portage/sys-devel/dwz-0.12/work/dwz-0.12/dwz.c:8614:4 in adjust_exprloc AddressSanitizer: heap-buffer-overflow /var/tmp/portage/sys-devel/dwz-0.12/work/dwz-0.12/dwz.c:8615:4 in adjust_exprloc AddressSanitizer: heap-buffer-overflow /var/tmp/portage/sys-devel/dwz-0.12/work/dwz-0.12/dwz.c:8618:11 in adjust_exprloc Assertion failure dwz: dwz.c:1721: int read_loclist(DSO *, dw_die_ref, GElf_Addr): Assertion = `ptr + len <=3D endsec' failed. dwz: dwz.c:7542: int build_abbrevs_for_die(htab_t, dw_cu_ref, dw_die_ref, dw_cu_ref, dw_die_ref, struct abbrev_tag *, unsigned int *, struct obstack = *, _Bool): Assertion `refd !=3D NULL' failed. dwz: dwz.c:7868: unsigned int update_new_die_offsets(dw_die_ref, unsigned i= nt, dw_die_ref **): Assertion `die->u.p2.die_intracu_udata_size =3D=3D 0 || die->die_ref_seen' failed. dwz: dwz.c:8561: void adjust_exprloc(dw_cu_ref, dw_die_ref, dw_cu_ref, dw_die_ref, unsigned char *, size_t): Assertion `refd !=3D NULL && !refd->die_remove' failed. dwz: dwz.c:8583: void adjust_exprloc(dw_cu_ref, dw_die_ref, dw_cu_ref, dw_die_ref, unsigned char *, size_t): Assertion `refd !=3D NULL' failed. dwz: dwz.c:8790: unsigned char *write_die(unsigned char *, dw_cu_ref, dw_die_ref, dw_cu_ref, dw_die_ref): Assertion `refd !=3D NULL' failed. dwz: dwz.c:9899: int read_dwarf(DSO *, _Bool): Assertion `data !=3D NULL && data->d_buf !=3D NULL' failed. --=20 You are receiving this mail because: You are on the CC list for the bug.