From: "da… via monorail" <monorail+v2.1355924921@chromium.org>
To: elfutils-devel@sourceware.org
Subject: Issue 45629 in oss-fuzz: elfutils:fuzz-libdwfl: Indirect-leak in __libelf_read_mmaped_file
Date: Sun, 20 Mar 2022 02:55:44 -0700 [thread overview]
Message-ID: <0000000000001d5cea05daa36299@google.com> (raw)
In-Reply-To: <0=71cc74a7ba1af446b7ed6b9a08b414d9=9a8501cc7c6caa91cabf3f7e4bcf924d=oss-fuzz@monorail-prod.appspotmail.com>
Comment #2 on issue 45629 by da...@adalogics.com: elfutils:fuzz-libdwfl: Indirect-leak in __libelf_read_mmaped_file
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=45629#c2
ASAN report
Indirect leak of 264 byte(s) in 1 object(s) allocated from:
#0 0x524ae2 in __interceptor_calloc /src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:138:3
#1 0x622d34 in allocate_elf /src/elfutils/libelf/common.h:74:17
#2 0x622d34 in __libelf_read_mmaped_file /src/elfutils/libelf/elf_begin.c:578:10
#3 0x6283cf in read_file /src/elfutils/libelf/elf_begin.c:701:28
#4 0x628037 in dup_elf /src/elfutils/libelf/elf_begin.c:1067:12
#5 0x628037 in lock_dup_elf /src/elfutils/libelf/elf_begin.c:1119:10
#6 0x627c93 in elf_begin /src/elfutils/libelf/elf_begin.c:0
#7 0x56009b in process_archive /src/elfutils/libdwfl/offline.c:251:17
#8 0x56009b in process_file /src/elfutils/libdwfl/offline.c:125:14
#9 0x560a48 in __libdwfl_report_offline /src/elfutils/libdwfl/offline.c:287:22
#10 0x560a48 in dwfl_report_offline /src/elfutils/libdwfl/offline.c:316:10
#11 0x55dc32 in LLVMFuzzerTestOneInput /src/fuzz-libdwfl.c:47:22
#12 0x455522 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:611:15
#13 0x4410d2 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:324:6
#14 0x44693c in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:860:9
#15 0x46f2d2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10
#16 0x7f61fb6210b2 in __libc_start_main /build/glibc-eX1tMB/glibc-2.31/csu/libc-start.c:308:16
Indirect leak of 264 byte(s) in 1 object(s) allocated from:
#0 0x524ae2 in __interceptor_calloc /src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:138:3
#1 0x622bc1 in allocate_elf /src/elfutils/libelf/common.h:74:17
#2 0x622bc1 in file_read_ar /src/elfutils/libelf/elf_begin.c:59:9
#3 0x622bc1 in __libelf_read_mmaped_file /src/elfutils/libelf/elf_begin.c:570:14
#4 0x6283cf in read_file /src/elfutils/libelf/elf_begin.c:701:28
#5 0x627be1 in elf_begin /src/elfutils/libelf/elf_begin.c:0
#6 0x56b2ac in libdw_open_elf /src/elfutils/libdwfl/open.c:131:14
#7 0x56b1ac in __libdw_open_file /src/elfutils/libdwfl/open.c:197:10
#8 0x5609d2 in __libdwfl_report_offline /src/elfutils/libdwfl/offline.c:281:22
#9 0x5609d2 in dwfl_report_offline /src/elfutils/libdwfl/offline.c:316:10
#10 0x55dc32 in LLVMFuzzerTestOneInput /src/fuzz-libdwfl.c:47:22
#11 0x455522 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:611:15
#12 0x4410d2 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:324:6
#13 0x44693c in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:860:9
#14 0x46f2d2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10
#15 0x7f61fb6210b2 in __libc_start_main /build/glibc-eX1tMB/glibc-2.31/csu/libc-start.c:308:16
SUMMARY: AddressSanitizer: 528 byte(s) leaked in 2 allocation(s).
INFO: a leak has been found in the initial corpus.
INFO: to ignore leaks on libFuzzer side use -detect_leaks=0.
--
You received this message because:
1. You were specifically CC'd on the issue
You may adjust your notification preferences at:
https://bugs.chromium.org/hosting/settings
Reply to this email to add a comment.
next prev parent reply other threads:[~2022-03-20 9:55 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <0=71cc74a7ba1af446b7ed6b9a08b414d9=9a8501cc7c6caa91cabf3f7e4bcf924d=oss-fuzz@monorail-prod.appspotmail.com>
2022-03-17 5:39 ` ClusterFuzz-External via monorail
2022-03-18 0:03 ` ClusterFuzz-External via monorail
2022-03-20 9:55 ` da… via monorail [this message]
2022-03-20 9:56 ` da… via monorail
2022-03-22 14:27 ` ClusterFuzz-External via monorail
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=0000000000001d5cea05daa36299@google.com \
--to=monorail+v2.1355924921@chromium.org \
--cc=elfutils-devel@sourceware.org \
--cc=oss-fuzz@monorail-prod.appspotmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).