From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: <3IPo2Yg0bAAkvxwx0jru-y0xmjyyrm.pxxpun31n0lxw2nw2.lxv@M3KW2WVRGUFZ5GODRSRYTGD7.apphosting.bounces.google.com> Received: from mail-io1-xd45.google.com (mail-io1-xd45.google.com [IPv6:2607:f8b0:4864:20::d45]) by sourceware.org (Postfix) with ESMTPS id DF96B3858407 for ; Sun, 20 Mar 2022 09:55:44 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org DF96B3858407 Received: by mail-io1-xd45.google.com with SMTP id u25-20020a5d8199000000b006421bd641bbso8518728ion.11 for ; Sun, 20 Mar 2022 02:55:44 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:date:reply-to:references:message-id :subject:from:to; bh=xwXkI9VyxrGQ0ElTw6b/HzTab0I683NtEYp9ejM3rys=; b=zgcO7h2FqA9ISyuqez5qUg3Znkge9joJDW1vTMYrBA4VVAQDPRMpG++5rXSwfG0d6W 4VxLiUu7x0H3ggMMEazCFu9p15TxaLluSsCWimSGUqBhcML90/Eh+PICrcvceIvtTXg/ NwShpJ2k3nMy2esE1dnsVydbhqgvu8Elek/A2Ap5ly/H/zrBwWP79tiKk8uUgJGIp/jG zOrggKtldWo3DVnaAeBjVRdfsj43R5xPZUGRF3ITKiveZPB488bjw2R+pSZnVYdLHqSu g8wbCzuVWd6FZkkbxM2LN+rdBS0wWHSkzjoW/UVZb9lDUSvxFRtp383joR/aSbj3vFpa I66A== X-Gm-Message-State: AOAM532s4+7QdoSVYmRQg9azax5eEg6w6IG1+WQh3MivB979+OPKvN0y /5pOfNQsTWCrtfKcdK95lrUV8TKRXY0nH9FFTc3RyksaTT+m X-Google-Smtp-Source: ABdhPJwWeTAEoZtAsSoSKWOF2dQ+dWJ/zsSgK0tqsszIt0LX0jcfXLJ+9lVIJemp6QhqDfSlYaLgHN9LldRMUiZthG1c+2M3/8Rv MIME-Version: 1.0 X-Received: by 2002:a02:cce9:0:b0:321:28f9:50c5 with SMTP id l9-20020a02cce9000000b0032128f950c5mr2701533jaq.150.1647770144167; Sun, 20 Mar 2022 02:55:44 -0700 (PDT) Date: Sun, 20 Mar 2022 02:55:44 -0700 Reply-To: oss-fuzz@monorail-prod.appspotmail.com References: <0=71cc74a7ba1af446b7ed6b9a08b414d9=9a8501cc7c6caa91cabf3f7e4bcf924d=oss-fuzz@monorail-prod.appspotmail.com> X-Google-Appengine-App-Id: s~monorail-prod X-Google-Appengine-App-Id-Alias: monorail-prod Message-ID: <0000000000001d5cea05daa36299@google.com> Subject: Issue 45629 in oss-fuzz: elfutils:fuzz-libdwfl: Indirect-leak in __libelf_read_mmaped_file From: =?UTF-8?B?ZGHigKYgdmlhIG1vbm9yYWls?= To: elfutils-devel@sourceware.org X-Spam-Status: No, score=-1.6 required=5.0 tests=BAYES_00, DKIMWL_WL_HIGH, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, HEADER_FROM_DIFFERENT_DOMAINS, HTML_MESSAGE, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.4 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on server2.sourceware.org Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.29 X-BeenThere: elfutils-devel@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Elfutils-devel mailing list List-Unsubscribe: , List-Archive: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 20 Mar 2022 09:55:47 -0000 Comment #2 on issue 45629 by da...@adalogics.com: elfutils:fuzz-libdwfl: Indirect-leak in __libelf_read_mmaped_file https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=45629#c2 ASAN report Indirect leak of 264 byte(s) in 1 object(s) allocated from: #0 0x524ae2 in __interceptor_calloc /src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:138:3 #1 0x622d34 in allocate_elf /src/elfutils/libelf/common.h:74:17 #2 0x622d34 in __libelf_read_mmaped_file /src/elfutils/libelf/elf_begin.c:578:10 #3 0x6283cf in read_file /src/elfutils/libelf/elf_begin.c:701:28 #4 0x628037 in dup_elf /src/elfutils/libelf/elf_begin.c:1067:12 #5 0x628037 in lock_dup_elf /src/elfutils/libelf/elf_begin.c:1119:10 #6 0x627c93 in elf_begin /src/elfutils/libelf/elf_begin.c:0 #7 0x56009b in process_archive /src/elfutils/libdwfl/offline.c:251:17 #8 0x56009b in process_file /src/elfutils/libdwfl/offline.c:125:14 #9 0x560a48 in __libdwfl_report_offline /src/elfutils/libdwfl/offline.c:287:22 #10 0x560a48 in dwfl_report_offline /src/elfutils/libdwfl/offline.c:316:10 #11 0x55dc32 in LLVMFuzzerTestOneInput /src/fuzz-libdwfl.c:47:22 #12 0x455522 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:611:15 #13 0x4410d2 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:324:6 #14 0x44693c in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:860:9 #15 0x46f2d2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 #16 0x7f61fb6210b2 in __libc_start_main /build/glibc-eX1tMB/glibc-2.31/csu/libc-start.c:308:16 Indirect leak of 264 byte(s) in 1 object(s) allocated from: #0 0x524ae2 in __interceptor_calloc /src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:138:3 #1 0x622bc1 in allocate_elf /src/elfutils/libelf/common.h:74:17 #2 0x622bc1 in file_read_ar /src/elfutils/libelf/elf_begin.c:59:9 #3 0x622bc1 in __libelf_read_mmaped_file /src/elfutils/libelf/elf_begin.c:570:14 #4 0x6283cf in read_file /src/elfutils/libelf/elf_begin.c:701:28 #5 0x627be1 in elf_begin /src/elfutils/libelf/elf_begin.c:0 #6 0x56b2ac in libdw_open_elf /src/elfutils/libdwfl/open.c:131:14 #7 0x56b1ac in __libdw_open_file /src/elfutils/libdwfl/open.c:197:10 #8 0x5609d2 in __libdwfl_report_offline /src/elfutils/libdwfl/offline.c:281:22 #9 0x5609d2 in dwfl_report_offline /src/elfutils/libdwfl/offline.c:316:10 #10 0x55dc32 in LLVMFuzzerTestOneInput /src/fuzz-libdwfl.c:47:22 #11 0x455522 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:611:15 #12 0x4410d2 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:324:6 #13 0x44693c in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:860:9 #14 0x46f2d2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 #15 0x7f61fb6210b2 in __libc_start_main /build/glibc-eX1tMB/glibc-2.31/csu/libc-start.c:308:16 SUMMARY: AddressSanitizer: 528 byte(s) leaked in 2 allocation(s). INFO: a leak has been found in the initial corpus. INFO: to ignore leaks on libFuzzer side use -detect_leaks=0. -- You received this message because: 1. You were specifically CC'd on the issue You may adjust your notification preferences at: https://bugs.chromium.org/hosting/settings Reply to this email to add a comment.