From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: <3t_o2Yg0bAKAMONORAIL-PRODAPPID.GOOGLEUSERCONTENT.COM@M3KW2WVRGUFZ5GODRSRYTGD7.apphosting.bounces.google.com> Received: from mail-il1-x147.google.com (mail-il1-x147.google.com [IPv6:2607:f8b0:4864:20::147]) by sourceware.org (Postfix) with ESMTPS id 682423858407 for ; Sun, 20 Mar 2022 09:58:16 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 682423858407 Received: by mail-il1-x147.google.com with SMTP id t16-20020a056e02061000b002c7ddaa0006so5035169ils.7 for ; Sun, 20 Mar 2022 02:58:16 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:date:reply-to:references:message-id :subject:from:to; bh=evOS5hEh2Ff9fyTFEXlOe1sY0zRiWqdyd30Lo/lFD/s=; b=jX1vUSkP+toXGHTukK6PBOohQAI6e63ZygUAKNfSrnydo+6wI6eblgHxk278FL6JwB /zEEx4T2yaYKwm0PvxHaI/TOiv39tRBmCFZPcBGBummDKM4PdqzA30DCvN7KLbl6+pMs qx7RJ6SaRXuwrWd+iX7m0Jq998SCViaRrZg/4jejD0Clow/xcDNP3SCogY8wk8V6xRXr ZuRoiWbg62XHxbVVxIyZ+zfb0J3b9XZht3yJPez1huDGs1THSY90rxQRGyPOI95wUH5T VCR8Clai88KcI3TDSiP0xfUSu3RoUAHWDclW4AAk/S1Il3mnI8KsBjkqKa/mCFDRdXQc OmRg== X-Gm-Message-State: AOAM530eqMRvMSTG97ckqaPUMA7gtPriCG4eKCdyCTWuHMfjuAPTXUYX iaqbOVJL+WhWPjqPlwSeP5JXFljkrj8iGui14RP2xe3MdcE9 X-Google-Smtp-Source: ABdhPJzuXw7wqsZVU8c41hxdbkUi2x6MXqQqRpQFXfMDY5qUmkxFEKGMJHV1zXPhz6sMmeVeqTdsnUL8eHjnQgWxAktTFOlkYOv2 MIME-Version: 1.0 X-Received: by 2002:a92:ca0c:0:b0:2c7:7983:255f with SMTP id j12-20020a92ca0c000000b002c77983255fmr7256782ils.252.1647770295791; Sun, 20 Mar 2022 02:58:15 -0700 (PDT) Date: Sun, 20 Mar 2022 02:58:15 -0700 Reply-To: oss-fuzz@monorail-prod.appspotmail.com References: <0=71cc74a7ba1af446b7ed6b9a08b414d9=e8012982be40997bfd82c6bebd9e94fe=oss-fuzz@monorail-prod.appspotmail.com> X-Google-Appengine-App-Id: s~monorail-prod X-Google-Appengine-App-Id-Alias: monorail-prod Message-ID: <00000000000026f88905daa36b2b@google.com> Subject: Issue 45631 in oss-fuzz: elfutils:fuzz-libdwfl: Use-of-uninitialized-value in __libdw_gunzip From: =?UTF-8?B?ZGHigKYgdmlhIG1vbm9yYWls?= To: elfutils-devel@sourceware.org X-Spam-Status: No, score=-1.7 required=5.0 tests=BAYES_00, DKIMWL_WL_HIGH, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, HEADER_FROM_DIFFERENT_DOMAINS, HTML_MESSAGE, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.4 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on server2.sourceware.org Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.29 X-BeenThere: elfutils-devel@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Elfutils-devel mailing list List-Unsubscribe: , List-Archive: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 20 Mar 2022 09:58:18 -0000 Comment #1 on issue 45631 by da...@adalogics.com: elfutils:fuzz-libdwfl: Use-of-uninitialized-value in __libdw_gunzip https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=45631#c1 MSAN report Running: /mnt/scratch0/clusterfuzz/bot/inputs/fuzzer-testcases/crash-cdd503eda6f927979a20a3bd4c08c8182cdf2ff5 ==593068==WARNING: MemorySanitizer: use-of-uninitialized-value #0 0x55eeb6 in zlib_fail /src/elfutils/libdwfl/gzip.c:132:3 #1 0x55eeb6 in __libdw_gunzip /src/elfutils/libdwfl/gzip.c:387:11 #2 0x540817 in decompress /src/elfutils/libdwfl/open.c:66:11 #3 0x5400d7 in what_kind /src/elfutils/libdwfl/open.c:114:12 #4 0x5400d7 in libdw_open_elf /src/elfutils/libdwfl/open.c:134:22 #5 0x53f505 in __libdw_open_file /src/elfutils/libdwfl/open.c:197:10 #6 0x52cea7 in __libdwfl_report_offline /src/elfutils/libdwfl/offline.c:281:22 #7 0x52cea7 in dwfl_report_offline /src/elfutils/libdwfl/offline.c:316:10 #8 0x52747b in LLVMFuzzerTestOneInput /src/fuzz-libdwfl.c:47:22 #9 0x4552f2 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:611:15 #10 0x440ea2 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:324:6 #11 0x44670c in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:860:9 #12 0x46f0a2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 #13 0x7f5b32dd40b2 in __libc_start_main /build/glibc-eX1tMB/glibc-2.31/csu/libc-start.c:308:16 #14 0x41f5ed in _start Uninitialized value was created by an allocation of 'code' in the stack frame of function '__libdw_gunzip' #0 0x55cde0 in __libdw_gunzip /src/elfutils/libdwfl/gzip.c:184 SUMMARY: MemorySanitizer: use-of-uninitialized-value (/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds_elfutils_3ee01cb67db1a71e7adeb7f3f14722ea62f13cd5/revisions/fuzz-libdwfl+0x55eeb6) Unique heap origins: 44 Stack depot allocated bytes: 1638400 Unique origin histories: 7 History depot allocated bytes: 196608 Exiting -- You received this message because: 1. You were specifically CC'd on the issue You may adjust your notification preferences at: https://bugs.chromium.org/hosting/settings Reply to this email to add a comment.