Issue 45629 in oss-fuzz: elfutils:fuzz-libdwfl: Indirect-leak in __libelf_read_mmaped_file

Issue 45629 in oss-fuzz: elfutils:fuzz-libdwfl: Indirect-leak in __libelf_read_mmaped_file

[ClusterFuzz-External via monorail]

Status: New
Owner: ----
CC: elfut...@sourceware.org, da...@adalogics.com, evv...@gmail.com, izzeem@google.com 
Labels: ClusterFuzz Stability-Memory-AddressSanitizer Reproducible Stability-Memory-LeakSanitizer Engine-libfuzzer OS-Linux Proj-elfutils Reported-2022-03-17
Type: Bug

New issue 45629 by ClusterFuzz-External: elfutils:fuzz-libdwfl: Indirect-leak in __libelf_read_mmaped_file
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=45629

Detailed Report: https://oss-fuzz.com/testcase?key=5280476447768576

Project: elfutils
Fuzzing Engine: libFuzzer
Fuzz Target: fuzz-libdwfl
Job Type: libfuzzer_asan_elfutils
Platform Id: linux

Crash Type: Indirect-leak
Crash Address: 
Crash State:
  __libelf_read_mmaped_file
  read_file
  lock_dup_elf
  
Sanitizer: address (ASAN)

Regressed: https://oss-fuzz.com/revisions?job=libfuzzer_asan_elfutils&range=202203161800:202203170000

Reproducer Testcase: https://oss-fuzz.com/download?testcase_id=5280476447768576

Issue filed automatically.

See https://google.github.io/oss-fuzz/advanced-topics/reproducing for instructions to reproduce this bug locally.
When you fix this bug, please
  * mention the fix revision(s).
  * state whether the bug was a short-lived regression or an old bug in any stable releases.
  * add any other useful information.
This information can help downstream consumers.

If you need to contact the OSS-Fuzz team with a question, concern, or any other feedback, please file an issue at https://github.com/google/oss-fuzz/issues. Comments on individual Monorail issues are not monitored.

-- 
You received this message because:
  1. You were specifically CC'd on the issue

You may adjust your notification preferences at:
https://bugs.chromium.org/hosting/settings

Reply to this email to add a comment.

Issue 45629 in oss-fuzz: elfutils:fuzz-libdwfl: Indirect-leak in __libelf_read_mmaped_file

[ClusterFuzz-External via monorail]

Updates:
	Labels: Fuzz-Blocker

Comment #1 on issue 45629 by ClusterFuzz-External: elfutils:fuzz-libdwfl: Indirect-leak in __libelf_read_mmaped_file
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=45629#c1

This crash occurs very frequently on linux platform and is likely preventing the fuzzer fuzz-libdwfl from making much progress. Fixing this will allow more bugs to be found.

If this is incorrect, please file a bug on https://github.com/google/oss-fuzz/issues/new

-- 
You received this message because:
  1. You were specifically CC'd on the issue

You may adjust your notification preferences at:
https://bugs.chromium.org/hosting/settings

Reply to this email to add a comment.

Issue 45629 in oss-fuzz: elfutils:fuzz-libdwfl: Indirect-leak in __libelf_read_mmaped_file

[da… via monorail]

Comment #2 on issue 45629 by da...@adalogics.com: elfutils:fuzz-libdwfl: Indirect-leak in __libelf_read_mmaped_file
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=45629#c2

ASAN report
Indirect leak of 264 byte(s) in 1 object(s) allocated from:
    #0 0x524ae2 in __interceptor_calloc /src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:138:3
    #1 0x622d34 in allocate_elf /src/elfutils/libelf/common.h:74:17
    #2 0x622d34 in __libelf_read_mmaped_file /src/elfutils/libelf/elf_begin.c:578:10
    #3 0x6283cf in read_file /src/elfutils/libelf/elf_begin.c:701:28
    #4 0x628037 in dup_elf /src/elfutils/libelf/elf_begin.c:1067:12
    #5 0x628037 in lock_dup_elf /src/elfutils/libelf/elf_begin.c:1119:10
    #6 0x627c93 in elf_begin /src/elfutils/libelf/elf_begin.c:0
    #7 0x56009b in process_archive /src/elfutils/libdwfl/offline.c:251:17
    #8 0x56009b in process_file /src/elfutils/libdwfl/offline.c:125:14
    #9 0x560a48 in __libdwfl_report_offline /src/elfutils/libdwfl/offline.c:287:22
    #10 0x560a48 in dwfl_report_offline /src/elfutils/libdwfl/offline.c:316:10
    #11 0x55dc32 in LLVMFuzzerTestOneInput /src/fuzz-libdwfl.c:47:22
    #12 0x455522 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:611:15
    #13 0x4410d2 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:324:6
    #14 0x44693c in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:860:9
    #15 0x46f2d2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10
    #16 0x7f61fb6210b2 in __libc_start_main /build/glibc-eX1tMB/glibc-2.31/csu/libc-start.c:308:16
Indirect leak of 264 byte(s) in 1 object(s) allocated from:
    #0 0x524ae2 in __interceptor_calloc /src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:138:3
    #1 0x622bc1 in allocate_elf /src/elfutils/libelf/common.h:74:17
    #2 0x622bc1 in file_read_ar /src/elfutils/libelf/elf_begin.c:59:9
    #3 0x622bc1 in __libelf_read_mmaped_file /src/elfutils/libelf/elf_begin.c:570:14
    #4 0x6283cf in read_file /src/elfutils/libelf/elf_begin.c:701:28
    #5 0x627be1 in elf_begin /src/elfutils/libelf/elf_begin.c:0
    #6 0x56b2ac in libdw_open_elf /src/elfutils/libdwfl/open.c:131:14
    #7 0x56b1ac in __libdw_open_file /src/elfutils/libdwfl/open.c:197:10
    #8 0x5609d2 in __libdwfl_report_offline /src/elfutils/libdwfl/offline.c:281:22
    #9 0x5609d2 in dwfl_report_offline /src/elfutils/libdwfl/offline.c:316:10
    #10 0x55dc32 in LLVMFuzzerTestOneInput /src/fuzz-libdwfl.c:47:22
    #11 0x455522 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:611:15
    #12 0x4410d2 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:324:6
    #13 0x44693c in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:860:9
    #14 0x46f2d2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10
    #15 0x7f61fb6210b2 in __libc_start_main /build/glibc-eX1tMB/glibc-2.31/csu/libc-start.c:308:16
SUMMARY: AddressSanitizer: 528 byte(s) leaked in 2 allocation(s).
INFO: a leak has been found in the initial corpus.
INFO: to ignore leaks on libFuzzer side use -detect_leaks=0.

-- 
You received this message because:
  1. You were specifically CC'd on the issue

You may adjust your notification preferences at:
https://bugs.chromium.org/hosting/settings

Reply to this email to add a comment.

Issue 45629 in oss-fuzz: elfutils:fuzz-libdwfl: Indirect-leak in __libelf_read_mmaped_file

[da… via monorail]

Comment #3 on issue 45629 by da...@adalogics.com: elfutils:fuzz-libdwfl: Indirect-leak in __libelf_read_mmaped_file
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=45629#c3

(No comment was entered for this change.)

Attachments:
	clusterfuzz-testcase-minimized-fuzz-libdwfl-5280476447768576  68 bytes

-- 
You received this message because:
  1. You were specifically CC'd on the issue

You may adjust your notification preferences at:
https://bugs.chromium.org/hosting/settings

Reply to this email to add a comment.

Issue 45629 in oss-fuzz: elfutils:fuzz-libdwfl: Indirect-leak in __libelf_read_mmaped_file

[ClusterFuzz-External via monorail]

Updates:
	Labels: ClusterFuzz-Verified
	Status: Verified

Comment #4 on issue 45629 by ClusterFuzz-External: elfutils:fuzz-libdwfl: Indirect-leak in __libelf_read_mmaped_file
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=45629#c4

ClusterFuzz testcase 5280476447768576 is verified as fixed in https://oss-fuzz.com/revisions?job=libfuzzer_asan_elfutils&range=202203210605:202203211200

If this is incorrect, please file a bug on https://github.com/google/oss-fuzz/issues/new

-- 
You received this message because:
  1. You were specifically CC'd on the issue

You may adjust your notification preferences at:
https://bugs.chromium.org/hosting/settings

Reply to this email to add a comment.