* Issue 43307 in oss-fuzz: elfutils:fuzz-dwfl-core: Crash in read_addrs
[not found] <0=71cc74a7ba1af446b7ed6b9a08b414d9=3ce60818595e4317dc54eac606c643ef=oss-fuzz@monorail-prod.appspotmail.com>
@ 2022-01-04 18:02 ` ClusterFuzz-External via monorail
2022-01-04 19:05 ` ClusterFuzz-External via monorail
` (2 subsequent siblings)
3 siblings, 0 replies; 4+ messages in thread
From: ClusterFuzz-External via monorail @ 2022-01-04 18:02 UTC (permalink / raw)
To: elfutils-devel
Status: New
Owner: ----
CC: elfut...@sourceware.org, evv...@gmail.com, izzeem@google.com
Labels: ClusterFuzz Stability-Memory-AddressSanitizer Reproducible Engine-libfuzzer OS-Linux Security_Severity-Medium Proj-elfutils Reported-2022-01-04
Type: Bug-Security
New issue 43307 by ClusterFuzz-External: elfutils:fuzz-dwfl-core: Crash in read_addrs
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=43307
Detailed Report: https://oss-fuzz.com/testcase?key=4696722113167360
Project: elfutils
Fuzzing Engine: libFuzzer
Fuzz Target: fuzz-dwfl-core
Job Type: libfuzzer_asan_i386_elfutils
Platform Id: linux
Crash Type: UNKNOWN READ
Crash Address: 0xf75b3fe0
Crash State:
read_addrs
dwfl_link_map_report
dwfl_core_file_report
Sanitizer: address (ASAN)
Recommended Security Severity: Medium
Crash Revision: https://oss-fuzz.com/revisions?job=libfuzzer_asan_i386_elfutils&revision=202201040606
Reproducer Testcase: https://oss-fuzz.com/download?testcase_id=4696722113167360
Issue filed automatically.
See https://google.github.io/oss-fuzz/advanced-topics/reproducing for instructions to reproduce this bug locally.
When you fix this bug, please
* mention the fix revision(s).
* state whether the bug was a short-lived regression or an old bug in any stable releases.
* add any other useful information.
This information can help downstream consumers.
If you need to contact the OSS-Fuzz team with a question, concern, or any other feedback, please file an issue at https://github.com/google/oss-fuzz/issues. Comments on individual Monorail issues are not monitored.
--
You received this message because:
1. You were specifically CC'd on the issue
You may adjust your notification preferences at:
https://bugs.chromium.org/hosting/settings
Reply to this email to add a comment.
^ permalink raw reply [flat|nested] 4+ messages in thread
* Issue 43307 in oss-fuzz: elfutils:fuzz-dwfl-core: Crash in read_addrs
[not found] <0=71cc74a7ba1af446b7ed6b9a08b414d9=3ce60818595e4317dc54eac606c643ef=oss-fuzz@monorail-prod.appspotmail.com>
2022-01-04 18:02 ` Issue 43307 in oss-fuzz: elfutils:fuzz-dwfl-core: Crash in read_addrs ClusterFuzz-External via monorail
@ 2022-01-04 19:05 ` ClusterFuzz-External via monorail
2022-01-06 2:06 ` evv… via monorail
2022-01-08 15:54 ` ClusterFuzz-External via monorail
3 siblings, 0 replies; 4+ messages in thread
From: ClusterFuzz-External via monorail @ 2022-01-04 19:05 UTC (permalink / raw)
To: elfutils-devel
Updates:
Labels: Fuzz-Blocker
Comment #1 on issue 43307 by ClusterFuzz-External: elfutils:fuzz-dwfl-core: Crash in read_addrs
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=43307#c1
This crash occurs very frequently on linux platform and is likely preventing the fuzzer fuzz-dwfl-core from making much progress. Fixing this will allow more bugs to be found.
If this is incorrect, please file a bug on https://github.com/google/oss-fuzz/issues/new
--
You received this message because:
1. You were specifically CC'd on the issue
You may adjust your notification preferences at:
https://bugs.chromium.org/hosting/settings
Reply to this email to add a comment.
^ permalink raw reply [flat|nested] 4+ messages in thread
* Issue 43307 in oss-fuzz: elfutils:fuzz-dwfl-core: Crash in read_addrs
[not found] <0=71cc74a7ba1af446b7ed6b9a08b414d9=3ce60818595e4317dc54eac606c643ef=oss-fuzz@monorail-prod.appspotmail.com>
2022-01-04 18:02 ` Issue 43307 in oss-fuzz: elfutils:fuzz-dwfl-core: Crash in read_addrs ClusterFuzz-External via monorail
2022-01-04 19:05 ` ClusterFuzz-External via monorail
@ 2022-01-06 2:06 ` evv… via monorail
2022-01-08 15:54 ` ClusterFuzz-External via monorail
3 siblings, 0 replies; 4+ messages in thread
From: evv… via monorail @ 2022-01-06 2:06 UTC (permalink / raw)
To: elfutils-devel
Comment #2 on issue 43307 by evv...@gmail.com: elfutils:fuzz-dwfl-core: Crash in read_addrs
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=43307#c2
It can be reproduced by downloading the reproducer testcase and passing it to eu-stack:
```
autoreconf -i -f
./configure --enable-maintainer-mode --enable-sanitize-address --enable-sanitize-undefined
make -j$(nproc) V=1
wget -O oss-fuzz-43307 'https://oss-fuzz.com/download?testcase_id=4696722113167360'
LD_LIBRARY_PATH="./libdw;./libelf" ./src/stack --core ./oss-fuzz-43307
AddressSanitizer:DEADLYSIGNAL
=================================================================
==159086==ERROR: AddressSanitizer: SEGV on unknown address 0x7f1c426f6fe0 (pc 0x7f1c47758399 bp 0x60b000001170 sp 0x7ffdf9aca7a0 T0)
==159086==The signal is caused by a READ memory access.
#0 0x7f1c47758399 in read_8ubyte_unaligned_noncvt ../libdw/memory-access.h:301
#1 0x7f1c47758399 in read_addrs /home/vagrant/elfutils/libdwfl/link_map.c:288
#2 0x7f1c47758399 in report_r_debug /home/vagrant/elfutils/libdwfl/link_map.c:341
#3 0x7f1c47758399 in dwfl_link_map_report /home/vagrant/elfutils/libdwfl/link_map.c:1117
#4 0x7f1c4775df31 in _new.dwfl_core_file_report /home/vagrant/elfutils/libdwfl/core-file.c:552
#5 0x403b34 in parse_opt /home/vagrant/elfutils/src/stack.c:595
#6 0x7f1c46802471 in argp_parse (/lib64/libc.so.6+0x11e471)
#7 0x402a7d in main /home/vagrant/elfutils/src/stack.c:695
#8 0x7f1c4671155f in __libc_start_call_main (/lib64/libc.so.6+0x2d55f)
#9 0x7f1c4671160b in __libc_start_main_impl (/lib64/libc.so.6+0x2d60b)
#10 0x402f44 in _start (/home/vagrant/elfutils/src/stack+0x402f44)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV ../libdw/memory-access.h:301 in read_8ubyte_unaligned_noncvt
==159086==ABORTING
```
--
You received this message because:
1. You were specifically CC'd on the issue
You may adjust your notification preferences at:
https://bugs.chromium.org/hosting/settings
Reply to this email to add a comment.
^ permalink raw reply [flat|nested] 4+ messages in thread
* Issue 43307 in oss-fuzz: elfutils:fuzz-dwfl-core: Crash in read_addrs
[not found] <0=71cc74a7ba1af446b7ed6b9a08b414d9=3ce60818595e4317dc54eac606c643ef=oss-fuzz@monorail-prod.appspotmail.com>
` (2 preceding siblings ...)
2022-01-06 2:06 ` evv… via monorail
@ 2022-01-08 15:54 ` ClusterFuzz-External via monorail
3 siblings, 0 replies; 4+ messages in thread
From: ClusterFuzz-External via monorail @ 2022-01-08 15:54 UTC (permalink / raw)
To: elfutils-devel
Updates:
Labels: ClusterFuzz-Verified
Status: Verified
Comment #3 on issue 43307 by ClusterFuzz-External: elfutils:fuzz-dwfl-core: Crash in read_addrs
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=43307#c3
ClusterFuzz testcase 4696722113167360 is verified as fixed in https://oss-fuzz.com/revisions?job=libfuzzer_asan_i386_elfutils&range=202201071200:202201071800
If this is incorrect, please file a bug on https://github.com/google/oss-fuzz/issues/new
--
You received this message because:
1. You were specifically CC'd on the issue
You may adjust your notification preferences at:
https://bugs.chromium.org/hosting/settings
Reply to this email to add a comment.
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2022-01-08 15:54 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
[not found] <0=71cc74a7ba1af446b7ed6b9a08b414d9=3ce60818595e4317dc54eac606c643ef=oss-fuzz@monorail-prod.appspotmail.com>
2022-01-04 18:02 ` Issue 43307 in oss-fuzz: elfutils:fuzz-dwfl-core: Crash in read_addrs ClusterFuzz-External via monorail
2022-01-04 19:05 ` ClusterFuzz-External via monorail
2022-01-06 2:06 ` evv… via monorail
2022-01-08 15:54 ` ClusterFuzz-External via monorail
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).