* Issue 45631 in oss-fuzz: elfutils:fuzz-libdwfl: Use-of-uninitialized-value in __libdw_gunzip
[not found] <0=71cc74a7ba1af446b7ed6b9a08b414d9=e8012982be40997bfd82c6bebd9e94fe=oss-fuzz@monorail-prod.appspotmail.com>
@ 2022-03-17 5:54 ` ClusterFuzz-External via monorail
2022-03-20 9:58 ` da… via monorail
` (3 subsequent siblings)
4 siblings, 0 replies; 5+ messages in thread
From: ClusterFuzz-External via monorail @ 2022-03-17 5:54 UTC (permalink / raw)
To: elfutils-devel
Status: New
Owner: ----
CC: elfut...@sourceware.org, da...@adalogics.com, evv...@gmail.com, izzeem@google.com
Labels: ClusterFuzz Reproducible Stability-Memory-MemorySanitizer Engine-libfuzzer OS-Linux Security_Severity-Medium Proj-elfutils Reported-2022-03-17
Type: Bug-Security
New issue 45631 by ClusterFuzz-External: elfutils:fuzz-libdwfl: Use-of-uninitialized-value in __libdw_gunzip
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=45631
Detailed Report: https://oss-fuzz.com/testcase?key=5742116662280192
Project: elfutils
Fuzzing Engine: libFuzzer
Fuzz Target: fuzz-libdwfl
Job Type: libfuzzer_msan_elfutils
Platform Id: linux
Crash Type: Use-of-uninitialized-value
Crash Address:
Crash State:
__libdw_gunzip
decompress
libdw_open_elf
Sanitizer: memory (MSAN)
Recommended Security Severity: Medium
Regressed: https://oss-fuzz.com/revisions?job=libfuzzer_msan_elfutils&range=202203161800:202203170000
Reproducer Testcase: https://oss-fuzz.com/download?testcase_id=5742116662280192
Issue filed automatically.
See https://google.github.io/oss-fuzz/advanced-topics/reproducing for instructions to reproduce this bug locally.
When you fix this bug, please
* mention the fix revision(s).
* state whether the bug was a short-lived regression or an old bug in any stable releases.
* add any other useful information.
This information can help downstream consumers.
If you need to contact the OSS-Fuzz team with a question, concern, or any other feedback, please file an issue at https://github.com/google/oss-fuzz/issues. Comments on individual Monorail issues are not monitored.
--
You received this message because:
1. You were specifically CC'd on the issue
You may adjust your notification preferences at:
https://bugs.chromium.org/hosting/settings
Reply to this email to add a comment.
^ permalink raw reply [flat|nested] 5+ messages in thread
* Issue 45631 in oss-fuzz: elfutils:fuzz-libdwfl: Use-of-uninitialized-value in __libdw_gunzip
[not found] <0=71cc74a7ba1af446b7ed6b9a08b414d9=e8012982be40997bfd82c6bebd9e94fe=oss-fuzz@monorail-prod.appspotmail.com>
2022-03-17 5:54 ` Issue 45631 in oss-fuzz: elfutils:fuzz-libdwfl: Use-of-uninitialized-value in __libdw_gunzip ClusterFuzz-External via monorail
@ 2022-03-20 9:58 ` da… via monorail
2022-03-20 9:58 ` da… via monorail
` (2 subsequent siblings)
4 siblings, 0 replies; 5+ messages in thread
From: da… via monorail @ 2022-03-20 9:58 UTC (permalink / raw)
To: elfutils-devel
Comment #1 on issue 45631 by da...@adalogics.com: elfutils:fuzz-libdwfl: Use-of-uninitialized-value in __libdw_gunzip
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=45631#c1
MSAN report
Running: /mnt/scratch0/clusterfuzz/bot/inputs/fuzzer-testcases/crash-cdd503eda6f927979a20a3bd4c08c8182cdf2ff5
==593068==WARNING: MemorySanitizer: use-of-uninitialized-value
#0 0x55eeb6 in zlib_fail /src/elfutils/libdwfl/gzip.c:132:3
#1 0x55eeb6 in __libdw_gunzip /src/elfutils/libdwfl/gzip.c:387:11
#2 0x540817 in decompress /src/elfutils/libdwfl/open.c:66:11
#3 0x5400d7 in what_kind /src/elfutils/libdwfl/open.c:114:12
#4 0x5400d7 in libdw_open_elf /src/elfutils/libdwfl/open.c:134:22
#5 0x53f505 in __libdw_open_file /src/elfutils/libdwfl/open.c:197:10
#6 0x52cea7 in __libdwfl_report_offline /src/elfutils/libdwfl/offline.c:281:22
#7 0x52cea7 in dwfl_report_offline /src/elfutils/libdwfl/offline.c:316:10
#8 0x52747b in LLVMFuzzerTestOneInput /src/fuzz-libdwfl.c:47:22
#9 0x4552f2 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:611:15
#10 0x440ea2 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:324:6
#11 0x44670c in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:860:9
#12 0x46f0a2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10
#13 0x7f5b32dd40b2 in __libc_start_main /build/glibc-eX1tMB/glibc-2.31/csu/libc-start.c:308:16
#14 0x41f5ed in _start
Uninitialized value was created by an allocation of 'code' in the stack frame of function '__libdw_gunzip'
#0 0x55cde0 in __libdw_gunzip /src/elfutils/libdwfl/gzip.c:184
SUMMARY: MemorySanitizer: use-of-uninitialized-value (/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds_elfutils_3ee01cb67db1a71e7adeb7f3f14722ea62f13cd5/revisions/fuzz-libdwfl+0x55eeb6)
Unique heap origins: 44
Stack depot allocated bytes: 1638400
Unique origin histories: 7
History depot allocated bytes: 196608
Exiting
--
You received this message because:
1. You were specifically CC'd on the issue
You may adjust your notification preferences at:
https://bugs.chromium.org/hosting/settings
Reply to this email to add a comment.
^ permalink raw reply [flat|nested] 5+ messages in thread
* Issue 45631 in oss-fuzz: elfutils:fuzz-libdwfl: Use-of-uninitialized-value in __libdw_gunzip
[not found] <0=71cc74a7ba1af446b7ed6b9a08b414d9=e8012982be40997bfd82c6bebd9e94fe=oss-fuzz@monorail-prod.appspotmail.com>
2022-03-17 5:54 ` Issue 45631 in oss-fuzz: elfutils:fuzz-libdwfl: Use-of-uninitialized-value in __libdw_gunzip ClusterFuzz-External via monorail
2022-03-20 9:58 ` da… via monorail
@ 2022-03-20 9:58 ` da… via monorail
2022-03-23 0:05 ` ClusterFuzz-External via monorail
2022-03-24 21:11 ` ClusterFuzz-External via monorail
4 siblings, 0 replies; 5+ messages in thread
From: da… via monorail @ 2022-03-20 9:58 UTC (permalink / raw)
To: elfutils-devel
Comment #2 on issue 45631 by da...@adalogics.com: elfutils:fuzz-libdwfl: Use-of-uninitialized-value in __libdw_gunzip
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=45631#c2
(No comment was entered for this change.)
Attachments:
clusterfuzz-testcase-minimized-fuzz-libdwfl-5742116662280192 4 bytes
--
You received this message because:
1. You were specifically CC'd on the issue
You may adjust your notification preferences at:
https://bugs.chromium.org/hosting/settings
Reply to this email to add a comment.
^ permalink raw reply [flat|nested] 5+ messages in thread
* Issue 45631 in oss-fuzz: elfutils:fuzz-libdwfl: Use-of-uninitialized-value in __libdw_gunzip
[not found] <0=71cc74a7ba1af446b7ed6b9a08b414d9=e8012982be40997bfd82c6bebd9e94fe=oss-fuzz@monorail-prod.appspotmail.com>
` (2 preceding siblings ...)
2022-03-20 9:58 ` da… via monorail
@ 2022-03-23 0:05 ` ClusterFuzz-External via monorail
2022-03-24 21:11 ` ClusterFuzz-External via monorail
4 siblings, 0 replies; 5+ messages in thread
From: ClusterFuzz-External via monorail @ 2022-03-23 0:05 UTC (permalink / raw)
To: elfutils-devel
Updates:
Labels: Fuzz-Blocker
Comment #3 on issue 45631 by ClusterFuzz-External: elfutils:fuzz-libdwfl: Use-of-uninitialized-value in __libdw_gunzip
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=45631#c3
This crash occurs very frequently on linux platform and is likely preventing the fuzzer fuzz-libdwfl from making much progress. Fixing this will allow more bugs to be found.
If this is incorrect, please file a bug on https://github.com/google/oss-fuzz/issues/new
--
You received this message because:
1. You were specifically CC'd on the issue
You may adjust your notification preferences at:
https://bugs.chromium.org/hosting/settings
Reply to this email to add a comment.
^ permalink raw reply [flat|nested] 5+ messages in thread
* Issue 45631 in oss-fuzz: elfutils:fuzz-libdwfl: Use-of-uninitialized-value in __libdw_gunzip
[not found] <0=71cc74a7ba1af446b7ed6b9a08b414d9=e8012982be40997bfd82c6bebd9e94fe=oss-fuzz@monorail-prod.appspotmail.com>
` (3 preceding siblings ...)
2022-03-23 0:05 ` ClusterFuzz-External via monorail
@ 2022-03-24 21:11 ` ClusterFuzz-External via monorail
4 siblings, 0 replies; 5+ messages in thread
From: ClusterFuzz-External via monorail @ 2022-03-24 21:11 UTC (permalink / raw)
To: elfutils-devel
Updates:
Labels: ClusterFuzz-Verified
Status: Verified
Comment #4 on issue 45631 by ClusterFuzz-External: elfutils:fuzz-libdwfl: Use-of-uninitialized-value in __libdw_gunzip
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=45631#c4
ClusterFuzz testcase 5742116662280192 is verified as fixed in https://oss-fuzz.com/revisions?job=libfuzzer_msan_elfutils&range=202203240610:202203241200
If this is incorrect, please file a bug on https://github.com/google/oss-fuzz/issues/new
--
You received this message because:
1. You were specifically CC'd on the issue
You may adjust your notification preferences at:
https://bugs.chromium.org/hosting/settings
Reply to this email to add a comment.
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2022-03-24 21:11 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
[not found] <0=71cc74a7ba1af446b7ed6b9a08b414d9=e8012982be40997bfd82c6bebd9e94fe=oss-fuzz@monorail-prod.appspotmail.com>
2022-03-17 5:54 ` Issue 45631 in oss-fuzz: elfutils:fuzz-libdwfl: Use-of-uninitialized-value in __libdw_gunzip ClusterFuzz-External via monorail
2022-03-20 9:58 ` da… via monorail
2022-03-20 9:58 ` da… via monorail
2022-03-23 0:05 ` ClusterFuzz-External via monorail
2022-03-24 21:11 ` ClusterFuzz-External via monorail
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).