public inbox for elfutils@sourceware.org
 help / color / mirror / Atom feed
From: "evv… via monorail" <monorail+v2.2672886254@chromium.org>
To: elfutils-devel@sourceware.org
Subject: Issue 56134 in oss-fuzz: elfutils:fuzz-libdwfl: Use-of-uninitialized-value in check_section
Date: Sun, 19 Feb 2023 06:37:47 -0800	[thread overview]
Message-ID: <000000000000867deb05f50e7de9@google.com> (raw)
In-Reply-To: <0=71cc74a7ba1af446b7ed6b9a08b414d9=71ed1158a93bd261e0f438319391130d=oss-fuzz@monorail-prod.appspotmail.com>

[-- Attachment #1: Type: text/plain, Size: 3730 bytes --]


Comment #1 on issue 56134 by evv...@gmail.com: elfutils:fuzz-libdwfl: Use-of-uninitialized-value in check_section
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=56134#c1

Below is the full backtrace
```
==2272==WARNING: MemorySanitizer: use-of-uninitialized-value
    #0 0x5fb3c7 in check_section /src/elfutils/libdw/dwarf_begin_elf.c:265:7
    #1 0x5f8d3e in global_read /src/elfutils/libdw/dwarf_begin_elf.c:444:14
    #2 0x5f8d3e in dwarf_begin_elf /src/elfutils/libdw/dwarf_begin_elf.c:595:9
    #3 0x53f28c in load_dw /src/elfutils/libdwfl/dwfl_module_getdwarf.c:1341:13
    #4 0x53c5b9 in find_dw /src/elfutils/libdwfl/dwfl_module_getdwarf.c:1391:16
    #5 0x53c5b9 in dwfl_module_getdwarf /src/elfutils/libdwfl/dwfl_module_getdwarf.c:1446:3
    #6 0x534b72 in LLVMFuzzerTestOneInput /src/fuzz-libdwfl.c:54:3
    #7 0x43dcf3 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:611:15
    #8 0x429452 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:324:6
    #9 0x42ecfc in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:860:9
    #10 0x458232 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10
    #11 0x7fe0978dd0b2 in __libc_start_main /build/glibc-eX1tMB/glibc-2.31/csu/libc-start.c:308:16
    #12 0x41f61d in _start
  Uninitialized value was created by a heap allocation
    #0 0x4e2310 in __interceptor_malloc /src/llvm-project/compiler-rt/lib/msan/msan_interceptors.cpp:895:3
    #1 0x6b9935 in convert_data /src/elfutils/libelf/elf_getdata.c:166:24
    #2 0x6b9935 in __libelf_set_data_list_rdlock /src/elfutils/libelf/elf_getdata.c:455:7
    #3 0x6ba571 in __elf_getdata_rdlock /src/elfutils/libelf/elf_getdata.c:562:5
    #4 0x6ba6cd in elf_getdata /src/elfutils/libelf/elf_getdata.c:580:12
    #5 0x5faec7 in check_section /src/elfutils/libdw/dwarf_begin_elf.c:246:20
    #6 0x5f8d3e in global_read /src/elfutils/libdw/dwarf_begin_elf.c:444:14
    #7 0x5f8d3e in dwarf_begin_elf /src/elfutils/libdw/dwarf_begin_elf.c:595:9
    #8 0x53f28c in load_dw /src/elfutils/libdwfl/dwfl_module_getdwarf.c:1341:13
    #9 0x53c5b9 in find_dw /src/elfutils/libdwfl/dwfl_module_getdwarf.c:1391:16
    #10 0x53c5b9 in dwfl_module_getdwarf /src/elfutils/libdwfl/dwfl_module_getdwarf.c:1446:3
    #11 0x534b72 in LLVMFuzzerTestOneInput /src/fuzz-libdwfl.c:54:3
    #12 0x43dcf3 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:611:15
    #13 0x429452 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:324:6
    #14 0x42ecfc in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:860:9
    #15 0x458232 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10
    #16 0x7fe0978dd0b2 in __libc_start_main /build/glibc-eX1tMB/glibc-2.31/csu/libc-start.c:308:16
SUMMARY: MemorySanitizer: use-of-uninitialized-value (/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds_elfutils_3ee01cb67db1a71e7adeb7f3f14722ea62f13cd5/revisions/fuzz-libdwfl+0x5fb3c7)
```

Looks like it was introduced in https://sourceware.org/git/?p=elfutils.git;a=commitdiff;h=fda09f5f188fb173b2123815be71ca4647a8adfb

-- 
You received this message because:
  1. You were specifically CC'd on the issue

You may adjust your notification preferences at:
https://bugs.chromium.org/hosting/settings

Reply to this email to add a comment.

  parent reply	other threads:[~2023-02-20 11:22 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <0=71cc74a7ba1af446b7ed6b9a08b414d9=71ed1158a93bd261e0f438319391130d=oss-fuzz@monorail-prod.appspotmail.com>
2023-02-19 12:36 ` ClusterFuzz-External via monorail
2023-02-19 14:37 ` evv… via monorail [this message]
2023-02-19 15:46 ` evv… via monorail
2023-02-21 16:01 ` ClusterFuzz-External via monorail
2023-03-06 16:52 ` ClusterFuzz-External via monorail
2023-03-06 16:52 ` ClusterFuzz-External via monorail

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=000000000000867deb05f50e7de9@google.com \
    --to=monorail+v2.2672886254@chromium.org \
    --cc=elfutils-devel@sourceware.org \
    --cc=oss-fuzz@monorail-prod.appspotmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).