From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: <3x0YzYg0bADoikjknWeh-lnkZWlleZ.ckkchaqoanYkjpajp.Yki@M3KW2WVRGUFZ5GODRSRYTGD7.apphosting.bounces.google.com> Received: from mail-il1-x145.google.com (mail-il1-x145.google.com [IPv6:2607:f8b0:4864:20::145]) by sourceware.org (Postfix) with ESMTPS id DDCD0385840F for ; Thu, 17 Mar 2022 14:33:43 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org DDCD0385840F Received: by mail-il1-x145.google.com with SMTP id t16-20020a056e02061000b002c7ddaa0006so1844684ils.7 for ; Thu, 17 Mar 2022 07:33:43 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:date:reply-to:references:message-id :subject:from:to; bh=9kr/k46dniYt2H73qftWaEmGVR9bR9HpzeZHiQ4Dy8U=; b=zx7xx3aJlmcG1tJLzfWLFW4XNpNear8gq0vakyzNelSO/nbBCobv8y3Imv5taBhMSL HrTi0vDVxFpD4/oiEM1FT/jD4VhbIy8axXm7Pg5Dg1pUHqQ65cGDLtOHRvKzC2odXGWh hyy7Vi3UobgAiyQHspMAdxGC9cNOCzsTl98ZCn9zoMl0xLNwgFafoZA4QkI3Wp+Ki2Qa dGYYHnHvy+53mWR7sPIUSYMUcgY5ZZ7f++gFi3fpn1LZZ6Q4btUoKMkt62ZQKPyhbp4X npg5Hcbky8SsxVg2UA2axNRCdHYtO+bVJJMMXWS+OhmtFeJullYDZOGa7FZdwPkagA0i wfew== X-Gm-Message-State: AOAM533MTNt5SLJtBAuTI5V2JZylva/mJ6tpJMwuXrSPVPI1ja6S+wKQ KsGYnsszskqqxj1m+4sZT4/cmsmeTDRRC8r2sDsZNtbhp3++ X-Google-Smtp-Source: ABdhPJzDrEa0kJ0XcbUyNjtGgQSlv4O4Q1qrPy8HwIrUCc5AjRlcvNsmDSdZ9mgUaXELcUjPVoIKHdE7lwsMWvuZBsDaRYL68VIa MIME-Version: 1.0 X-Received: by 2002:a05:6602:204c:b0:641:8fe3:1253 with SMTP id z12-20020a056602204c00b006418fe31253mr2268972iod.189.1647527623167; Thu, 17 Mar 2022 07:33:43 -0700 (PDT) Date: Thu, 17 Mar 2022 07:33:43 -0700 Reply-To: oss-fuzz@monorail-prod.appspotmail.com References: <0=71cc74a7ba1af446b7ed6b9a08b414d9=f5a9375df2c55c28bce4b7cdfdfda2ef=oss-fuzz@monorail-prod.appspotmail.com> X-Google-Appengine-App-Id: s~monorail-prod X-Google-Appengine-App-Id-Alias: monorail-prod Message-ID: <000000000000bc922b05da6aead3@google.com> Subject: Issue 45628 in oss-fuzz: elfutils:fuzz-libdwfl: Heap-buffer-overflow in strtol From: =?UTF-8?B?ZGHigKYgdmlhIG1vbm9yYWls?= To: elfutils-devel@sourceware.org X-Spam-Status: No, score=-1.6 required=5.0 tests=BAYES_00, DKIMWL_WL_HIGH, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, HEADER_FROM_DIFFERENT_DOMAINS, HTML_MESSAGE, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.4 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on server2.sourceware.org Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.29 X-BeenThere: elfutils-devel@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Elfutils-devel mailing list List-Unsubscribe: , List-Archive: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 17 Mar 2022 14:33:45 -0000 Comment #2 on issue 45628 by da...@adalogics.com: elfutils:fuzz-libdwfl: Heap-buffer-overflow in strtol https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=45628#c2 Stack trace from detailed report: ==2680==ERROR: AddressSanitizer: unknown-crash on address 0x7fd79225d000 at pc 0x00000044fd53 bp 0x7ffd96c8ead0 sp 0x7ffd96c8e288 READ of size 249 at 0x7fd79225d000 thread T0 SCARINESS: 16 (multi-byte-read-unknown-crash) #0 0x44fd52 in StrtolFixAndCheck(void*, char const*, char**, char*, int) /src/llvm-project/compiler-rt/lib/sanitizer_common/sanitizer_common_interceptors.inc:3440:3 #1 0x488f30 in strtol /src/llvm-project/compiler-rt/lib/asan/asan_interceptors.cpp:484:3 #2 0x5a4f1b in atol /usr/include/stdlib.h:368:10 #3 0x5a4f1b in read_long_names /src/elfutils/libelf/elf_begin.c:766:13 #4 0x5a4f1b in __libelf_next_arhdr_wrlock /src/elfutils/libelf/elf_begin.c:912:8 #5 0x5a65c2 in dup_elf /src/elfutils/libelf/elf_begin.c:1061:10 #6 0x5a65c2 in lock_dup_elf /src/elfutils/libelf/elf_begin.c:1119:10 #7 0x5a65c2 in elf_begin /src/elfutils/libelf/elf_begin.c:1165:11 #8 0x4e3732 in process_archive /src/elfutils/libdwfl/offline.c:251:17 #9 0x4e3732 in process_file /src/elfutils/libdwfl/offline.c:125:14 #10 0x4e4136 in __libdwfl_report_offline /src/elfutils/libdwfl/offline.c:287:22 #11 0x4e4136 in dwfl_report_offline /src/elfutils/libdwfl/offline.c:316:10 #12 0x4e120d in LLVMFuzzerTestOneInput /src/fuzz-libdwfl.c:47:22 #13 0x4d732b in main #14 0x7fd7930a70b2 in __libc_start_main /build/glibc-eX1tMB/glibc-2.31/csu/libc-start.c:308:16 #15 0x41d65d in _start -- You received this message because: 1. You were specifically CC'd on the issue You may adjust your notification preferences at: https://bugs.chromium.org/hosting/settings Reply to this email to add a comment.