From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: <3N8UyYg0bAKQQSRSVEMP-TVSHETTMH.KSSKPIYWIVGSRXIRX.GSQ@M3KW2WVRGUFZ5GODRSRYTGD7.apphosting.bounces.google.com> Received: from mail-il1-x146.google.com (mail-il1-x146.google.com [IPv6:2607:f8b0:4864:20::146]) by sourceware.org (Postfix) with ESMTPS id BC97A394FC30 for ; Thu, 17 Mar 2022 05:20:55 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org BC97A394FC30 Received: by mail-il1-x146.google.com with SMTP id v11-20020a92c80b000000b002c7e3b707caso487379iln.15 for ; Wed, 16 Mar 2022 22:20:55 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:date:reply-to:references:message-id :subject:from:to; bh=CF6w9w8oQSIgw2pDpHVWWwqhwzaTdN/M0M8qATlMB98=; b=DAKTtgJ/xBVdTWahhWxEhOJ/NVyF0LzSQXAjEJITf3NizWcC+OXP968EUUthIxGEGq KvA9rxSV1jqwEI+CN4lTf6EN6uk7EHBP6lCTc8rnQqiVJFrtxFLgxW7UvfePXyhFpRTK PC9uCU4wGy6D5sYzWbdvKTRik050azP9R4LTywkdFDIxCETTx9+KTv0vcDgPf+vYMkrW Cmtw0o4FObE8oVi/6sCHzhBABx3datjfnEmo8gCwMZEA2qo/g+M84qTxp19uUhh6Djoh gLDIJtLthpJsQNEgpkvG0oYM6eQYFJM9lHFdrrGHS0WmASi0sk9mPc4ZKvhaoSn4mXyv iqtA== X-Gm-Message-State: AOAM531n2p4WaKt087SzYbdKPEtuoet3F+hg4dSqBOgLyve9n3XJ0RAJ 0mF5Sw5nqWd4LSCrq8een4pvtDkLoMf1Cvio31tNqm8viJuc X-Google-Smtp-Source: ABdhPJzX1igJyO0RJTHiFJPcrCEK8avX6f+D2ScVrBXgY51yIQWBYyOXNRqA+c+aZXRD4SLLyHhKwep1zaS7B0599qFmKhwemnlK MIME-Version: 1.0 X-Received: by 2002:a05:6638:cb6:b0:30e:c3d5:4f80 with SMTP id x22-20020a0566380cb600b0030ec3d54f80mr1298803jad.150.1647494455028; Wed, 16 Mar 2022 22:20:55 -0700 (PDT) Date: Wed, 16 Mar 2022 22:20:55 -0700 Reply-To: oss-fuzz@monorail-prod.appspotmail.com References: <0=71cc74a7ba1af446b7ed6b9a08b414d9=f5a9375df2c55c28bce4b7cdfdfda2ef=oss-fuzz@monorail-prod.appspotmail.com> X-Google-Appengine-App-Id: s~monorail-prod X-Google-Appengine-App-Id-Alias: monorail-prod Message-ID: <000000000000c2fa3e05da6331e3@google.com> Subject: Issue 45628 in oss-fuzz: elfutils:fuzz-libdwfl: Heap-buffer-overflow in strtol From: ClusterFuzz-External via monorail To: elfutils-devel@sourceware.org X-Spam-Status: No, score=-1.7 required=5.0 tests=BAYES_00, DKIMWL_WL_HIGH, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, HEADER_FROM_DIFFERENT_DOMAINS, HTML_MESSAGE, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.4 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on server2.sourceware.org Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.29 X-BeenThere: elfutils-devel@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Elfutils-devel mailing list List-Unsubscribe: , List-Archive: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 17 Mar 2022 05:20:58 -0000 Status: New Owner: ---- CC: elfut...@sourceware.org, da...@adalogics.com, evv...@gmail.com, izzeem@google.com Labels: ClusterFuzz Stability-Memory-AddressSanitizer Reproducible OS-Linux Security_Severity-Medium Engine-honggfuzz Proj-elfutils Reported-2022-03-17 Type: Bug-Security New issue 45628 by ClusterFuzz-External: elfutils:fuzz-libdwfl: Heap-buffer-overflow in strtol https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=45628 Detailed Report: https://oss-fuzz.com/testcase?key=4673586076450816 Project: elfutils Fuzzing Engine: honggfuzz Fuzz Target: fuzz-libdwfl Job Type: honggfuzz_asan_elfutils Platform Id: linux Crash Type: Heap-buffer-overflow READ {*} Crash Address: 0x7fffe2c93000 Crash State: strtol __libelf_next_arhdr_wrlock elf_begin Sanitizer: address (ASAN) Recommended Security Severity: Medium Regressed: https://oss-fuzz.com/revisions?job=honggfuzz_asan_elfutils&range=202203161800:202203170000 Reproducer Testcase: https://oss-fuzz.com/download?testcase_id=4673586076450816 Issue filed automatically. See https://google.github.io/oss-fuzz/advanced-topics/reproducing for instructions to reproduce this bug locally. When you fix this bug, please * mention the fix revision(s). * state whether the bug was a short-lived regression or an old bug in any stable releases. * add any other useful information. This information can help downstream consumers. If you need to contact the OSS-Fuzz team with a question, concern, or any other feedback, please file an issue at https://github.com/google/oss-fuzz/issues. Comments on individual Monorail issues are not monitored. -- You received this message because: 1. You were specifically CC'd on the issue You may adjust your notification preferences at: https://bugs.chromium.org/hosting/settings Reply to this email to add a comment.