From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: <3i_s2Yg0bAHYgihilUcf-jliXUjjcX.aiiafYomYlWihnYhn.Wig@M3KW2WVRGUFZ5GODRSRYTGD7.apphosting.bounces.google.com> Received: from mail-io1-xd47.google.com (mail-io1-xd47.google.com [IPv6:2607:f8b0:4864:20::d47]) by sourceware.org (Postfix) with ESMTPS id 3DA3B3858407 for ; Sun, 20 Mar 2022 10:01:48 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 3DA3B3858407 Received: by mail-io1-xd47.google.com with SMTP id k10-20020a5d91ca000000b006414a00b160so8496740ior.18 for ; Sun, 20 Mar 2022 03:01:48 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:date:reply-to:references:message-id :subject:from:to; bh=jyo8eRVVKwX1r+w87jnUKcNdCjtPtfUTnt5KHE1kSug=; b=MgnWqOQ76bCvlR/YsOd7qWUt4H/trJgWUfksfGeFhM9nAohx6iVOUWkYF4vtb4fzt9 m/iza0/LVs7LyC4Q+0z3RKKYP544kPb2abqnyRKIFaIqoUP4HbD9bIPLWFgjMCJ8YDv+ TjA0tahrrYEfPrfkuIDfL/sMSkkPYui1THsFsEL+DSZi+iVPTikF3AWOJP92j7aR5AFF PtjuiugNKNrN1zcwJfhyIuj5rGJgvprZ9z6Jo7CLv7faxTxXdpJhLcscAJ2TyA8xykL1 /W6vNp+7ojsyWHnTzz3yFyMFqaGqhaCUxjXUMWSu/QT/Xg2ufBT6oTJW4pZXXVPbaBMV U8Cg== X-Gm-Message-State: AOAM531bmlSbNCsgakeoocXYqhnuCXWEaTcJZ97JWvSSRSH9rnTZp/Ez lbZaj/DSY6isSZ+hm6GnJ1/t/s+CkH3DJT2ZFjf5T0TxDz4y X-Google-Smtp-Source: ABdhPJxYzTilh0TTrQtq29sKwaXCtYhZjcQzP4xuS/uqeeNYBak4bcknSpHS42Y9vRtIbs6WZjtRwGR/ARbfi7z83r10MGIbwuP4 MIME-Version: 1.0 X-Received: by 2002:a92:6d02:0:b0:2c6:e1:79b with SMTP id i2-20020a926d02000000b002c600e1079bmr8229023ilc.67.1647770507653; Sun, 20 Mar 2022 03:01:47 -0700 (PDT) Date: Sun, 20 Mar 2022 03:01:47 -0700 Reply-To: oss-fuzz@monorail-prod.appspotmail.com References: <0=71cc74a7ba1af446b7ed6b9a08b414d9=ab8031fc7889ffb2d47f2ef4275a0985=oss-fuzz@monorail-prod.appspotmail.com> X-Google-Appengine-App-Id: s~monorail-prod X-Google-Appengine-App-Id-Alias: monorail-prod Message-ID: <000000000000c7b88605daa3778a@google.com> Subject: Issue 45636 in oss-fuzz: elfutils:fuzz-libdwfl: Crash in read_long_names From: =?UTF-8?B?ZGHigKYgdmlhIG1vbm9yYWls?= To: elfutils-devel@sourceware.org X-Spam-Status: No, score=-0.5 required=5.0 tests=BAYES_00, DKIMWL_WL_HIGH, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, HEADER_FROM_DIFFERENT_DOMAINS, HTML_MESSAGE, RCVD_IN_DNSWL_NONE, SCC_10_SHORT_WORD_LINES, SCC_5_SHORT_WORD_LINES, SPF_HELO_NONE, SPF_PASS, TXREP, T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.4 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on server2.sourceware.org Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.29 X-BeenThere: elfutils-devel@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Elfutils-devel mailing list List-Unsubscribe: , List-Archive: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 20 Mar 2022 10:01:50 -0000 Comment #1 on issue 45636 by da...@adalogics.com: elfutils:fuzz-libdwfl: Crash in read_long_names https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=45636#c1 ASAN report ================================================================= ==746==ERROR: AddressSanitizer: unknown-crash on address 0x7f1a9af3d000 at pc 0x00000048a379 bp 0x7ffeb1d3c230 sp 0x7ffeb1d3b9e8 READ of size 985 at 0x7f1a9af3d000 thread T0 SCARINESS: 16 (multi-byte-read-unknown-crash) #0 0x48a378 in __interceptor_atol /src/llvm-project/compiler-rt/lib/asan/asan_interceptors.cpp:522:3 #1 0x5b4615 in read_long_names /src/elfutils/libelf/elf_begin.c:766:13 #2 0x5b2aa4 in __libelf_next_arhdr_wrlock /src/elfutils/libelf/elf_begin.c:912:8 #3 0x5b6d7d in dup_elf /src/elfutils/libelf/elf_begin.c:1061:10 #4 0x5b5028 in lock_dup_elf /src/elfutils/libelf/elf_begin.c:1119:10 #5 0x5b4e36 in elf_begin /src/elfutils/libelf/elf_begin.c:0 #6 0x4db735 in process_archive /src/elfutils/libdwfl/offline.c:251:17 #7 0x4db181 in process_file /src/elfutils/libdwfl/offline.c:125:14 #8 0x4daf3b in __libdwfl_report_offline /src/elfutils/libdwfl/offline.c:287:22 #9 0x4db2a2 in dwfl_report_offline /src/elfutils/libdwfl/offline.c:316:10 #10 0x4d842f in LLVMFuzzerTestOneInput /src/fuzz-libdwfl.c:47:22 #11 0x4d8225 in ExecuteFilesOnyByOne aflplusplus/utils/aflpp_driver/aflpp_driver.c:191:7 #12 0x4d8095 in main aflplusplus/utils/aflpp_driver/aflpp_driver.c:0 #13 0x7f1a9bd060b2 in __libc_start_main /build/glibc-eX1tMB/glibc-2.31/csu/libc-start.c:308:16 #14 0x41e58d in _start Address 0x7f1a9af3d000 is a wild pointer inside of access range of size 0x0000000003d9. SUMMARY: AddressSanitizer: unknown-crash (/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds-afl_elfutils_b7ca3a6bcc40cef461446d759ca780e6ea3657cd/revisions/fuzz-libdwfl+0x48a378) Shadow bytes around the buggy address: 0x0fe3d35df9b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0fe3d35df9c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0fe3d35df9d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0fe3d35df9e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0fe3d35df9f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 =>0x0fe3d35dfa00:[fe]fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe 0x0fe3d35dfa10: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe 0x0fe3d35dfa20: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe 0x0fe3d35dfa30: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe 0x0fe3d35dfa40: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe 0x0fe3d35dfa50: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb ==746==ABORTING -- You received this message because: 1. You were specifically CC'd on the issue You may adjust your notification preferences at: https://bugs.chromium.org/hosting/settings Reply to this email to add a comment.