Issue 43356 in oss-fuzz: elfutils:fuzz-dwfl-core: Misaligned-address in Elf32_cvt_Dyn

Issue 43356 in oss-fuzz: elfutils:fuzz-dwfl-core: Misaligned-address in Elf32_cvt_Dyn

[ClusterFuzz-External via monorail]

Status: New
Owner: ----
CC: elfut...@sourceware.org, evv...@gmail.com, izzeem@google.com 
Labels: ClusterFuzz Reproducible Stability-UndefinedBehaviorSanitizer Engine-libfuzzer OS-Linux Proj-elfutils Reported-2022-01-06
Type: Bug

New issue 43356 by ClusterFuzz-External: elfutils:fuzz-dwfl-core: Misaligned-address in Elf32_cvt_Dyn
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=43356

Detailed Report: https://oss-fuzz.com/testcase?key=6013023414779904

Project: elfutils
Fuzzing Engine: libFuzzer
Fuzz Target: fuzz-dwfl-core
Job Type: libfuzzer_ubsan_elfutils
Platform Id: linux

Crash Type: Misaligned-address
Crash Address: 
Crash State:
  Elf32_cvt_Dyn
  elf32_xlatetom
  dwfl_segment_report_module
  
Sanitizer: undefined (UBSAN)

Regressed: https://oss-fuzz.com/revisions?job=libfuzzer_ubsan_elfutils&range=202201051200:202201051800

Reproducer Testcase: https://oss-fuzz.com/download?testcase_id=6013023414779904

Issue filed automatically.

See https://google.github.io/oss-fuzz/advanced-topics/reproducing for instructions to reproduce this bug locally.
When you fix this bug, please
  * mention the fix revision(s).
  * state whether the bug was a short-lived regression or an old bug in any stable releases.
  * add any other useful information.
This information can help downstream consumers.

If you need to contact the OSS-Fuzz team with a question, concern, or any other feedback, please file an issue at https://github.com/google/oss-fuzz/issues. Comments on individual Monorail issues are not monitored.

-- 
You received this message because:
  1. You were specifically CC'd on the issue

You may adjust your notification preferences at:
https://bugs.chromium.org/hosting/settings

Reply to this email to add a comment.

Issue 43356 in oss-fuzz: elfutils:fuzz-dwfl-core: Misaligned-address in Elf32_cvt_Dyn

[evv… via monorail]

Comment #1 on issue 43356 by evv...@gmail.com: elfutils:fuzz-dwfl-core: Misaligned-address in Elf32_cvt_Dyn
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=43356#c1

It can be reproduced by downloading the reproducer testcase and passing it to eu-stack:
```
autoreconf -i -f
./configure --enable-maintainer-mode --enable-sanitize-address --enable-sanitize-undefined
make -j$(nproc) V=1
wget -O CRASH 'https://oss-fuzz.com/download?testcase_id=6013023414779904'
UBSAN_OPTIONS=print_stacktrace=1 LD_LIBRARY_PATH="./libdw;./libelf" ./src/stack --core CRASH
gelf_xlate.h:48:1: runtime error: member access within misaligned address 0x7f98edb0206a for type 'struct Elf32_Dyn', which requires 4 byte alignment
0x7f98edb0206a: note: pointer points here
 20 20  20 00 00 00 8a 20 20 20  20 00 00 00 10 20 20 20  20 ff 20 20 20 ff ff ff  ff 00 00 00 00 00
              ^
    #0 0x7f98f23ef91f in Elf32_cvt_Dyn /home/vagrant/elfutils/libelf/gelf_xlate.h:48
    #1 0x7f98f23ed9f9 in elf32_xlatetom /home/vagrant/elfutils/libelf/elf32_xlatetom.c:104
    #2 0x7f98f20eac75 in dwfl_segment_report_module /home/vagrant/elfutils/libdwfl/dwfl_segment_report_module.c:848
    #3 0x7f98f20f4ffd in _new.dwfl_core_file_report /home/vagrant/elfutils/libdwfl/core-file.c:563
    #4 0x403b34 in parse_opt /home/vagrant/elfutils/src/stack.c:595
    #5 0x7f98f1199471 in argp_parse (/lib64/libc.so.6+0x11e471)
    #6 0x402a7d in main /home/vagrant/elfutils/src/stack.c:695
    #7 0x7f98f10a855f in __libc_start_call_main (/lib64/libc.so.6+0x2d55f)
    #8 0x7f98f10a860b in __libc_start_main_impl (/lib64/libc.so.6+0x2d60b)
    #9 0x402f44 in _start (/home/vagrant/elfutils/src/stack+0x402f44)
```

-- 
You received this message because:
  1. You were specifically CC'd on the issue

You may adjust your notification preferences at:
https://bugs.chromium.org/hosting/settings

Reply to this email to add a comment.

Issue 43356 in oss-fuzz: elfutils:fuzz-dwfl-core: Misaligned-address in Elf32_cvt_Dyn

[ClusterFuzz-External via monorail]

Updates:
	Labels: ClusterFuzz-Verified
	Status: Verified

Comment #2 on issue 43356 by ClusterFuzz-External: elfutils:fuzz-dwfl-core: Misaligned-address in Elf32_cvt_Dyn
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=43356#c2

ClusterFuzz testcase 6013023414779904 is verified as fixed in https://oss-fuzz.com/revisions?job=libfuzzer_ubsan_elfutils&range=202201071200:202201071800

If this is incorrect, please file a bug on https://github.com/google/oss-fuzz/issues/new

-- 
You received this message because:
  1. You were specifically CC'd on the issue

You may adjust your notification preferences at:
https://bugs.chromium.org/hosting/settings

Reply to this email to add a comment.