From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-pg1-x545.google.com (mail-pg1-x545.google.com [IPv6:2607:f8b0:4864:20::545]) by sourceware.org (Postfix) with ESMTPS id 685603858D1E for ; Thu, 7 Sep 2023 12:31:10 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 685603858D1E Authentication-Results: sourceware.org; dmarc=fail (p=none dis=none) header.from=chromium.org Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=M3KW2WVRGUFZ5GODRSRYTGD7.apphosting.bounces.google.com Received: by mail-pg1-x545.google.com with SMTP id 41be03b00d2f7-573f6f0fe9aso1228243a12.0 for ; Thu, 07 Sep 2023 05:31:10 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1694089869; x=1694694669; darn=sourceware.org; h=to:from:subject:message-id:references:reply-to:date:mime-version :from:to:cc:subject:date:message-id:reply-to; bh=VZexUzBoYHZiEHoaiQHZVkvXVbxrQkn8pt4LPhJXs2o=; b=ihcqXwst4Ug69P89lBT5kWJxXB8FDjylY4m7FLPRmriC8U79Al4rZEC3FMBD0axm9p bWfCtE40w8x2zHbe/usOjClabf+MkKVv+Wj5zEWkhhnMEVRZgzfGdWo2fRed+EqoyNSd XV6Q5fSU2hHg5iI41hgreu4TWWvBrq+7oqgtg= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1694089869; x=1694694669; h=to:from:subject:message-id:references:reply-to:date:mime-version :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=VZexUzBoYHZiEHoaiQHZVkvXVbxrQkn8pt4LPhJXs2o=; b=MyaodXS5tKSjsCJ502Tttbrb84f198obbuBtFJB3eaT2lzLUGKfOUUOf3aKjdhubsw U7SyB/2cTujfiVj8Xgs7QZTkpt+YHFS+sbeXDiT5QeUg6igmqWYp+DrzCPa0bSUxlxgu 9Mu8i6qq6aLonrTuxWNCkEYNvenb48nqZwnsN1Ed7UzFmx13N8BhFoSkYgfjrwepukG9 N+TzRO0ku9i8bfup3tPqLdvJBXOtbh33S/mPe5MRxbAq4GynHdv6vxAVTggyeQ0F35KD amyzofw8rD+vDt8UKWVG9XV75dRMeK72LK1IKGAqhHTjcigvxbalcLcu7xrdnZ8unLus V40A== X-Gm-Message-State: AOJu0YxaFnb8X2FA8+tVh0DnxYEVYMIKAl5KM9VDgzomtueCxQX2IeFy zbBDEdA1vCVuArrYU26DWjmbSiH70bQ9I2G3a8X5Es4dfTfUuvU= X-Google-Smtp-Source: AGHT+IG5qA5ujWC0GfNFobaomV/GHuf/s6EOMHA3HyI9XfdO3AZ6mBB5KOm20qBN+NQpwGb/iw8IGBxqOZR9wV1cmwz+q3jDgQdo MIME-Version: 1.0 X-Received: by 2002:a63:3e06:0:b0:56f:ff4c:3e61 with SMTP id l6-20020a633e06000000b0056fff4c3e61mr4312159pga.9.1694089869368; Thu, 07 Sep 2023 05:31:09 -0700 (PDT) Date: Thu, 07 Sep 2023 05:31:09 -0700 Reply-To: oss-fuzz@monorail-prod.appspotmail.com References: <0=71cc74a7ba1af446b7ed6b9a08b414d9=1491f90a54bd791097d19cec88a861b0=oss-fuzz@monorail-prod.appspotmail.com> X-Google-Appengine-App-Id: s~monorail-prod X-Google-Appengine-App-Id-Alias: monorail-prod Message-ID: <000000000000e1a42b0604c408ca@google.com> Subject: Issue 62071 in oss-fuzz: elfutils:fuzz-libdwfl: Null-dereference READ in chunk_compare From: =?UTF-8?Q?evv=E2=80=A6_via_monorail?= To: elfutils-devel@sourceware.org Content-Type: multipart/alternative; boundary="000000000000e1a4050604c408c7" X-Spam-Status: No, score=-1.6 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,HTML_MESSAGE,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,TXREP autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: --000000000000e1a4050604c408c7 Content-Type: text/plain; charset="UTF-8" Comment #1 on issue 62071 by evv...@gmail.com: elfutils:fuzz-libdwfl: Null-dereference READ in chunk_compare https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=62071#c1 ``` SCARINESS: 10 (null-deref) #0 0x82d35d1 in chunk_compare /src/elfutils/libelf/elf_getdata_rawchunk.c:49:25 #1 0xf7caab3a in __tsearch #2 0x8156826 in __interceptor_tsearch /src/llvm-project/compiler-rt/lib/sanitizer_common/sanitizer_common_interceptors.inc:6057:15 #3 0x82d2a8a in elf_getdata_rawchunk /src/elfutils/libelf/elf_getdata_rawchunk.c:98:28 #4 0x81f4139 in find_elf_build_id /src/elfutils/libdwelf/dwelf_elf_gnu_build_id.c:88:28 #5 0x81f3a28 in __libdwfl_find_elf_build_id /src/elfutils/libdwelf/dwelf_elf_gnu_build_id.c:142:10 #6 0x82795e8 in __libdwfl_find_build_id /src/elfutils/libdwfl/dwfl_module_build_id.c:70:16 #7 0x82795e8 in dwfl_module_build_id /src/elfutils/libdwfl/dwfl_module_build_id.c:91:20 #8 0x81d7ec7 in dwfl_standard_find_debuginfo /src/elfutils/libdwfl/find-debuginfo.c:365:19 #9 0x81d3340 in find_debuginfo /src/elfutils/libdwfl/dwfl_module_getdwarf.c:538:19 #10 0x81cff0f in find_dw /src/elfutils/libdwfl/dwfl_module_getdwarf.c:1412:16 #11 0x81cff0f in dwfl_module_getdwarf /src/elfutils/libdwfl/dwfl_module_getdwarf.c:1446:3 #12 0x81cad03 in LLVMFuzzerTestOneInput /src/fuzz-libdwfl.c:54:3 #13 0x808ba2e in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned int) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:611:15 #14 0x808b168 in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned int, bool, fuzzer::InputInfo*, bool, bool*) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:514:3 #15 0x808cfdd in fuzzer::Fuzzer::ReadAndExecuteSeedCorpora(std::__Fuzzer::vector >&) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:826:7 #16 0x808d1de in fuzzer::Fuzzer::Loop(std::__Fuzzer::vector >&) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:857:3 #17 0x807c3fc in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned int)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:912:6 #18 0x80a6177 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 #19 0xf7bc5ed4 in __libc_start_main #20 0x806dad5 in _start ``` The fuzz target can be found at https://github.com/google/oss-fuzz/blob/master/projects/elfutils/fuzz-libdwfl.c OSS-Fuzz says the fuzz target crashed on i386 sporadically and it isn't reliably reproducible anymore so it could be a glitch of some sort. -- You received this message because: 1. You were specifically CC'd on the issue You may adjust your notification preferences at: https://bugs.chromium.org/hosting/settings Reply to this email to add a comment. --000000000000e1a4050604c408c7--