From: Mark Wielaard <mark@klomp.org>
To: elfutils-devel@sourceware.org
Cc: Evgeny Vereshchagin <evvers@ya.ru>,
david korczynski <david@adalogics.com>
Subject: Some fuzzer workarounds
Date: Thu, 17 Mar 2022 14:30:49 +0100 [thread overview]
Message-ID: <20220317133051.100876-1-mark@klomp.org> (raw)
Hi,
I looked over the "ClusterFuzz-External via monorail" emails and found
some "real" issues. But in general it is hard to determined what this
cluster is complaining about. The emails are somewhat opaque and don't
contain proper backtraces (with file and line numbers), nor do they
contain any context on how the target was configured or with which
flags or arguments any fuzzing testcases were run.
The following fixes should fix reading of some broken ar archives and
misaligned access of the section zero Shdr for mmaped ELF files where
the start of the Elf image is at some offset from the start of the
map.
[PATCH 1/2] libelf: Take map offset into account for Shdr alignment
[PATCH 2/2] libelf: Make sure ar_size starts with a digit before
https://code.wildebeest.org/git/user/mjw/elfutils/log/?h=fuzz
I haven't been able to replicate any other issues locally. I don't
really trust the msan instrumentation, better use valgrind (although
both might be too slow for fuzzing). There are also some other
misaligned type access checks reported by ubsan, but I don't know if
that is because of ALLOW_UNALIGNED is still defined or not (when
configuring with --enable-analyze-undefined ALLOW_UNALIGNED is not
defined, otherwise it is for some arches, including x86_64).
I don't mind getting rid of ALLOW_UNALIGNED, but it is some work.
Cheers,
Mark
next reply other threads:[~2022-03-17 13:31 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-03-17 13:30 Mark Wielaard [this message]
2022-03-17 13:30 ` [PATCH 1/2] libelf: Take map offset into account for Shdr alignment check in elf_begin Mark Wielaard
2022-03-17 13:30 ` [PATCH 2/2] libelf: Make sure ar_size starts with a digit before calling atol Mark Wielaard
2022-03-18 9:11 ` Evgeny Vereshchagin
2022-03-18 11:44 ` Mark Wielaard
2022-03-18 13:18 ` Evgeny Vereshchagin
2022-03-18 7:26 ` Some fuzzer workarounds Evgeny Vereshchagin
2022-03-19 11:08 ` Evgeny Vereshchagin
2022-03-21 2:24 ` Evgeny Vereshchagin
2022-03-21 10:50 ` Mark Wielaard
2022-03-21 11:10 ` Evgeny Vereshchagin
2022-03-21 14:33 ` Evgeny Vereshchagin
2022-03-21 17:30 ` Mark Wielaard
2022-03-21 18:01 ` Evgeny Vereshchagin
2022-03-22 16:59 ` Evgeny Vereshchagin
2022-03-23 0:35 ` Mark Wielaard
2022-03-23 1:15 ` Evgeny Vereshchagin
2022-03-23 9:21 ` Mark Wielaard
2022-03-21 10:57 ` Mark Wielaard
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220317133051.100876-1-mark@klomp.org \
--to=mark@klomp.org \
--cc=david@adalogics.com \
--cc=elfutils-devel@sourceware.org \
--cc=evvers@ya.ru \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).