From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from forward500p.mail.yandex.net (forward500p.mail.yandex.net [77.88.28.110]) by sourceware.org (Postfix) with ESMTPS id B12C93858C50 for ; Mon, 21 Mar 2022 11:11:00 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org B12C93858C50 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=ya.ru Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=ya.ru Received: from sas2-548eec917f61.qloud-c.yandex.net (sas2-548eec917f61.qloud-c.yandex.net [IPv6:2a02:6b8:c08:b889:0:640:548e:ec91]) by forward500p.mail.yandex.net (Yandex) with ESMTP id 8DD11F01D30; Mon, 21 Mar 2022 14:10:58 +0300 (MSK) Received: from sas1-1f4a002bb12a.qloud-c.yandex.net (sas1-1f4a002bb12a.qloud-c.yandex.net [2a02:6b8:c14:3908:0:640:1f4a:2b]) by sas2-548eec917f61.qloud-c.yandex.net (mxback/Yandex) with ESMTP id 4kTYCmdHwk-AwfKfbga; Mon, 21 Mar 2022 14:10:58 +0300 X-Yandex-Fwd: 2 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ya.ru; s=mail; t=1647861058; bh=cGGj+Lh/ub3yjsg2B0Z/UqKb5bJ1trGxbhkZGQ3MPMk=; h=References:Date:In-Reply-To:Subject:Cc:From:Message-Id:To; b=nKjd3/eTqC0fGEU+AKO4kO+G9wGPrHDKk6k1L32SumuTkWipukMcUwN98xgaVUMOP WmOk6EXK/kBm7Kr404bNtIIUOFIOs3KKmpnMJ21VCTzBhk9ZWXGNkRCPFrRVTXpaB4 2tXtwoQZ0yejHbhkpxWQrcuL9GS4l45Dm48OLLNk= Authentication-Results: sas2-548eec917f61.qloud-c.yandex.net; dkim=pass header.i=@ya.ru Received: by sas1-1f4a002bb12a.qloud-c.yandex.net (smtp/Yandex) with ESMTPSA id rjvOLS3Mlv-AvJCKwcU; Mon, 21 Mar 2022 14:10:57 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client certificate not present) Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.21\)) Subject: Re: Some fuzzer workarounds From: Evgeny Vereshchagin In-Reply-To: Date: Mon, 21 Mar 2022 14:10:57 +0300 Cc: david korczynski , elfutils-devel@sourceware.org Content-Transfer-Encoding: quoted-printable Message-Id: <289F0554-4E5C-42F1-A3C9-773C828CA168@ya.ru> References: <20220317133051.100876-1-mark@klomp.org> <741FAE40-F8E9-4DA7-A160-E30A76210AC8@ya.ru> To: Mark Wielaard X-Mailer: Apple Mail (2.3445.104.21) X-Spam-Status: No, score=-3.3 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, FREEMAIL_FROM, RCVD_IN_MSPIKE_H4, RCVD_IN_MSPIKE_WL, SPF_HELO_NONE, SPF_PASS, TXREP, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.4 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on server2.sourceware.org X-BeenThere: elfutils-devel@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Elfutils-devel mailing list List-Unsubscribe: , List-Archive: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 21 Mar 2022 11:11:04 -0000 Hi Mark, > So I took the fuzz-libelf.c and fuzz-libdwfl.c files from the oss-fuzz > repo, tweaked them so they have a normal main that takes one file > argument to try to replicate the reports. That found some "real" > issues I submitted patches for. Then I ran afl-fuzz on them locally > during the weekend and found another issue for which I also submitted > a patch. FWIW to test the "fuzz" branch I integrated the new fuzz targets into = the elfutils build system by analogy with = https://sourceware.org/pipermail/elfutils-devel/2021q4/004615.html and there they are linked with the main function automatically and it's also = possible to pass --enable-afl to ./configure to automatically run it with AFL. It still needs = polishing but I wonder if it makes sense to send that to the mailing list? I still think the fuzz targets should = be kept and reviewed upstream and that patch would make it possible. It's being tested in https://github.com/evverx/elfutils/pull/72. I'll = report back once I figure out why the unit tests are failing on Fedora Rawhide: = https://copr-be.cloud.fedoraproject.org/results/packit/evverx-elfutils-72/= fedora-rawhide-x86_64/03799633-elfutils/builder-live.log.gz > There are several duplicates though and all the MSAN reported > issues seem bogus. I'm not sure all of them are bogus but I would ignore them for now. Once = the new fuzz targets are linked with zlib built with MSan bogus reports will be closed and = I'll take a look at what's left there. Thanks, Evgeny Vereshchagin