From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from gnu.wildebeest.org (gnu.wildebeest.org [45.83.234.184]) by sourceware.org (Postfix) with ESMTPS id 369C23858410 for ; Tue, 21 Feb 2023 11:24:45 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 369C23858410 Authentication-Results: sourceware.org; dmarc=none (p=none dis=none) header.from=klomp.org Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=klomp.org Received: from r6.localdomain (82-217-174-174.cable.dynamic.v4.ziggo.nl [82.217.174.174]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by gnu.wildebeest.org (Postfix) with ESMTPSA id 11ABA3039EBD; Tue, 21 Feb 2023 12:24:44 +0100 (CET) Received: by r6.localdomain (Postfix, from userid 1000) id B62593401E4; Tue, 21 Feb 2023 12:24:43 +0100 (CET) Message-ID: <3eb9eb567539cb118277be6ebc420dce6c55e0d9.camel@klomp.org> Subject: Re: [PATCH 2/2] libdw: Use elf_rawdata when checking .debug section From: Mark Wielaard To: Evgeny Vereshchagin , Aleksei Vetrov Cc: elfutils-devel@sourceware.org Date: Tue, 21 Feb 2023 12:24:43 +0100 In-Reply-To: References: <20230220155518.86598-1-mark@klomp.org> <20230220155518.86598-3-mark@klomp.org> Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable User-Agent: Evolution 3.46.4 (3.46.4-1.fc37) MIME-Version: 1.0 X-Spam-Status: No, score=-3029.7 required=5.0 tests=BAYES_00,JMQ_SPF_NEUTRAL,KAM_DMARC_STATUS,RCVD_IN_BARRACUDACENTRAL,SPF_HELO_NONE,SPF_PASS,TXREP autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: Hi, On Tue, 2023-02-21 at 05:28 +0300, Evgeny Vereshchagin wrote: > On Mon, 20 Feb 2023 at 19:03, Aleksei Vetrov wrote: > > On Mon, Feb 20, 2023 at 3:55=E2=80=AFPM Mark Wielaard = wrote: > > >=20 > > > .debug sections are raw bytes and don't need conversion even when hos= t > > > and file have different endian order. > >=20 > > Thank you! I like this patch more for its simplicity, looks good to me. >=20 > Agreed. I haven't actually tested the patch though but since it's > covered by the fuzz > target it should be tested once it's merged anyway. I was actually planning on pushing both patches. This one makes sure the conversion code isn't called, because that is unnecessary in this case. The first patch adjusts the conversion code so it doesn't leave some undefined bytes in the section data. > On a somewhat related looking at some recent patches and especially > https://sourceware.org/git/?p=3Delfutils.git;a=3Dcommit;h=3D64ee2cb792e7b= 6ba6ad2a5759bff7ce8714e4668 > it seems apart from OSS-Fuzz elfutils is fuzzed elsewhere. Aleksei I > wonder if it would > be possible to add those fuzz targets to OSS-Fuzz? There are blind > spots there and I think it would be > really great to start covering at least some of them. I do often run a fuzzer (afl with --enable-sanitize-undefined and -- enable-sanitize-address with CC=3D"afl-gcc -m32") when writing a new testcase. Some testcases are nice as fuzz targets because they test just one function, so running the fuzzer for a couple of hours exhausts the different input values. Cheers, Mark