From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-lf1-x12f.google.com (mail-lf1-x12f.google.com [IPv6:2a00:1450:4864:20::12f]) by sourceware.org (Postfix) with ESMTPS id C1A51384EED4 for ; Fri, 21 Oct 2022 19:57:47 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org C1A51384EED4 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=gmail.com Received: by mail-lf1-x12f.google.com with SMTP id a29so7039130lfo.1 for ; Fri, 21 Oct 2022 12:57:47 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=WagN73TRCjjHSnyqvhlv3ZTfHhDjZutmFTscqwn7kJw=; b=LQ73aQmRReHenqY9TYR652rICFOrmD/AGCRCQPzej2AF0pM9LS0LMnXXqe89KB3IAE 29X8ep0B6Zk80FQLK22QMsacUP+wHxXpMFQfvUJp0qnnvpMoFmOBYSck1HQ8U6SF+rWk y6Cz2jfHKVtLlPNCuJoshYlB9WAfjflAekxC58F9XJxbUQGHVj33pafuCwt24a06QIu8 t4ijWlP5nKIV7dQ1oiB8fuFJ9eYlDw5DYlxi/f3nSHksHtLj3LjMCfyLV88TP0YzeZWG RD2sRvMTNL+XDWUb6Qz5L0UzplLFMgIvqXd2djlWp786YFeddq3I7s6duyJnDw2C2iRO OmFg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=WagN73TRCjjHSnyqvhlv3ZTfHhDjZutmFTscqwn7kJw=; b=7fnETsW5TamkYCNZsIXw+L8pnE1jGqxmL/7N0eD4uXsQI8A/zBDYtBE/Yr/6CQ2NHH 08wJv0plGLAYoayLspFFHKarp9SSdWC0aON2/qe4p1fH0XJQlZMGZc8+ik7aoe7Z1lbH n3Rc++Xyh7fK7CRgqD6SxQHAbmQK5rVGeAvWhylKRlo4V5WD0fEta52T5lARTh1C2YqD 4+9d1oV80qP6/uoeU0EpfKUnv1UqaDszCOD9DdFn+9fE0Zwo5UZB4szrWCpAzvgrzzYc V7rmIoT43ppOcgpYlx0FINCMCRO9vnsJOnqIN5h/gJTlfgAvwgTk+v/aR0x3KQeUw/kG J62w== X-Gm-Message-State: ACrzQf2ubDROPho/pmZtdV/r8So6Guu6nWfeaGnCNFWh54qoUAJ3UPSO rLYzrFqSE+KQqlZF4chedRrjmv03gHuH/KOLHkQ= X-Google-Smtp-Source: AMsMyM7luGP9RxSO1djYKlDFVYD4jbJU2P1wrVoEebclEpTZuIyaWSCEQUpQAxFtLVlb7PE2rOiJJy/4FmAQj5QKTf8= X-Received: by 2002:a19:c205:0:b0:4a4:60e5:5a25 with SMTP id l5-20020a19c205000000b004a460e55a25mr7856878lfc.139.1666382266020; Fri, 21 Oct 2022 12:57:46 -0700 (PDT) MIME-Version: 1.0 References: <199C1200-40AC-4AD2-89D4-24E172CBA353@catenacyber.fr> <20221021132253.GD24703@redhat.com> In-Reply-To: <20221021132253.GD24703@redhat.com> From: Evgeny Vereshchagin Date: Fri, 21 Oct 2022 22:57:32 +0300 Message-ID: Subject: Re: Fuzzing elfutils To: "Frank Ch. Eigler" Cc: Philippe Antoine , elfutils-devel@sourceware.org, david korczynski , izzeem@google.com Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=0.4 required=5.0 tests=BAYES_00,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: > > > Cf https://oss-fuzz.com/testcases?open=yes&q=Arbitrary&proj=elfutils > > This is inaccessible without logins. To judge from https://github.com/google/oss-fuzz/tree/master/infra/experimental/SystemSan#arbitrary-file-open that new experimental fuzzer isn't documented yet but as far as I can tell it flags "tainted" strings passed to the open syscall. That backtrace points to https://sourceware.org/git/?p=elfutils.git;a=blob;f=libdwfl/dwfl_segment_report_module.c;h=28f87f10dd3962082ec4b995f43069ffc4b5e3d4;hb=HEAD#l784 and I think it's a false positive. Looking at https://github.com/google/oss-fuzz/issues/8497 it seems it should be possible to turn it off eventually. Thanks, Evgeny Vereshchagin