From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <mark@klomp.org>
Received: from gnu.wildebeest.org (gnu.wildebeest.org [45.83.234.184])
 by sourceware.org (Postfix) with ESMTPS id AD3A63858D35
 for <elfutils-devel@sourceware.org>; Fri, 24 Dec 2021 01:23:08 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org AD3A63858D35
Authentication-Results: sourceware.org;
 dmarc=none (p=none dis=none) header.from=klomp.org
Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=klomp.org
Received: from reform (deer0x12.wildebeest.org [172.31.17.148])
 (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by gnu.wildebeest.org (Postfix) with ESMTPSA id E18D5302FBA8;
 Fri, 24 Dec 2021 02:23:06 +0100 (CET)
Received: by reform (Postfix, from userid 1000)
 id AAFA02E80E58; Fri, 24 Dec 2021 02:23:06 +0100 (CET)
Date: Fri, 24 Dec 2021 02:23:06 +0100
From: Mark Wielaard <mark@klomp.org>
To: Evgeny Vereshchagin <evvers@ya.ru>
Cc: elfutils-devel@sourceware.org
Subject: Re: OSS-Fuzz issue 42877
Message-ID: <YcUg+thbkjK7QvJ2@wildebeest.org>
References: <6E8C30A5-04FE-498A-9BA8-5484134B2629@ya.ru>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <6E8C30A5-04FE-498A-9BA8-5484134B2629@ya.ru>
X-Spam-Status: No, score=-3.5 required=5.0 tests=BAYES_00, JMQ_SPF_NEUTRAL,
 KAM_DMARC_STATUS, KAM_NUMSUBJECT, SPF_HELO_NONE, SPF_PASS,
 TXREP autolearn=no autolearn_force=no version=3.4.4
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on
 server2.sourceware.org
X-BeenThere: elfutils-devel@sourceware.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Elfutils-devel mailing list <elfutils-devel.sourceware.org>
List-Unsubscribe: <https://sourceware.org/mailman/options/elfutils-devel>,
 <mailto:elfutils-devel-request@sourceware.org?subject=unsubscribe>
List-Archive: <https://sourceware.org/pipermail/elfutils-devel/>
List-Help: <mailto:elfutils-devel-request@sourceware.org?subject=help>
List-Subscribe: <https://sourceware.org/mailman/listinfo/elfutils-devel>,
 <mailto:elfutils-devel-request@sourceware.org?subject=subscribe>
X-List-Received-Date: Fri, 24 Dec 2021 01:23:10 -0000

Hi Evgeny,

On Fri, Dec 24, 2021 at 12:49:53AM +0300, Evgeny Vereshchagin wrote:
> All those issues can be reproduced by downloading public testcases and
> passing them to ./fuzz/dwfl-core. That particular issue can be reproduced with
> ```
> autoreconf -i -f
> ./configure --enable-maintainer-mode --enable-sanitize-address --enable-sanitize-undefined
> make -j$(nproc) V=1
> make -C tests fuzz-dwfl-core
> 
> wget -O CRASH https://oss-fuzz.com/download?testcase_id=4756614962348032
> 
> LD_LIBRARY_PATH="./libdw;./libelf" ./tests/fuzz-dwfl-core ./CRASH
> Running: ./CRASH
> =================================================================
> ==266852==ERROR: AddressSanitizer: unknown-crash on address 0x7f492ff9c000 at pc 0x7f4934340b00 bp 0x7ffc09558f30 sp 0x7ffc095586e0
> READ of size 64 at 0x7f492ff9c000 thread T0
>     #0 0x7f4934340aff in __interceptor_memcpy (/lib64/libasan.so.6+0x39aff)
>     #1 0x7f4933f2aa90 in memcpy /usr/include/bits/string_fortified.h:29
>     #2 0x7f4933f2aa90 in dwfl_segment_report_module /home/vagrant/elfutils/libdwfl/dwfl_segment_report_module.c:385

Thanks that is useful. I think this issue has the same root cause as
an issue found by afl-fuzz for which I posted a patch here:
https://sourceware.org/pipermail/elfutils-devel/2021q4/004597.html

Cheers,

Mark