From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <mark@klomp.org>
Received: from gnu.wildebeest.org (gnu.wildebeest.org [45.83.234.184])
 by sourceware.org (Postfix) with ESMTPS id EA5CE3857434
 for <elfutils-devel@sourceware.org>; Mon, 21 Mar 2022 10:57:06 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org EA5CE3857434
Authentication-Results: sourceware.org;
 dmarc=none (p=none dis=none) header.from=klomp.org
Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=klomp.org
Received: from reform (deer0x09.wildebeest.org [172.31.17.139])
 (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by gnu.wildebeest.org (Postfix) with ESMTPSA id BB567302FB81;
 Mon, 21 Mar 2022 11:57:05 +0100 (CET)
Received: by reform (Postfix, from userid 1000)
 id 6735B2E819FF; Mon, 21 Mar 2022 11:57:05 +0100 (CET)
Date: Mon, 21 Mar 2022 11:57:05 +0100
From: Mark Wielaard <mark@klomp.org>
To: elfutils-devel@sourceware.org
Cc: david korczynski <david@adalogics.com>, Evgeny Vereshchagin <evvers@ya.ru>
Subject: Re: Some fuzzer workarounds
Message-ID: <YjhaAZhm7sRp4fdw@wildebeest.org>
References: <20220317133051.100876-1-mark@klomp.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20220317133051.100876-1-mark@klomp.org>
X-Spam-Status: No, score=-3.8 required=5.0 tests=BAYES_00, KAM_DMARC_STATUS,
 SPF_HELO_NONE, SPF_PASS, TXREP,
 T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.4
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on
 server2.sourceware.org
X-BeenThere: elfutils-devel@sourceware.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Elfutils-devel mailing list <elfutils-devel.sourceware.org>
List-Unsubscribe: <https://sourceware.org/mailman/options/elfutils-devel>,
 <mailto:elfutils-devel-request@sourceware.org?subject=unsubscribe>
List-Archive: <https://sourceware.org/pipermail/elfutils-devel/>
List-Help: <mailto:elfutils-devel-request@sourceware.org?subject=help>
List-Subscribe: <https://sourceware.org/mailman/listinfo/elfutils-devel>,
 <mailto:elfutils-devel-request@sourceware.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Mar 2022 10:57:08 -0000

Hi,

On Thu, Mar 17, 2022 at 02:30:49PM +0100, Mark Wielaard wrote:
> The following fixes should fix reading of some broken ar archives and
> misaligned access of the section zero Shdr for mmaped ELF files where
> the start of the Elf image is at some offset from the start of the
> map.
> 
> [PATCH 1/2] libelf: Take map offset into account for Shdr alignment
> [PATCH 2/2] libelf: Make sure ar_size starts with a digit before
> 
> https://code.wildebeest.org/git/user/mjw/elfutils/log/?h=fuzz
> 
> I haven't been able to replicate any other issues locally.

So I did eventually replicate some other issues and ran afl-fuzz
locally over the new fuzz targets during the weekend to look for any
others.

I pushed the above two patches, plus the other fixes I posted:

      libelf: Check alignment of Verdef, Verdaux, Verneed and Vernaux offsets
      libdwfl: Close ar members when they cannot be processed.
      libdwfl: Use memcpy to assign image header field values
      libelf: Don't overflow offsets in elf_cvt_Verneed and elf_cvt_Verdef

That should hopefully shutup the monorail reports. Except for those
using MSAN, which look bogus to me.

Cheers,

Mark