From: Mark Wielaard <mark@klomp.org>
To: oss-fuzz@monorail-prod.appspotmail.com
Cc: elfutils-devel@sourceware.org,
ClusterFuzz-External via monorail
<monorail+v2.382749006@chromium.org>
Subject: Re: Issue 46192 in oss-fuzz: elfutils:fuzz-libdwfl: Out-of-memory in fuzz-libdwfl
Date: Thu, 31 Mar 2022 10:50:45 +0200 [thread overview]
Message-ID: <YkVrZQzirGVksCIN@wildebeest.org> (raw)
In-Reply-To: <00000000000096242205db7701aa@google.com>
Hi,
On Wed, Mar 30, 2022 at 03:24:17PM -0700, ClusterFuzz-External via monorail via Elfutils-devel wrote:
> New issue 46192 by ClusterFuzz-External: elfutils:fuzz-libdwfl: Out-of-memory in fuzz-libdwfl
> https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=46192
>
> Detailed Report: https://oss-fuzz.com/testcase?key=5364854623436800
>
> Project: elfutils
> Fuzzing Engine: libFuzzer
> Fuzz Target: fuzz-libdwfl
> Job Type: libfuzzer_asan_elfutils
> Platform Id: linux
>
> Crash Type: Out-of-memory (exceeds 2560 MB)
> Crash Address:
> Crash State:
> fuzz-libdwfl
>
> Sanitizer: address (ASAN)
>
> Regressed: https://oss-fuzz.com/revisions?job=libfuzzer_asan_elfutils&range=202203161800:202203170000
>
> Reproducer Testcase: https://oss-fuzz.com/download?testcase_id=5364854623436800
The issue with this testcase is that it has hundreds of (bad) PT_NOTE
segements. We are trying to find the build-id. For each (bogus)
PT_NOTE segement we call elf_getdata_rawchunk. There is no way to get
rid of a raw data chunk, except closing the Elf. So they just
accumulate till we run out of memory.
I don't know of a good interface to dispose of raw data chunks. But we
could mitigate this a bit by rejecting zero sized rawchunks and
searching the rawchunks to see if we already have created a chunk for
the requested offset, size and type. We currently don't keep track of
the original offset, so that would need to be tracked then.
Cheers,
Mark
next prev parent reply other threads:[~2022-03-31 8:50 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <0=71cc74a7ba1af446b7ed6b9a08b414d9=93889cd702a79ee9e1b81bb522b9d1dc=oss-fuzz@monorail-prod.appspotmail.com>
2022-03-30 22:24 ` ClusterFuzz-External via monorail
2022-03-31 8:50 ` Mark Wielaard [this message]
2022-04-06 15:14 ` ClusterFuzz-External via monorail
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YkVrZQzirGVksCIN@wildebeest.org \
--to=mark@klomp.org \
--cc=elfutils-devel@sourceware.org \
--cc=monorail+v2.382749006@chromium.org \
--cc=oss-fuzz@monorail-prod.appspotmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).