From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: by sourceware.org (Postfix, from userid 48) id 0D7743858C2C; Mon, 20 Dec 2021 19:01:42 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 0D7743858C2C From: "evvers at ya dot ru" To: elfutils-devel@sourceware.org Subject: [Bug libelf/28685] UBSan: member access within misaligned address 0x7ff316818032 for type 'struct Elf32_Phdr' Date: Mon, 20 Dec 2021 19:01:41 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: elfutils X-Bugzilla-Component: libelf X-Bugzilla-Version: unspecified X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: evvers at ya dot ru X-Bugzilla-Status: ASSIGNED X-Bugzilla-Resolution: X-Bugzilla-Priority: P2 X-Bugzilla-Assigned-To: mark at klomp dot org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: attachments.created Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://sourceware.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: elfutils-devel@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Elfutils-devel mailing list List-Unsubscribe: , List-Archive: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 20 Dec 2021 19:01:42 -0000 https://sourceware.org/bugzilla/show_bug.cgi?id=3D28685 --- Comment #7 from Evgeny Vereshchagin --- Created attachment 13869 --> https://sourceware.org/bugzilla/attachment.cgi?id=3D13869&action=3Ded= it archive with a report and a file triggering a memory leak Thanks! That branch helped me a lot. I rebased it on top of my "fuzz" branch and pushed it to trigger the tests. CFLite reported a memory leak: ``` $ DEBUGINFOD_URLS=3D LD_LIBRARY_PATH=3D"./libdw;./libelf" valgrind --leak-check=3Dfull ./src/stack --core ./MEMLEAK/address/leak-8cd1af3e2ba6f343794fbee7232b1531695d2ab1 =3D=3D379530=3D=3D Memcheck, a memory error detector =3D=3D379530=3D=3D Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward= et al. =3D=3D379530=3D=3D Using Valgrind-3.18.1 and LibVEX; rerun with -h for copy= right info =3D=3D379530=3D=3D Command: ./src/stack --core ./MEMLEAK/address/leak-8cd1af3e2ba6f343794fbee7232b1531695d2ab1 =3D=3D379530=3D=3D PID 1147239 - core TID 1147239: #0 0x000055dea11b3135 ./src/stack: dwfl_thread_getframes tid 1147239 at 0x55dea11b3135 in : invalid operation =3D=3D379530=3D=3D =3D=3D379530=3D=3D HEAP SUMMARY: =3D=3D379530=3D=3D in use at exit: 37,280 bytes in 97 blocks =3D=3D379530=3D=3D total heap usage: 4,597 allocs, 4,500 frees, 302,708 b= ytes allocated =3D=3D379530=3D=3D =3D=3D379530=3D=3D 20 bytes in 1 blocks are definitely lost in loss record = 1 of 8 =3D=3D379530=3D=3D at 0x484186F: malloc (vg_replace_malloc.c:381) =3D=3D379530=3D=3D by 0x48C4E15: dwfl_segment_report_module (dwfl_segment_report_module.c:632) =3D=3D379530=3D=3D by 0x48C8F3E: dwfl_core_file_report@@ELFUTILS_0.158 (core-file.c:559) =3D=3D379530=3D=3D by 0x402EC6: parse_opt (stack.c:595) =3D=3D379530=3D=3D by 0x4C4E471: argp_parse (in /usr/lib64/libc.so.6) =3D=3D379530=3D=3D by 0x4024EA: main (stack.c:695) =3D=3D379530=3D=3D =3D=3D379530=3D=3D LEAK SUMMARY: =3D=3D379530=3D=3D definitely lost: 20 bytes in 1 blocks =3D=3D379530=3D=3D indirectly lost: 0 bytes in 0 blocks =3D=3D379530=3D=3D possibly lost: 0 bytes in 0 blocks =3D=3D379530=3D=3D still reachable: 37,260 bytes in 96 blocks =3D=3D379530=3D=3D suppressed: 0 bytes in 0 blocks =3D=3D379530=3D=3D Reachable blocks (those to which a pointer was found) ar= e not shown. =3D=3D379530=3D=3D To see them, rerun with: --leak-check=3Dfull --show-leak= -kinds=3Dall =3D=3D379530=3D=3D =3D=3D379530=3D=3D For lists of detected and suppressed errors, rerun with:= -s =3D=3D379530=3D=3D ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 f= rom 0) ``` I haven't tested it with the files that triggered the regression I mentione= d at https://sourceware.org/bugzilla/show_bug.cgi?id=3D28685#c5 . I'll put those= files to the "seed" corpus and report back. --=20 You are receiving this mail because: You are on the CC list for the bug.=