From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: by sourceware.org (Postfix, from userid 48) id 2271D3858416; Thu, 6 Jan 2022 15:55:09 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 2271D3858416 From: "mark at klomp dot org" To: elfutils-devel@sourceware.org Subject: [Bug libdw/28720] UBSan: member access within misaligned address 0x7f6e8d80f142 for type 'struct Elf32_Phdr', which requires 4 byte alignment Date: Thu, 06 Jan 2022 15:55:08 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: elfutils X-Bugzilla-Component: libdw X-Bugzilla-Version: unspecified X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: mark at klomp dot org X-Bugzilla-Status: RESOLVED X-Bugzilla-Resolution: FIXED X-Bugzilla-Priority: P2 X-Bugzilla-Assigned-To: mark at klomp dot org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://sourceware.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: elfutils-devel@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Elfutils-devel mailing list List-Unsubscribe: , List-Archive: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 06 Jan 2022 15:55:09 -0000 https://sourceware.org/bugzilla/show_bug.cgi?id=3D28720 --- Comment #13 from Mark Wielaard --- (In reply to Evgeny Vereshchagin from comment #9) > According to OSS-Fuzz looks like that commit triggered > https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3D43307 (which was = also > reported in > https://sourceware.org/pipermail/elfutils-devel/2022q1/004623.html): > ``` > $ wget -O CRASH 'https://oss-fuzz.com/download?testcase_id=3D469672211316= 7360' > $ LD_LIBRARY_PATH=3D"./libdw;./libelf" ./src/stack --core ./CRASH > AddressSanitizer:DEADLYSIGNAL > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > =3D=3D153072=3D=3DERROR: AddressSanitizer: SEGV on unknown address 0x7fbe= 8640afe0 > (pc 0x7fbe89eb2fc7 bp 0x7fffe2855510 sp 0x7fffe2855020 T0) > =3D=3D153072=3D=3DThe signal is caused by a READ memory access. > #0 0x7fbe89eb2fc7 in __bswap_64 /usr/include/bits/byteswap.h:73 > #1 0x7fbe89eb2fc7 in read_addrs > /home/vagrant/elfutils/libdwfl/link_map.c:288 > #2 0x7fbe89eb2fc7 in report_r_debug > /home/vagrant/elfutils/libdwfl/link_map.c:341 > #3 0x7fbe89eb2fc7 in dwfl_link_map_report > /home/vagrant/elfutils/libdwfl/link_map.c:1117 > #4 0x7fbe89eb7103 in _new.dwfl_core_file_report > /home/vagrant/elfutils/libdwfl/core-file.c:552 > #5 0x403d06 in parse_opt /home/vagrant/elfutils/src/stack.c:595 > #6 0x7fbe89a90471 in argp_parse (/lib64/libc.so.6+0x11e471) > #7 0x40281d in main /home/vagrant/elfutils/src/stack.c:695 > #8 0x7fbe8999f55f in __libc_start_call_main (/lib64/libc.so.6+0x2d55f) > #9 0x7fbe8999f60b in __libc_start_main_impl (/lib64/libc.so.6+0x2d60b) > #10 0x402c94 in _start (/home/vagrant/elfutils/src/stack+0x402c94) >=20 > AddressSanitizer can not provide additional info. > SUMMARY: AddressSanitizer: SEGV /usr/include/bits/byteswap.h:73 in __bswa= p_64 > =3D=3D153072=3D=3DABORTING > ``` Interesting, that looks like an incomplete overflow check in read_addrs. Proposed fix: https://sourceware.org/pipermail/elfutils-devel/2022q1/004633.html --=20 You are receiving this mail because: You are on the CC list for the bug.=