[Bug libdw/28720] UBSan: member access within misaligned address 0x7f6e8d80f142 for type 'struct Elf32_Phdr', which requires 4 byte alignment

public inbox for elfutils@sourceware.org
 help / color / mirror / Atom feed

From: "evvers at ya dot ru" <sourceware-bugzilla@sourceware.org>
To: elfutils-devel@sourceware.org
Subject: [Bug libdw/28720] UBSan: member access within misaligned address 0x7f6e8d80f142 for type 'struct Elf32_Phdr', which requires 4 byte alignment
Date: Fri, 24 Dec 2021 08:05:12 +0000	[thread overview]
Message-ID: <bug-28720-10460-jnbqtxPj2i@http.sourceware.org/bugzilla/> (raw)
In-Reply-To: <bug-28720-10460@http.sourceware.org/bugzilla/>

https://sourceware.org/bugzilla/show_bug.cgi?id=28720

--- Comment #3 from Evgeny Vereshchagin <evvers at ya dot ru> ---
As far as I can see with the fuzz branch rebased on top on my fuzzing branch
almost all the issues including
https://sourceware.org/pipermail/elfutils-devel/2021q4/004596.html are gone.
Thanks! I'll attach files triggering the remaining issues shortly:
```
$ UBSAN_OPTIONS=print_stacktrace=1:print_summary=1:halt_on_error=1
LD_LIBRARY_PATH="./libdw;./libelf" ./src/stack --core
SIGABRT.PC.7fffe4f4e84c.STACK.18f0f46b60.CODE.-6.ADDR.0.INSTR.mov____%eax,%ebp.fuzz
link_map.c:1040:20: runtime error: variable length array bound evaluates to
non-positive value 0
    #0 0x7fbc58f053e9 in dwfl_link_map_report
/home/vagrant/elfutils/libdwfl/link_map.c:1040
    #1 0x7fbc59023fa7 in _new.dwfl_core_file_report
/home/vagrant/elfutils/libdwfl/core-file.c:552
    #2 0x4053f7 in parse_opt /home/vagrant/elfutils/src/stack.c:595
    #3 0x7fbc581d9471 in argp_parse (/lib64/libc.so.6+0x11e471)
    #4 0x404b39 in main /home/vagrant/elfutils/src/stack.c:695
    #5 0x7fbc580e855f in __libc_start_call_main (/lib64/libc.so.6+0x2d55f)
    #6 0x7fbc580e860b in __libc_start_main_impl (/lib64/libc.so.6+0x2d60b)
    #7 0x404fa4 in _start (/home/vagrant/elfutils/src/stack+0x404fa4)

SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior link_map.c:1040:20 in
```
```
$ UBSAN_OPTIONS=print_stacktrace=1:print_summary=1:halt_on_error=1
LD_LIBRARY_PATH="./libdw;./libelf" ./src/stack --core
SIGABRT.PC.7fffe4f4e84c.STACK.1976b2f3ff.CODE.-6.ADDR.0.INSTR.mov____%eax,%ebp.fuzz
gelf_xlate.h:48:1: runtime error: member access within misaligned address
0x7f0817719077 for type 'struct Elf32_Dyn', which requires 4 byte alignment
0x7f0817719077: note: pointer points here
 00 10 00 00 00  00 00 00 00 00 02 01 00  00 00 00 00 00 7f 45 46  4c 46 00 00
01 01 00 01  00 08 00
             ^
    #0 0x7f0822689542 in Elf32_cvt_Dyn
/home/vagrant/elfutils/libelf/gelf_xlate.h:48
    #1 0x7f082268835e in elf32_xlatetom
/home/vagrant/elfutils/libelf/elf32_xlatetom.c:104
    #2 0x7f0819563307 in dwfl_segment_report_module
/home/vagrant/elfutils/libdwfl/dwfl_segment_report_module.c:848
    #3 0x7f081956c06c in _new.dwfl_core_file_report
/home/vagrant/elfutils/libdwfl/core-file.c:563
    #4 0x4053f7 in parse_opt /home/vagrant/elfutils/src/stack.c:595
    #5 0x7f0818721471 in argp_parse (/lib64/libc.so.6+0x11e471)
    #6 0x404b39 in main /home/vagrant/elfutils/src/stack.c:695
    #7 0x7f081863055f in __libc_start_call_main (/lib64/libc.so.6+0x2d55f)
    #8 0x7f081863060b in __libc_start_main_impl (/lib64/libc.so.6+0x2d60b)
    #9 0x404fa4 in _start (/home/vagrant/elfutils/src/stack+0x404fa4)

SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior gelf_xlate.h:48:1 in
```

-- 
You are receiving this mail because:
You are on the CC list for the bug.

next prev parent reply	other threads:[~2021-12-24  8:05 UTC|newest]

Thread overview: 19+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-12-22  0:35 [Bug libdw/28720] New: " evvers at ya dot ru
2021-12-22  1:00 ` [Bug libdw/28720] " evvers at ya dot ru
2021-12-24  1:10 ` mark at klomp dot org
2021-12-24  8:05 ` evvers at ya dot ru [this message]
2021-12-24  8:06 ` evvers at ya dot ru
2021-12-24  8:07 ` evvers at ya dot ru
2021-12-24  8:17 ` evvers at ya dot ru
2022-01-03 23:42 ` mark at klomp dot org
2022-01-04 18:58 ` evvers at ya dot ru
2022-01-04 19:21 ` evvers at ya dot ru
2022-01-04 21:37 ` mark at klomp dot org
2022-01-04 22:02 ` evvers at ya dot ru
2022-01-06  0:51 ` evvers at ya dot ru
2022-01-06 15:55 ` mark at klomp dot org
2022-01-06 16:41 ` mark at klomp dot org
2022-01-06 17:04 ` mark at klomp dot org
2022-01-06 17:36 ` evvers at ya dot ru
2022-01-06 20:52 ` evvers at ya dot ru
2022-01-07 16:39 ` mark at klomp dot org

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=bug-28720-10460-jnbqtxPj2i@http.sourceware.org/bugzilla/ \
    --to=sourceware-bugzilla@sourceware.org \
    --cc=elfutils-devel@sourceware.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).