Hi Mark, I'm not subscribed to the mailing list so I can't seem to reply to https://sourceware.org/pipermail/elfutils-devel/2021q4/004595.html directly. All those issues can be reproduced by downloading public testcases and passing them to ./fuzz/dwfl-core. That particular issue can be reproduced with ``` autoreconf -i -f ./configure --enable-maintainer-mode --enable-sanitize-address --enable-sanitize-undefined make -j$(nproc) V=1 make -C tests fuzz-dwfl-core
wget -O CRASH https://oss-fuzz.com/download?testcase_id=4756614962348032 LD_LIBRARY_PATH="./libdw;./libelf" ./tests/fuzz-dwfl-core ./CRASH Running: ./CRASH ================================================================= ==266852==ERROR: AddressSanitizer: unknown-crash on address 0x7f492ff9c000 at pc 0x7f4934340b00 bp 0x7ffc09558f30 sp 0x7ffc095586e0 READ of size 64 at 0x7f492ff9c000 thread T0 #0 0x7f4934340aff in __interceptor_memcpy (/lib64/libasan.so.6+0x39aff) #1 0x7f4933f2aa90 in memcpy /usr/include/bits/string_fortified.h:29 #2 0x7f4933f2aa90 in dwfl_segment_report_module /home/vagrant/elfutils/libdwfl/dwfl_segment_report_module.c:385 #3 0x7f4933f3a09d in _new.dwfl_core_file_report /home/vagrant/elfutils/libdwfl/core-file.c:559 #4 0x40194b in LLVMFuzzerTestOneInput /home/vagrant/elfutils/tests/fuzz-dwfl-core.c:47 #5 0x401411 in main /home/vagrant/elfutils/tests/fuzz-main.c:33 #6 0x7f493310c55f in __libc_start_call_main (/lib64/libc.so.6+0x2d55f) #7 0x7f493310c60b in __libc_start_main_impl (/lib64/libc.so.6+0x2d60b) #8 0x401654 in _start (/home/vagrant/elfutils/tests/fuzz-dwfl-core+0x401654) Address 0x7f492ff9c000 is a wild pointer. SUMMARY: AddressSanitizer: unknown-crash (/lib64/libasan.so.6+0x39aff) in __interceptor_memcpy Shadow bytes around the buggy address: 0x0fe9a5feb7b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0fe9a5feb7c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0fe9a5feb7d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0fe9a5feb7e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0fe9a5feb7f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 =>0x0fe9a5feb800:[fe]fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe 0x0fe9a5feb810: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe 0x0fe9a5feb820: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe 0x0fe9a5feb830: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe 0x0fe9a5feb840: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe 0x0fe9a5feb850: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb Shadow gap: cc ==266852==ABORTING ```
