https://sourceware.org/bugzilla/show_bug.cgi?id=28720
--- Comment #13 from Mark Wielaard <mark at klomp dot org> --- (In reply to Evgeny Vereshchagin from comment #9) > According to OSS-Fuzz looks like that commit triggered > https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=43307 (which was also > reported in > https://sourceware.org/pipermail/elfutils-devel/2022q1/004623.html): > ``` > $ wget -O CRASH 'https://oss-fuzz.com/download?testcase_id=4696722113167360' > $ LD_LIBRARY_PATH="./libdw;./libelf" ./src/stack --core ./CRASH > AddressSanitizer:DEADLYSIGNAL > ================================================================= > ==153072==ERROR: AddressSanitizer: SEGV on unknown address 0x7fbe8640afe0 > (pc 0x7fbe89eb2fc7 bp 0x7fffe2855510 sp 0x7fffe2855020 T0) > ==153072==The signal is caused by a READ memory access. > #0 0x7fbe89eb2fc7 in __bswap_64 /usr/include/bits/byteswap.h:73 > #1 0x7fbe89eb2fc7 in read_addrs > /home/vagrant/elfutils/libdwfl/link_map.c:288 > #2 0x7fbe89eb2fc7 in report_r_debug > /home/vagrant/elfutils/libdwfl/link_map.c:341 > #3 0x7fbe89eb2fc7 in dwfl_link_map_report > /home/vagrant/elfutils/libdwfl/link_map.c:1117 > #4 0x7fbe89eb7103 in _new.dwfl_core_file_report > /home/vagrant/elfutils/libdwfl/core-file.c:552 > #5 0x403d06 in parse_opt /home/vagrant/elfutils/src/stack.c:595 > #6 0x7fbe89a90471 in argp_parse (/lib64/libc.so.6+0x11e471) > #7 0x40281d in main /home/vagrant/elfutils/src/stack.c:695 > #8 0x7fbe8999f55f in __libc_start_call_main (/lib64/libc.so.6+0x2d55f) > #9 0x7fbe8999f60b in __libc_start_main_impl (/lib64/libc.so.6+0x2d60b) > #10 0x402c94 in _start (/home/vagrant/elfutils/src/stack+0x402c94) > > AddressSanitizer can not provide additional info. > SUMMARY: AddressSanitizer: SEGV /usr/include/bits/byteswap.h:73 in __bswap_64 > ==153072==ABORTING > ``` Interesting, that looks like an incomplete overflow check in read_addrs. Proposed fix: https://sourceware.org/pipermail/elfutils-devel/2022q1/004633.html -- You are receiving this mail because: You are on the CC list for the bug.
