Issue 56394 in oss-fuzz: binutils:fuzz_dwarf: Out-of-memory in fuzz_dwarf
Comment #2 on issue 56394 by amo...@gmail.com: binutils:fuzz_dwarf: Out-of-memory in fuzz_dwarf https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=56394#c2 Won't fix. mmo format object files are compressed, running out of memory is to be expected with any arbitrary limit. -- You received this message because: 1. You were specifically CC'd on the issue You may adjust your notification preferences at: https://bugs.chromium.org/hosting/settings Reply to this email to add a comment.
Issue 56425 in oss-fuzz: binutils:fuzz_as: Out-of-memory in fuzz_as
Comment #2 on issue 56425 by amo...@gmail.com: binutils:fuzz_as: Out-of-memory in fuzz_as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=56425#c2 Won't fix. This is .rep with a large repeat count. Running out of memory is not an error, just not enough memory. -- You received this message because: 1. You were specifically CC'd on the issue You may adjust your notification preferences at: https://bugs.chromium.org/hosting/settings Reply to this email to add a comment.
Issue 57072 in oss-fuzz: binutils:fuzz_as: Stack-overflow in symbol_clone_if_forward_ref
Comment #2 on issue 57072 by amo...@gmail.com: binutils:fuzz_as: Stack-overflow in symbol_clone_if_forward_ref https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=57072#c2 This is not at all interesting. The testcase generates an enormous expression with a line of what looks to be 136000 inclusive-or operators. Yes, that blows the stack. -- You received this message because: 1. You were specifically CC'd on the issue You may adjust your notification preferences at: https://bugs.chromium.org/hosting/settings Reply to this email to add a comment.
Issue 57213 in oss-fuzz: binutils:fuzz_objdump_safe: Timeout in fuzz_objdump_safe
Comment #2 on issue 57213 by amo...@gmail.com: binutils:fuzz_objdump_safe: Timeout in fuzz_objdump_safe https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=57213#c2 The only problem here is a relatively short timeout for a large testcase dumping a huge amount of text. -- You received this message because: 1. You were specifically CC'd on the issue You may adjust your notification preferences at: https://bugs.chromium.org/hosting/settings Reply to this email to add a comment.
Issue 53418 in oss-fuzz: binutils:fuzz_strings: Out-of-memory in fuzz_strings
Comment #4 on issue 53418 by amo...@gmail.com: binutils:fuzz_strings: Out-of-memory in fuzz_strings https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=53418#c4 Hmm, maybe I was a little hasty in assuming asan memory overhead is the problem here. The problem is more likely due to the section buffer not being freed. When the fuzzer calls the internal strings function 100 times we'd be trying to allocate 96G plus asan overhead. -- You received this message because: 1. You were specifically CC'd on the issue You may adjust your notification preferences at: https://bugs.chromium.org/hosting/settings Reply to this email to add a comment.
Issue 53418 in oss-fuzz: binutils:fuzz_strings: Out-of-memory in fuzz_strings
Comment #3 on issue 53418 by amo...@gmail.com: binutils:fuzz_strings: Out-of-memory in fuzz_strings https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=53418#c3 This "bug" won't be fixed. Nor will any other fuzzing bug report about exceeding a memory limit when the object format is mmo. mmo is a compressed object file format with arbitrarily large uncompressed data. An artifical mmo section limit of 1G is imposed by bfd, but asan memory overhead is quite large. In this case an attempt is made to allocate a 960M buffer. -- You received this message because: 1. You were specifically CC'd on the issue You may adjust your notification preferences at: https://bugs.chromium.org/hosting/settings Reply to this email to add a comment.
Issue 47177 in oss-fuzz: binutils:fuzz_readelf: Timeout in fuzz_readelf
Comment #4 on issue 47177 by amo...@gmail.com: binutils:fuzz_readelf: Timeout in fuzz_readelf https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47177#c4 No bug here, just an enormous lot of readelf output. -- You received this message because: 1. You were specifically CC'd on the issue You may adjust your notification preferences at: https://bugs.chromium.org/hosting/settings Reply to this email to add a comment.
Issue 43790 in oss-fuzz: binutils:fuzz_as: Null-dereference READ in htab_find_slot
Comment #2 on issue 43790 by amo...@gmail.com: binutils:fuzz_as: Null-dereference READ in htab_find_slot https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=43790#c2 This one is due to an error in the fuzzer. The NULL reference is to macro_hash. macro_init needs to be called. -- You received this message because: 1. You were specifically CC'd on the issue You may adjust your notification preferences at: https://bugs.chromium.org/hosting/settings Reply to this email to add a comment.
Issue 44796 in oss-fuzz: binutils:fuzz_nm: Stack-overflow in mmo_get_symbols
Comment #2 on issue 44796 by amo...@gmail.com: binutils:fuzz_nm: Stack-overflow in mmo_get_symbols https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=44796#c2 Won't fix this one. Fuzzed trie parsed by recursion in mmo_get_symbols can be arbitrarily deep, unless some limit is imposed. -- You received this message because: 1. You were specifically CC'd on the issue You may adjust your notification preferences at: https://bugs.chromium.org/hosting/settings Reply to this email to add a comment.
Issue 40399 in oss-fuzz: binutils:fuzz_nm: Stack-overflow in mmo_get_symbols
Comment #1 on issue 40399 by amo...@gmail.com: binutils:fuzz_nm: Stack-overflow in mmo_get_symbols https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=40399#c1 Not a bug. It's perfectly fine for fuzzed objects to generate stack overflows and any other out of memory condition, especially since asan instrumented functions have much larger stack frames than non-instrumented. In this case we have an mmo object file which stores its symbol table as a byte encoded tree structure. That tree is read by recursively descending the nodes. A trivial bit of fuzzing leads to arbitrarily deep trees, and it appears that asan instrumentation will blow the stack after 250 or so recursive calls. A fuzzer own-goal. -- You received this message because: 1. You were specifically CC'd on the issue You may adjust your notification preferences at: https://bugs.chromium.org/hosting/settings Reply to this email to add a comment.
Issue 40330 in oss-fuzz: binutils:fuzz_as: Stack-use-after-return in as_bad_internal
Comment #6 on issue 40330 by amo...@gmail.com: binutils:fuzz_as: Stack-use-after-return in as_bad_internal https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=40330#c6 There isn't a great deal in bfd that is specific to gas. Many of the bfd functions used by gas are also used by objcopy and objdump. Why can't oss-fuzz run an actual gas image compiled with asan support? -- You received this message because: 1. You were specifically CC'd on the issue You may adjust your notification preferences at: https://bugs.chromium.org/hosting/settings Reply to this email to add a comment.
Issue 40330 in oss-fuzz: binutils:fuzz_as: Stack-use-after-return in as_bad_internal
Comment #3 on issue 40330 by amo...@gmail.com: binutils:fuzz_as: Stack-use-after-return in as_bad_internal https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=40330#c3 No, just disabling one particular class of error isn't sufficient. Once you go into running perform_an_assembly_pass with bogus global state, anything can happen, so the entire output of the fuzzer is worthless. Sorry. -- You received this message because: 1. You were specifically CC'd on the issue You may adjust your notification preferences at: https://bugs.chromium.org/hosting/settings Reply to this email to add a comment.
Issue 40330 in oss-fuzz: binutils:fuzz_as: Stack-use-after-return in as_bad_internal
Comment #1 on issue 40330 by amo...@gmail.com: binutils:fuzz_as: Stack-use-after-return in as_bad_internal https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=40330#c1 This is not a exactly a problem with the assembler. This is a fuzzer issue. On the second and subseqent runs of binutils/fuzz_as.c:LLVMFuzzerTestOneInput perform_as_assembly_pass is being run with gas global variables holding info from the previous run, not initialised as they would be when actually running gas. For this particular fuzzing report, the gas variable in question is static struct conditional_frame *current_cframe = NULL; in gas/cond.c, and there are many similar variables. -- You received this message because: 1. You were specifically CC'd on the issue You may adjust your notification preferences at: https://bugs.chromium.org/hosting/settings Reply to this email to add a comment.
Issue 40338 in oss-fuzz: binutils:fuzz_as: Use-of-uninitialized-value in input_file_open
Comment #1 on issue 40338 by amo...@gmail.com: binutils:fuzz_as: Use-of-uninitialized-value in input_file_open https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=40338#c1 Another problem with fuzz_as.c. I intend to ignore all fuzz_as reports. -- You received this message because: 1. You were specifically CC'd on the issue You may adjust your notification preferences at: https://bugs.chromium.org/hosting/settings Reply to this email to add a comment.
Issue 39902 in oss-fuzz: binutils:fuzz_readelf: Unexpected-exit in xexit
Comment #2 on issue 39902 by amo...@gmail.com: binutils:fuzz_readelf: Unexpected-exit in xexit https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=39902#c2 This is a non-issue, and will not be "fixed" in binutils. Out of memory is always going to be possible with compressed section contents that have a bogus fuzzed decompressed size. -- You received this message because: 1. You were specifically CC'd on the issue You may adjust your notification preferences at: https://bugs.chromium.org/hosting/settings Reply to this email to add a comment.
Issue 33312 in oss-fuzz: binutils: Fuzzing build failure
Comment #3 on issue 33312 by amo...@gmail.com: binutils: Fuzzing build failure https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=33312#c3 Yes exactly, and I'm not going to pollute the binutils source with #ifdef around those functions. There are plenty of other static inline functions defined in header files that are unused, so it would seem that clang-12 warns in .c files but not .h. The obvious solution for the fuzzers is to configure with --disable-werror. I'm going on vacation for two weeks and will submit a change to do that on my return, unless someone else does so before that. ;-) -- You received this message because: 1. You were specifically CC'd on the issue You may adjust your notification preferences at: https://bugs.chromium.org/hosting/settings Reply to this email to add a comment.
Issue 33312 in oss-fuzz: binutils: Fuzzing build failure
Comment #1 on issue 33312 by amo...@gmail.com: binutils: Fuzzing build failure https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=33312#c1 clang warns about two unused "static inline" functions. Really? -- You received this message because: 1. You were specifically CC'd on the issue You may adjust your notification preferences at: https://bugs.chromium.org/hosting/settings Reply to this email to add a comment.
Issue 31242 in oss-fuzz: binutils:fuzz_bfd: Timeout in fuzz_bfd
Comment #2 on issue 31242 by amo...@gmail.com: binutils:fuzz_bfd: Timeout in fuzz_bfd https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31242#c2 This is again a case of an enormous amout of output not being handled well by oss-fuzz, rather than binutils code getting into a loop somewhere. -- You received this message because: 1. You were specifically CC'd on the issue You may adjust your notification preferences at: https://bugs.chromium.org/hosting/settings Reply to this email to add a comment.
Issue 31168 in oss-fuzz: binutils:fuzz_readelf: Timeout in fuzz_readelf
Comment #4 on issue 31168 by amo...@gmail.com: binutils:fuzz_readelf: Timeout in fuzz_readelf https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31168#c4 No, sorry, I don't know that much about anything in oss-fuzz outside of projects/binutils. -- You received this message because: 1. You were specifically CC'd on the issue You may adjust your notification preferences at: https://bugs.chromium.org/hosting/settings Reply to this email to add a comment.
Issue 31168 in oss-fuzz: binutils:fuzz_readelf: Timeout in fuzz_readelf
Comment #2 on issue 31168 by amo...@gmail.com: binutils:fuzz_readelf: Timeout in fuzz_readelf https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31168#c2 This timeout is not caused by a bug in readelf, but is due to a testcase producing 3.6G of output. It seems oss-fuzz infrastructure can't handle such large files. My fairly old x86_64 box (AMD FX8120 based) runs the test in 30 seconds with output directed to /dev/null and in 45 sections when writing to a file. Perhaps the readelf tests ought to redirect output to /dev/null? -- You received this message because: 1. You were specifically CC'd on the issue You may adjust your notification preferences at: https://bugs.chromium.org/hosting/settings Reply to this email to add a comment.
Issue 29483 in oss-fuzz: binutils: Fuzzing build failure
Comment #1 on issue 29483 by amo...@gmail.com: binutils: Fuzzing build failure https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=29483#c1 See https://sourceware.org/bugzilla/show_bug.cgi?id=27173 -- You received this message because: 1. You were specifically CC'd on the issue You may adjust your notification preferences at: https://bugs.chromium.org/hosting/settings Reply to this email to add a comment.
Issue 27734 in oss-fuzz: binutils:fuzz_readelf: Abrt with empty stacktrace
Comment #4 on issue 27734 by amo...@gmail.com: binutils:fuzz_readelf: Abrt with empty stacktrace https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=27734#c4 Pull request here https://github.com/google/oss-fuzz/pull/4945 -- You received this message because: 1. You were specifically CC'd on the issue You may adjust your notification preferences at: https://bugs.chromium.org/hosting/settings Reply to this email to add a comment.
Issue 27734 in oss-fuzz: binutils:fuzz_readelf: Abrt with empty stacktrace
Comment #2 on issue 27734 by amo...@gmail.com: binutils:fuzz_readelf: Abrt with empty stacktrace https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=27734#c2 If I understand correctly that the fuzzers run multiple inputs through a given fuzzer image, then this patch should fix these random crashes. Attachments: 0001-Issue-27734-binutils-fuzz_readelf-Abrt-with-empty-st.patch 797 bytes -- You received this message because: 1. You were specifically CC'd on the issue You may adjust your notification preferences at: https://bugs.chromium.org/hosting/settings Reply to this email to add a comment.
Issue 21180 in oss-fuzz
The following issue was updated: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=21180#c1 -- You received this message because: 1. You were specifically CC'd on the issue You may adjust your notification preferences at: https://bugs.chromium.org/hosting/settings Reply to this email to add a comment.
Issue 20602 in oss-fuzz
The following issue was updated: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20602#c2 -- You received this message because: 1. You were specifically CC'd on the issue You may adjust your notification preferences at: https://bugs.chromium.org/hosting/settings Reply to this email to add a comment.
Issue 20607 in oss-fuzz
The following issue was updated: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20607#c2 -- You received this message because: 1. You were specifically CC'd on the issue You may adjust your notification preferences at: https://bugs.chromium.org/hosting/settings Reply to this email to add a comment.
Issue 20598 in oss-fuzz
The following issue was updated: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20598#c2 -- You received this message because: 1. You were specifically CC'd on the issue You may adjust your notification preferences at: https://bugs.chromium.org/hosting/settings Reply to this email to add a comment.
Issue 20600 in oss-fuzz
The following issue was updated: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20600#c2 -- You received this message because: 1. You were specifically CC'd on the issue You may adjust your notification preferences at: https://bugs.chromium.org/hosting/settings Reply to this email to add a comment.
Issue 20558 in oss-fuzz
The following issue was updated: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20558#c1 -- You received this message because: 1. You were specifically CC'd on the issue You may adjust your notification preferences at: https://bugs.chromium.org/hosting/settings Reply to this email to add a comment.
Issue 20180 in oss-fuzz
The following issue was updated: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20180#c2 -- You received this message because: 1. You were specifically CC'd on the issue You may adjust your notification preferences at: https://bugs.chromium.org/hosting/settings Reply to this email to add a comment.
Issue 19679 in oss-fuzz
The following issue was updated: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=19679#c4 -- You received this message because: 1. You were specifically CC'd on the issue You may adjust your notification preferences at: https://bugs.chromium.org/hosting/settings Reply to this email to add a comment.
Issue 19679 in oss-fuzz
The following issue was updated: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=19679#c2 -- You received this message because: 1. You were specifically CC'd on the issue You may adjust your notification preferences at: https://bugs.chromium.org/hosting/settings Reply to this email to add a comment.
Issue 19577 in oss-fuzz
The following issue was updated: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=19577#c1 -- You received this message because: 1. You were specifically CC'd on the issue You may adjust your notification preferences at: https://bugs.chromium.org/hosting/settings Reply to this email to add a comment.
Issue 19529 in oss-fuzz
The following issue was updated: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=19529#c1 -- You received this message because: 1. You were specifically CC'd on the issue You may adjust your notification preferences at: https://bugs.chromium.org/hosting/settings Reply to this email to add a comment.
Issue 18214 in oss-fuzz
The following issue was updated: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18214#c5 -- You received this message because: 1. You were specifically CC'd on the issue You may adjust your notification preferences at: https://bugs.chromium.org/hosting/settings Reply to this email to add a comment.
Issue 19000 in oss-fuzz
The following issue was updated: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=19000#c4 -- You received this message because: 1. You were specifically CC'd on the issue You may adjust your notification preferences at: https://bugs.chromium.org/hosting/settings Reply to this email to add a comment.