[PATCH] libelf: Check ELF parent size can contain ar member

Don't trust the ar header offset and size. When creating an Elf descriptor for an ar member check the offset isn't past the end of the containing Elf and don't use/set the member maximum_size larger than the remaining size of the parent. * libelf/elf_begin.c (dup_elf): Only call read_file

Re: [PATCH] libdw_open_elf: Avoid invalid free

On Fri, Sep 5, 2025 at 6:24 PM Mark Wielaard wrote: > > Hi Aaron, > > On Fri, Sep 05, 2025 at 03:41:53PM -0400, Aaron Merey wrote: > > If libdw_open_elf detects an invalid ELF file, it may attempt to > > temporarily treat it as an ELF archive in order to check if there's > > a valid ELF file follo

[Bug general/33382] New: Investigate unlock/wrlock pattern

https://sourceware.org/bugzilla/show_bug.cgi?id=33382 Bug ID: 33382 Summary: Investigate unlock/wrlock pattern Product: elfutils Version: unspecified Status: NEW Severity: normal Priority: P2 Component: general

Re: [PATCH] libelf: Check ELF parent size can contain ar member

Hi Evgeny, On Sat, Sep 06, 2025 at 05:18:57PM +0300, Evgeny wrote: > On Sat, 6 Sept 2025 at 13:50, Mark Wielaard wrote: > > This, plus Aaron's fix for libdw_open_elf, should resolve the ossfuzz > > issues. > > I can confirm that this patch (combined with the patch where libdw_open_elf > is fixed

☠ Buildbot (Sourceware): elfutils - failed test (failure) (main)

A new failure has been detected on builder elfutils-debian-armhf while building elfutils. Full details are available at: https://builder.sourceware.org/buildbot/#/builders/6/builds/437 Build state: failed test (failure) Revision: 685e4ad915f0c594696d9fdae9ab4074d250392d Worker: debian-armhf