Created attachment 11736 [details] crashes archive Tested on 0.12 I'm attaching an archive with the testcases. I see some OOB read, some NULL ptr dereference and invalid read. There are also some assertion failure: AddressSanitizer: SEGV /var/tmp/portage/dev-libs/elfutils-0.170-r1/work/elfutils-0.170/libelf/elf_rawdata.c:42:6 in elf_rawdata AddressSanitizer: SEGV /var/tmp/portage/dev-libs/elfutils-0.170-r1/work/elfutils-0.170/libelf/gelf_update_phdr.c:131:20 in gelf_update_phdr AddressSanitizer: SEGV /var/tmp/portage/sys-devel/dwz-0.12/work/dwz-0.12/dwz.c in read_dwarf AddressSanitizer: SEGV /var/tmp/portage/sys-devel/dwz-0.12/work/dwz-0.12/dwz.c:234:10 in buf_read_ule32 AddressSanitizer: SEGV /var/tmp/portage/sys-libs/compiler-rt-sanitizers-8.0.0/work/compiler-rt-8.0.0.src/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:461:3 in __interceptor_strncmp AddressSanitizer: SEGV /var/tmp/portage/sys-libs/glibc-2.27-r6/work/glibc-2.27/string/../sysdeps/x86_64/multiarch/memmove-vec-unaligned-erms.S:349 AddressSanitizer: heap-buffer-overflow /var/tmp/portage/sys-devel/dwz-0.12/work/dwz-0.12/dwz.c:222:10 in buf_read_ule16 AddressSanitizer: heap-buffer-overflow /var/tmp/portage/sys-devel/dwz-0.12/work/dwz-0.12/dwz.c:8610:4 in adjust_exprloc AddressSanitizer: heap-buffer-overflow /var/tmp/portage/sys-devel/dwz-0.12/work/dwz-0.12/dwz.c:8614:4 in adjust_exprloc AddressSanitizer: heap-buffer-overflow /var/tmp/portage/sys-devel/dwz-0.12/work/dwz-0.12/dwz.c:8615:4 in adjust_exprloc AddressSanitizer: heap-buffer-overflow /var/tmp/portage/sys-devel/dwz-0.12/work/dwz-0.12/dwz.c:8618:11 in adjust_exprloc Assertion failure dwz: dwz.c:1721: int read_loclist(DSO *, dw_die_ref, GElf_Addr): Assertion `ptr + len <= endsec' failed. dwz: dwz.c:7542: int build_abbrevs_for_die(htab_t, dw_cu_ref, dw_die_ref, dw_cu_ref, dw_die_ref, struct abbrev_tag *, unsigned int *, struct obstack *, _Bool): Assertion `refd != NULL' failed. dwz: dwz.c:7868: unsigned int update_new_die_offsets(dw_die_ref, unsigned int, dw_die_ref **): Assertion `die->u.p2.die_intracu_udata_size == 0 || die->die_ref_seen' failed. dwz: dwz.c:8561: void adjust_exprloc(dw_cu_ref, dw_die_ref, dw_cu_ref, dw_die_ref, unsigned char *, size_t): Assertion `refd != NULL && !refd->die_remove' failed. dwz: dwz.c:8583: void adjust_exprloc(dw_cu_ref, dw_die_ref, dw_cu_ref, dw_die_ref, unsigned char *, size_t): Assertion `refd != NULL' failed. dwz: dwz.c:8790: unsigned char *write_die(unsigned char *, dw_cu_ref, dw_die_ref, dw_cu_ref, dw_die_ref): Assertion `refd != NULL' failed. dwz: dwz.c:9899: int read_dwarf(DSO *, _Bool): Assertion `data != NULL && data->d_buf != NULL' failed.
Looking at the assertions reproducible with trunk, prefixed with occurrence count: 1257 dwz: dwz.c:1768: read_loclist: Assertion `ptr + len <= endsec' failed. PR24172 60 dwz: dwz.c:8782: write_die: Assertion `refd != NULL' failed. PR24169 56 dwz: dwz.c:8552: adjust_exprloc: Assertion `refd != NULL && !refd->die_remove' failed. PR24195 48 dwz: dwz.c:9901: read_dwarf: Assertion `data != NULL' failed. New 46 dwz: dwz.c:7859: update_new_die_offsets: Assertion `die->u.p2.die_intracu_udata_size == 0 || die->die_ref_seen' failed. New 14 dwz: dwz.c:7533: build_abbrevs_for_die: Assertion `refd != NULL' failed. New 2 dwz: dwz.c:8575: adjust_exprloc: Assertion `refd != NULL' failed. New