This is the mail archive of the elfutils-devel@sourceware.org mailing list for the elfutils project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: Bugzilla component missing and another (minor) fuzzing-related bug report

From: Mark Wielaard <mjw at redhat dot com>
To: elfutils-devel at lists dot fedorahosted dot org
Date: Wed, 24 Jun 2015 10:14:04 +0200
Subject: Re: Bugzilla component missing and another (minor) fuzzing-related bug report

On Wed, Jun 24, 2015 at 12:12:45AM +0300, Alexander Cherepanov wrote:
> On 2015-06-23 18:44, Hanno Böck wrote:
> >The elfutils webpage says:
> >"To report bugs: please open a bugzilla report against the elfutils
> >component."
> >
> >However it seems the redhat bugzilla doesn't have an elfutils
> >component. Therefore I'm reporting it here, hope that's okay.
> 
> IIRC, to find elfutils, you have to choose Fedora as a product in bugzilla.

Yes, the link on the webpage should already point to that.
I improved it a bit to directly point to the correct component too.
https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora&component=elfutils

Maybe we should have a different bug tracker? Historically all bugs were
reported in the Red Hat bugzilla, then moved to the Fedora one. And I
just happen to also package elfutils for Fedora, so left it like that.

> >The attached file will cause a huge malloc allocation with elfutils' nm
> >tool. This will crash if you try to run it with address sanitizer.
> >
> >The reason is likely that nm will try to allocate space for something
> >based on the header value - no matter if that value makes any sense. A
> >sanity check that checks in such cases if the file itself is smaller
> >than the supposedly allocated memory could avoid that.
> 
> I've reported several similar issues before. Mark replied:
> 
> "I believe the "Argument 'size' of function malloc has a fishy (possibly
> negative) value" in dwarf_begin_elf.c (check_section) is correct, but
> harmless. We do check the value doesn't actually overflow, the allocation
> will likely fail, but that is also checked."

I am very interested in the results of the gcc sanitizers, valgrind,
fuzzers, etc. It really helped make elfutils much more robust. For 0.163
all known crashers were fixed. So if you are still able to crash elfutils
libraries or tools, please do report.

But in this case as far as I know these kind of malloc argument checks
are indeed just noise. We do check the results of malloc everywhere
(or should at least). I might be wrong of course, or miss something
subtle. So please do let me know if you think it is something to fix
differently from how we handle it currently.

Thanks,

Mark

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]