[Bug libelf/28685] UBSan: member access within misaligned address 0x7ff316818032 for type 'struct Elf32_Phdr'

evvers at ya dot ru sourceware-bugzilla@sourceware.org
Mon Dec 20 19:01:41 GMT 2021 

https://sourceware.org/bugzilla/show_bug.cgi?id=28685

--- Comment #7 from Evgeny Vereshchagin <evvers at ya dot ru> ---
Created attachment 13869
  --> https://sourceware.org/bugzilla/attachment.cgi?id=13869&action=edit
archive with a report and a file triggering a memory leak

Thanks! That branch helped me a lot. I rebased it on top of my "fuzz" branch
and pushed it to trigger the tests. CFLite reported a memory leak:
```
$ DEBUGINFOD_URLS= LD_LIBRARY_PATH="./libdw;./libelf" valgrind
--leak-check=full ./src/stack --core
./MEMLEAK/address/leak-8cd1af3e2ba6f343794fbee7232b1531695d2ab1
==379530== Memcheck, a memory error detector
==379530== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==379530== Using Valgrind-3.18.1 and LibVEX; rerun with -h for copyright info
==379530== Command: ./src/stack --core
./MEMLEAK/address/leak-8cd1af3e2ba6f343794fbee7232b1531695d2ab1
==379530==
PID 1147239 - core
TID 1147239:
#0  0x000055dea11b3135
./src/stack: dwfl_thread_getframes tid 1147239 at 0x55dea11b3135 in <unknown>:
invalid operation
==379530==
==379530== HEAP SUMMARY:
==379530==     in use at exit: 37,280 bytes in 97 blocks
==379530==   total heap usage: 4,597 allocs, 4,500 frees, 302,708 bytes
allocated
==379530==
==379530== 20 bytes in 1 blocks are definitely lost in loss record 1 of 8
==379530==    at 0x484186F: malloc (vg_replace_malloc.c:381)
==379530==    by 0x48C4E15: dwfl_segment_report_module
(dwfl_segment_report_module.c:632)
==379530==    by 0x48C8F3E: dwfl_core_file_report@@ELFUTILS_0.158
(core-file.c:559)
==379530==    by 0x402EC6: parse_opt (stack.c:595)
==379530==    by 0x4C4E471: argp_parse (in /usr/lib64/libc.so.6)
==379530==    by 0x4024EA: main (stack.c:695)
==379530==
==379530== LEAK SUMMARY:
==379530==    definitely lost: 20 bytes in 1 blocks
==379530==    indirectly lost: 0 bytes in 0 blocks
==379530==      possibly lost: 0 bytes in 0 blocks
==379530==    still reachable: 37,260 bytes in 96 blocks
==379530==         suppressed: 0 bytes in 0 blocks
==379530== Reachable blocks (those to which a pointer was found) are not shown.
==379530== To see them, rerun with: --leak-check=full --show-leak-kinds=all
==379530==
==379530== For lists of detected and suppressed errors, rerun with: -s
==379530== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0)
```

I haven't tested it with the files that triggered the regression I mentioned at
https://sourceware.org/bugzilla/show_bug.cgi?id=28685#c5 . I'll put those files
to the "seed" corpus and report back.

-- 
You are receiving this mail because:
You are on the CC list for the bug.

More information about the Elfutils-devel mailing list