Some fuzzer workarounds
Mark Wielaard
mark@klomp.org
Mon Mar 21 10:57:05 GMT 2022
Hi,
On Thu, Mar 17, 2022 at 02:30:49PM +0100, Mark Wielaard wrote:
> The following fixes should fix reading of some broken ar archives and
> misaligned access of the section zero Shdr for mmaped ELF files where
> the start of the Elf image is at some offset from the start of the
> map.
>
> [PATCH 1/2] libelf: Take map offset into account for Shdr alignment
> [PATCH 2/2] libelf: Make sure ar_size starts with a digit before
>
> https://code.wildebeest.org/git/user/mjw/elfutils/log/?h=fuzz
>
> I haven't been able to replicate any other issues locally.
So I did eventually replicate some other issues and ran afl-fuzz
locally over the new fuzz targets during the weekend to look for any
others.
I pushed the above two patches, plus the other fixes I posted:
libelf: Check alignment of Verdef, Verdaux, Verneed and Vernaux offsets
libdwfl: Close ar members when they cannot be processed.
libdwfl: Use memcpy to assign image header field values
libelf: Don't overflow offsets in elf_cvt_Verneed and elf_cvt_Verdef
That should hopefully shutup the monorail reports. Except for those
using MSAN, which look bogus to me.
Cheers,
Mark
More information about the Elfutils-devel
mailing list