Issue 60887 in oss-fuzz: elfutils:fuzz-libelf: Direct-leak in __libelf_decompress_zlib

Mark Wielaard mark@klomp.org
Sat Jul 29 14:38:05 GMT 2023 

Hi Evgeny,

Do you happen to know what clusterfuzz is trying to tell us?  The
stack trace is not detailed enough to understand what is going on.
The reproducer is a corrupt ELF file with no indication of what code
is being run on it. And the detailed report is not accessible (it
seems to require a google or github account to login).

Thanks,

Mark

On Thu, Jul 27, 2023 at 01:44:24PM -0700, ClusterFuzz-External via monorail via Elfutils-devel wrote:
> Status: New
> Owner: ----
> CC: elfut...@sourceware.org, da...@adalogics.com, evv...@gmail.com, izzeem@google.com 
> Labels: ClusterFuzz Stability-Memory-AddressSanitizer Reproducible Stability-Memory-LeakSanitizer Engine-libfuzzer OS-Linux Proj-elfutils Reported-2023-07-27
> Type: Bug
> 
> New issue 60887 by ClusterFuzz-External: elfutils:fuzz-libelf: Direct-leak in __libelf_decompress_zlib
> https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=60887
> 
> Detailed Report: https://oss-fuzz.com/testcase?key=4651173658099712
> 
> Project: elfutils
> Fuzzing Engine: libFuzzer
> Fuzz Target: fuzz-libelf
> Job Type: libfuzzer_asan_elfutils
> Platform Id: linux
> 
> Crash Type: Direct-leak
> Crash Address: 
> Crash State:
>   __libelf_decompress_zlib
>   __libelf_decompress_elf
>   get_zdata
>   
> Sanitizer: address (ASAN)
> 
> Regressed: https://oss-fuzz.com/revisions?job=libfuzzer_asan_elfutils&range=202203161800:202203170000
> 
> Reproducer Testcase: https://oss-fuzz.com/download?testcase_id=4651173658099712
> 
> Issue filed automatically.
> 
> See https://google.github.io/oss-fuzz/advanced-topics/reproducing for instructions to reproduce this bug locally.
> When you fix this bug, please
>   * mention the fix revision(s).
>   * state whether the bug was a short-lived regression or an old bug in any stable releases.
>   * add any other useful information.
> This information can help downstream consumers.
> 
> If you need to contact the OSS-Fuzz team with a question, concern, or any other feedback, please file an issue at https://github.com/google/oss-fuzz/issues. Comments on individual Monorail issues are not monitored.
> 
> -- 
> You received this message because:
>   1. You were specifically CC'd on the issue
> 
> You may adjust your notification preferences at:
> https://bugs.chromium.org/hosting/settings
> 
> Reply to this email to add a comment.

More information about the Elfutils-devel mailing list