Issue 440209728: elfutils:fuzz-libdwfl: Abrt in elf_end

Fri Sep 5 16:40:46 GMT 2025

Replying to this email means your email address will be shared with the
team that works on this product.
https://issues.oss-fuzz.com/issues/440209728

Changed

ev...@gmail.com added comment #2:
It can be reproduced by building elfutils with ASan, downloading the
testcase from https://oss-fuzz.com/download?testcase_id=4759819040129024 and
running `readelf -a`:
```
autoreconf -i -f
./configure --enable-maintainer-mode  --enable-sanitize-address
make V=1
wget -O TESTCASE-440209728
https://oss-fuzz.com/download?testcase_id=4759819040129024
LD_LIBRARY_PATH=$(pwd)/libdw:$(pwd)/libelf ./src/readelf -a
TESTCASE-440209728
```
```
AddressSanitizer:DEADLYSIGNAL
=================================================================
==138361==ERROR: AddressSanitizer: SEGV on unknown address 0x7fa56d3aa7d0
(pc 0x7fa56d60df4a bp 0x7fa56d7bc980 sp 0x7fff5c779cb0 T0)
==138361==The signal is caused by a WRITE memory access.
     #0 0x7fa56d60df4a in __asan::Allocator::Deallocate(void*, unsigned
long, unsigned long, __sanitizer::BufferedStackTrace*, __asan::AllocType)
(/lib64/libasan.so.8+0xdf4a) (BuildId:
10b8ccd49f75c21babf1d7abe51bb63589d8471f)
     #1 0x7fa56d6e5bb9 in free.part.0 (/lib64/libasan.so.8+0xe5bb9)
(BuildId: 10b8ccd49f75c21babf1d7abe51bb63589d8471f)
     #2 0x7fa56d5c1e8f in elf_end /home/vagrant/elfutils/libelf/elf_end.c:122
     #3 0x7fa56d2df666 in libdw_open_elf
/home/vagrant/elfutils/libdwfl/open.c:163
     #4 0x7fa56d2dfbd6 in __libdw_open_file
/home/vagrant/elfutils/libdwfl/open.c:199
     #5 0x7fa56d2b1ea1 in __libdwfl_report_offline
/home/vagrant/elfutils/libdwfl/offline.c:289
     #6 0x00000040fb04 in create_dwfl
/home/vagrant/elfutils/src/readelf.c:970
     #7 0x00000040fe62 in process_file
/home/vagrant/elfutils/src/readelf.c:1014
     #8 0x00000040295c in main /home/vagrant/elfutils/src/readelf.c:482
     #9 0x7fa56d011574 in __libc_start_call_main (/lib64/libc.so.6+0x3574)
(BuildId: 48c4b9b1efb1df15da8e787f489128bf31893317)
     #10 0x7fa56d011627 in
__libc_start_main@GLIBC_2.2.5 (/lib64/libc.so.6+0x3627) (BuildId:
48c4b9b1efb1df15da8e787f489128bf31893317)
     #11 0x0000004047d4 in _start
(/home/vagrant/elfutils/src/readelf+0x4047d4) (BuildId:
f53bce073c5090b8a49889e1f590b6b4a4023a28)

==138361==Register values:
rax = 0x0000000000000002  rbx = 0x00007fa56d3aa7e0  rcx =
0x0000000000000000  rdx = 0x0000000000000003
rdi = 0x00007fa56d3aa7e0  rsi = 0x00007fa56d3aa7e0  rbp =
0x00007fa56d7bc980  rsp = 0x00007fff5c779cb0
  r8 = 0x00007fff5c779d10   r9 = 0x0000000000000001  r10 =
0x0000000000000001  r11 = 0x00007fa56d5c1e90
r12 = 0x00007fff5c779d10  r13 = 0x00007fa56d3aa7d0  r14 =
0x0000000000000001  r15 = 0x0000000000000000
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /home/vagrant/elfutils/libelf/elf_end.c:122
in elf_end
==138361==ABORTING
```
_______________________________

Reference Info: 440209728 elfutils:fuzz-libdwfl: Abrt in elf_end
component:  Public Trackers > 1362134 > OSS Fuzz
status:  New
reporter:  87...@developer.gserviceaccount.com
cc:  da...@adalogics.com, elfutils-devel@sourceware.org, ev...@gmail.com,
and 1 more
collaborators:  co...@oss-fuzz.com
type:  Bug
access level:  Default access
priority:  P2
severity:  S4
hotlist:  Reproducible, Stability-UndefinedBehaviorSanitizer
retention:  Component default
Project:  elfutils
Reported:  Aug 21, 2025

Generated by Google IssueTracker notification system.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://sourceware.org/pipermail/elfutils-devel/attachments/20250905/b35f667c/attachment-0001.htm>