On Wed, Jun 24, 2015 at 12:12:45AM +0300, Alexander Cherepanov wrote: > On 2015-06-23 18:44, Hanno Böck wrote: > >The elfutils webpage says: > >"To report bugs: please open a bugzilla report against the elfutils > >component." > > > >However it seems the redhat bugzilla doesn't have an elfutils > >component. Therefore I'm reporting it here, hope that's okay. > > IIRC, to find elfutils, you have to choose Fedora as a product in bugzilla.
Yes, the link on the webpage should already point to that. I improved it a bit to directly point to the correct component too. https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora&component=elfutils Maybe we should have a different bug tracker? Historically all bugs were reported in the Red Hat bugzilla, then moved to the Fedora one. And I just happen to also package elfutils for Fedora, so left it like that. > >The attached file will cause a huge malloc allocation with elfutils' nm > >tool. This will crash if you try to run it with address sanitizer. > > > >The reason is likely that nm will try to allocate space for something > >based on the header value - no matter if that value makes any sense. A > >sanity check that checks in such cases if the file itself is smaller > >than the supposedly allocated memory could avoid that. > > I've reported several similar issues before. Mark replied: > > "I believe the "Argument 'size' of function malloc has a fishy (possibly > negative) value" in dwarf_begin_elf.c (check_section) is correct, but > harmless. We do check the value doesn't actually overflow, the allocation > will likely fail, but that is also checked." I am very interested in the results of the gcc sanitizers, valgrind, fuzzers, etc. It really helped make elfutils much more robust. For 0.163 all known crashers were fixed. So if you are still able to crash elfutils libraries or tools, please do report. But in this case as far as I know these kind of malloc argument checks are indeed just noise. We do check the results of malloc everywhere (or should at least). I might be wrong of course, or miss something subtle. So please do let me know if you think it is something to fix differently from how we handle it currently. Thanks, Mark
