Hi, On Fri, Mar 18, 2022 at 10:26:16AM +0300, Evgeny Vereshchagin wrote: > I think before looking at those reports it would make sense to > figure out what they are supposed to test and how they were tested > to make sure they don't produce false positives. If they weren't > actually tested I think it would make sense to revert them to avoid > getting auto-generated CVEs until they're in more or less good shape > at least.
So I took the fuzz-libelf.c and fuzz-libdwfl.c files from the oss-fuzz repo, tweaked them so they have a normal main that takes one file argument to try to replicate the reports. That found some "real" issues I submitted patches for. Then I ran afl-fuzz on them locally during the weekend and found another issue for which I also submitted a patch. There are several duplicates though and all the MSAN reported issues seem bogus. > > There are also some other > > misaligned type access checks reported by ubsan, but I don't know if > > that is because of ALLOW_UNALIGNED is still defined or not (when > > configuring with --enable-analyze-undefined ALLOW_UNALIGNED is not > > defined, otherwise it is for some arches, including x86_64). > > Looking at > https://github.com/google/oss-fuzz/commit/8747524f04b1b906d4a21a6ade87f7803b3f9b8c, > I think I turned ALLOW_UNALIGNED off with UBSan there (and tested it > in https://sourceware.org/bugzilla/show_bug.cgi?id=28720). Yes, you are right, all the unaligned type access issues were "real" (they occur with or without ALLOW_UNALIGNED on). It is not really a big issue, but could potentially cause the compiler to do some surprising optimisations. So I did fix them all. Cheers, Mark