Re: Fuzzing elfutils

On 2014-12-04 17:27, Mark Wielaard wrote: [skip] BTW. It is helpful to know which architecture you are running on. Some issues only show on a 32bit architecture trying to parse a 64bit ELF file, or on little/big endian systems parsing a different endian ELF file. Yes, sorry, I'm using amd64 now

[PATCH] libdw: Add overflow checking to __libdw_form_val_len.

This solves a couple of crashers reported by Alexander. This will probably have some performance impact, but I haven't measured it yet. It would be good to have some performance tests. We also need some overflow check for leb128 reading. Josh, which tests did you use last time when you did the pe

Re: Fuzzing elfutils

On Thu, 2014-12-04 at 15:27 +0100, Mark Wielaard wrote: > Thanks! We have been fixing various issues the last couple of weeks > and I just pushed some my fixes to git master. So if you could retry > against the very latest git checkout that would be very helpful. > I'll run your crashers locally ag

Re: Fuzzing elfutils

Hi Alexander, On Wed, Dec 03, 2014 at 06:16:29PM +0300, Alexander Cherepanov wrote: > [Please Cc me, I'm not subscribed.] BTW. Your message didn't hit my INBOX for some reason. Even though it does appear in the archives: https://lists.fedorahosted.org/pipermail/elfutils-devel/2014-December/004346

Re: [PATCH] readelf: Fix overflow check in handle_sysv_hash64.

On Sun, 2014-11-30 at 21:58 +0100, Mark Wielaard wrote: > Since all values are 64bit, not 32bit as in other hashes, we need to > explicitly check for overflow. > > +2014-11-30 Mark Wielaard > + > + * readelf.c (handle_sysv_hash64): Fix overflow check. I pushed this to master now.

Re: [PATCH] libdwfl: Check relocations don't overlap ELF ehdr, shdrs or phdrs.

On Sun, 2014-11-30 at 21:02 +0100, Mark Wielaard wrote: > If either the section that needs the relocation applied, or the > section that the relocations come from overlap one of the ehdrs, shdrs > or phdrs data then refuse to do the relocations. We update both > section data. It isn't illegal for E

Re: [PATCH] readelf: Always print INVALID SECTION if destshdr is NULL for relocation

On Sat, 2014-11-29 at 15:03 +0100, Mark Wielaard wrote: > On Fri, Nov 28, 2014 at 10:24:46PM +0100, Mark Wielaard wrote: > > We already checked this in all other cases except for the special case > > of relocs in statically_linked executables. Found with afl. > > Sorry, this patch is bogus. It wor

Re: [PATCH] Add configure --disable-textrelcheck option to enable CC=afl-fuzz on 32bit.

On Fri, 2014-11-28 at 00:08 +0100, Mark Wielaard wrote: > Using american fuzzy lop has found a lot of issues. It would be nice to > make using it a bit easier. Our build files make sure that no shared > library uses text relocations, but afl-gcc will insert some on i686. > http://www.akkadia.org/dr