trufae
commented
1 week ago Thank you for such a well reported list of bugs. ill take care of them asap!
Closed skorpion98 closed 1 week ago
trufae
commented
1 week ago Thank you for such a well reported list of bugs. ill take care of them asap!
trufae
commented
1 week ago All done. Thanks for reporting!
Describe the bug
We found several undefined-behaviors after testing one of the harnesses provided on the OSS-Fuzz repository (ia-fuzz).
During our tests, we found:
r_sleb128()(uleb128.c:165)PE_(r_bin_pe_get_sections)(RBinPEObj* pe)(pe.c:4331)r_bin_te_get_main_paddr()(te.c:71)reloc_convert()(bin_elf.inc.c:540)r_uleb128_decode()(uleb128.c:78)reloc_convert()(bin_elf.inc.c:542)r_buf_sleb128()(buf.c:758)PE_(r_bin_pe_get_entrypoint)(RBinPEObj* pe)()(pe.c:3483)PE_(r_bin_pe_get_entrypoint)(RBinPEObj* pe)()(pe.c:3483)To Reproduce
In the attached archive you will find a directory
bugscontaining the several inputs that triggered the aforementioned bugs and their respective UBSan log, enumerated as the list above.Unfortunately, we could not share the binary we used for testing in the zip archive as its size is greater than the maximum size allowed for attachments on this report. We ran our tests on the fuzzing harness you made available for OSS-Fuzz using Ubuntu 20.04, providing AFL++ as fuzzing engine and build flag
--sanitizer=undefined. To reproduce the errors, simply run the given binary on the provided testcase files with a command like./ia_fuzz /path_to_testcases/inputThe hash commit used to perform the tests is
2e2f7aa.Environment
We are aware that reporting many bugs at once may be inconvenient, and we remain available to assist you in the bug fixing process.