oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

libdwarf: negation overflow in dwarf_leb.c

From: Agostino Sarubbo <ago () gentoo org>
Date: Sat, 19 Nov 2016 16:14:27 +0100
If suitable for a CVE please assign one. Thanks.

Description:
libdwarf is a library to consume and produce DWARF debug information.

A fuzz with the Undefined Behavior Sanitizer shows a negation that cannot be 
represented as long long.

The complete UBSan output:

# dwarfdump $FILE
dwarf_leb.c:306:19: runtime error: negation of -9223372036854775808 cannot be 
represented in type 'Dwarf_Signed' (aka 'long long'); cast to an unsigned type 
to negate this value to itself

Affected version:
20161021

Fixed version:
N/A

Commit fix:
https://sourceforge.net/p/libdwarf/code/ci/4f19e1050cd8e9ddf2cb6caa061ff2fec4c9b5f9/#diff-5

Credit:
This bug was discovered by Agostino Sarubbo of Gentoo.

CVE:
N/A

Reproducer:
https://github.com/asarubbo/poc/blob/master/00050-libdwarf-negate-itself

Timeline:
2016-11-11: bug discovered and reported to upstream
2016-11-11: upstream released a patch
2016-11-19: blog post about the issue

Note:
This bug was found with American Fuzzy Lop.

Permalink:
https://blogs.gentoo.org/ago/2016/11/19/libdwarf-negation-overflow-in-dwarf_leb-c

-- 
Agostino Sarubbo
Gentoo Linux Developer
Previous By Date Next
Previous By Thread Next

Current thread: