Conversation
03fccac to
c610506
Compare
projects/elfutils/project.yaml
Outdated
There was a problem hiding this comment.
Are you the maintainer of this project? Do you have upstream approval for it's inclusion in OSS-Fuzz? Can you ask them if you aren't and don't have approval yet please.
There was a problem hiding this comment.
Sent an email to maintainers to get their approval.
There was a problem hiding this comment.
assistant deputy backup maintainer here, go ahead
There was a problem hiding this comment.
Thanks! Do you want to have access to bugs when they are filed? If so you, please provide an email that @izzeem can add to auto_ccs.
There was a problem hiding this comment.
@jonathanmetzman is there a way to publish artifacts and logs to a mailman mailing list? I think that would be a preferred way for elfutils
There was a problem hiding this comment.
No sorry. Each person needs their own google account.
I understand it's inconvenient, but that's all we have support for now.
There was a problem hiding this comment.
@fche libelf is fuzzed indirectly via the libbpf project: https://storage.googleapis.com/oss-fuzz-coverage/libbpf/reports/20211030/linux/src/libbpf/elfutils/report.html and to tell libbpf and libelf bugs apart (or point the build script to commits where bugs have already been fixed) it would be great if I could have access to elfutils bug reports. Would it be OK if I added my email address to auto_cc? Thanks!
|
Not sure if you fixed build failures. If not, we need to do this before merging. |
Head branch was pushed to by a user without write access
|
Fixed the memory and undefined sanitizer builds, will need an approval on the workflows to see if the other ones passed |
|
Then I can just take care of forwarding to the maintainers group
…On Fri, Oct 29, 2021, 12:18 PM jonathanmetzman ***@***.***> wrote:
***@***.**** commented on this pull request.
------------------------------
In projects/elfutils/project.yaml
<#6670 (comment)>:
> @@ -0,0 +1,17 @@
+homepage: "https://sourceware.org/elfutils/"
+language: c++
+primary_contact: ***@***.***"
No sorry. Each person needs their own google account.
I understand it's inconvenient, but that's all we have support for now.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#6670 (comment)>, or
unsubscribe
<https://github.com/notifications/unsubscribe-auth/AWANRIDEBABZP5ZT2NPASTDUJLXO5ANCNFSM5G3HWTHQ>
.
Triage notifications on the go with GitHub Mobile for iOS
<https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675>
or Android
<https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub>.
|
Head branch was pushed to by a user without write access
|
|
||
| # build elf tooling targets | ||
| autoreconf -i -f | ||
| ./configure --enable-maintainer-mode --disable-libdebuginfod --enable-libdebuginfod=dummy --disable-debuginfod --disable-libdebuginfod |
There was a problem hiding this comment.
I wonder how it can be built with ASan in its current form? I had to change a couple of files with sed to get libelf to compile with ASan:
oss-fuzz/projects/libbpf/build.sh
Lines 74 to 79 in 6fb4ca2
Or is https://github.com/izzeem/elfutils somehow different from the main repository hosted at git://sourceware.org/git/elfutils.git?
There was a problem hiding this comment.
These are the changes I made from the branch to support it. I just keep a separate branch so I can always pull in the upstream.
|
Got rid of i386 for now. |
The elfutils project was integrated into OSS-Fuzz in google#6670 where Dockerfile pointed to a fork of the official repository with a series of patches that were supposed to make it compile on OSS-Fuzz. Apart from that there was a fuzz target that effectively wrapped the readelf utility by applying a patch to its source code. On the whole it worked at the time but I think there are a few issues: 1. It's hard to point OSS-Fuzz to the official repository (because most of the patches touch the build system and they can't always be applied cleanly); 2. It's almost impossible to add new fuzz targets covering other use cases; 3. It's not possible to build fuzz targets without Docker 4. Since the fuzz target mostly wraps the readelf utility it looks more like a CLI tool than a fuzz target. It calls exit when it should just return 0 to let it keep going and so on. This PR should addresses all those issues apart from 4. The fuzz target was just removed and another one was added instead. (It can be added later though but since it isn't exactly maintainable with the build script pointing at the official repository it should probably be rewritten: https://sourceware.org/pipermail/elfutils-devel/2021q4/004295.html) The new fuzz target covers the code that `systemd` uses to parse untrusted data. Currently it can be used to trigger various issues like heap-buffer-overflows and inifinite loops that in theory can bring down coredump processing on machines where systemd-coredump is used by default. Even though those issues were discovered by one of `systemd` fuzz targets I think elfutils bugs should be caught and reported by elfutils fuzz targets.
The elfutils project was integrated into OSS-Fuzz in #6670 where Dockerfile pointed to a fork of the official repository with a series of patches that were supposed to make it compile on OSS-Fuzz. Apart from that there was a fuzz target that effectively wrapped the readelf utility by applying a patch to its source code. On the whole it worked at the time but I think there are a few issues: 1. It's hard to point OSS-Fuzz to the official repository (because most of the patches touch the build system and they can't always be applied cleanly); 2. It's almost impossible to add new fuzz targets covering other use cases; 3. It's not possible to build fuzz targets without Docker 4. Since the fuzz target mostly wraps the readelf utility it looks more like a CLI tool than a fuzz target. It calls exit when it should just return 0 to let it keep going and so on. This PR should addresses all those issues apart from 4. The fuzz target was just removed and another one was added instead. (It can be added later though but since it isn't exactly maintainable with the build script pointing at the official repository it should probably be rewritten: https://sourceware.org/pipermail/elfutils-devel/2021q4/004295.html) The new fuzz target covers the code that `systemd` uses to parse untrusted data. Currently it can be used to trigger various issues like heap-buffer-overflows and inifinite loops that in theory can bring down coredump processing on machines where systemd-coredump is used by default. Even though those issues were discovered by one of `systemd` fuzz targets I think elfutils bugs should be caught and reported by elfutils fuzz targets.
The elfutils project was integrated into OSS-Fuzz in google#6670 where Dockerfile pointed to a fork of the official repository with a series of patches that were supposed to make it compile on OSS-Fuzz. Apart from that there was a fuzz target that effectively wrapped the readelf utility by applying a patch to its source code. On the whole it worked at the time but I think there are a few issues: 1. It's hard to point OSS-Fuzz to the official repository (because most of the patches touch the build system and they can't always be applied cleanly); 2. It's almost impossible to add new fuzz targets covering other use cases; 3. It's not possible to build fuzz targets without Docker 4. Since the fuzz target mostly wraps the readelf utility it looks more like a CLI tool than a fuzz target. It calls exit when it should just return 0 to let it keep going and so on. This PR should addresses all those issues apart from 4. The fuzz target was just removed and another one was added instead. (It can be added later though but since it isn't exactly maintainable with the build script pointing at the official repository it should probably be rewritten: https://sourceware.org/pipermail/elfutils-devel/2021q4/004295.html) The new fuzz target covers the code that `systemd` uses to parse untrusted data. Currently it can be used to trigger various issues like heap-buffer-overflows and inifinite loops that in theory can bring down coredump processing on machines where systemd-coredump is used by default. Even though those issues were discovered by one of `systemd` fuzz targets I think elfutils bugs should be caught and reported by elfutils fuzz targets.
libelf is used by many distros as the defacto elf parsing library which other applications depend on. elf parsing bugs are usually pretty complex and error prone
i just wrapped readelf as it is a good client of libelf and exercises many of the libraries exported functions
https://packages.debian.org/buster/libelf-dev and https://archlinux.org/packages/core/x86_64/libelf/ as examples