Date: Sat, 19 Nov 2016 16:14:27 +0100 From: Agostino Sarubbo <ago@...too.org> To: oss-security@...ts.openwall.com Cc: cve-assign@...re.org Subject: libdwarf: negation overflow in dwarf_leb.c If suitable for a CVE please assign one. Thanks. Description: libdwarf is a library to consume and produce DWARF debug information. A fuzz with the Undefined Behavior Sanitizer shows a negation that cannot be represented as long long. The complete UBSan output: # dwarfdump $FILE dwarf_leb.c:306:19: runtime error: negation of -9223372036854775808 cannot be represented in type 'Dwarf_Signed' (aka 'long long'); cast to an unsigned type to negate this value to itself Affected version: 20161021 Fixed version: N/A Commit fix: https://sourceforge.net/p/libdwarf/code/ci/4f19e1050cd8e9ddf2cb6caa061ff2fec4c9b5f9/#diff-5 Credit: This bug was discovered by Agostino Sarubbo of Gentoo. CVE: N/A Reproducer: https://github.com/asarubbo/poc/blob/master/00050-libdwarf-negate-itself Timeline: 2016-11-11: bug discovered and reported to upstream 2016-11-11: upstream released a patch 2016-11-19: blog post about the issue Note: This bug was found with American Fuzzy Lop. Permalink: https://blogs.gentoo.org/ago/2016/11/19/libdwarf-negation-overflow-in-dwarf_leb-c -- Agostino Sarubbo Gentoo Linux Developer
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ