Date: Sat, 19 Nov 2016 16:14:27 +0100 From: Agostino Sarubbo <ago@...too.org> To: oss-security@...ts.openwall.com Cc: cve-assign@...re.org Subject: libdwarf: negation overflow in dwarf_leb.c If suitable for a CVE please assign one. Thanks. Description: libdwarf is a library to consume and produce DWARF debug information. A fuzz with the Undefined Behavior Sanitizer shows a negation that cannot be represented as long long. The complete UBSan output: # dwarfdump $FILE dwarf_leb.c:306:19: runtime error: negation of -9223372036854775808 cannot be represented in type 'Dwarf_Signed' (aka 'long long'); cast to an unsigned type to negate this value to itself Affected version: 20161021 Fixed version: N/A Commit fix: https://sourceforge.net/p/libdwarf/code/ci/4f19e1050cd8e9ddf2cb6caa061ff2fec4c9b5f9/#diff-5 Credit: This bug was discovered by Agostino Sarubbo of Gentoo. CVE: N/A Reproducer: https://github.com/asarubbo/poc/blob/master/00050-libdwarf-negate-itself Timeline: 2016-11-11: bug discovered and reported to upstream 2016-11-11: upstream released a patch 2016-11-19: blog post about the issue Note: This bug was found with American Fuzzy Lop. Permalink: https://blogs.gentoo.org/ago/2016/11/19/libdwarf-negation-overflow-in-dwarf_leb-c -- Agostino Sarubbo Gentoo Linux Developer
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.