[elfutils] Add deep libdw DWARF API fuzzer#15450
Open
TristanInSec wants to merge 1 commit intogoogle:masterfrom
Open
[elfutils] Add deep libdw DWARF API fuzzer#15450TristanInSec wants to merge 1 commit intogoogle:masterfrom
TristanInSec wants to merge 1 commit intogoogle:masterfrom
Conversation
Add fuzz-libdw fuzzer targeting libdw's deep DWARF processing APIs that are not exercised by existing fuzzers (fuzz-libelf, fuzz-libdwfl, fuzz-dwfl-core). Covers: - CU/DIE iteration and attribute access (tag, name, location, ranges) - Source line and file tables (dwarf_getsrclines, dwarf_getsrcfiles) - Macro expansion (dwarf_getmacros) - Address ranges (dwarf_getaranges) - CFI from .debug_frame and .eh_frame - Raw .debug_line iteration (dwarf_next_lines) - Scope and pubnames queries Bounded iteration limits prevent timeout on complex inputs.
|
TristanInSec is a new contributor to projects/elfutils. The PR must be approved by known contributors before it can be merged. The past contributors are: evverx, catenacyber, izzeem |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Add
fuzz-libdwfuzzer targeting elfutils libdw's deep DWARF processing APIs that are not exercised by the existing fuzzers (fuzz-libelf,fuzz-libdwfl,fuzz-dwfl-core).Coverage
The new fuzzer exercises 15+ libdw APIs across these DWARF processing surfaces:
dwarf_get_units,dwarf_child,dwarf_siblingof,dwarf_tag,dwarf_diename, attribute access (dwarf_attr,dwarf_formstring,dwarf_formref_die,dwarf_getlocation)dwarf_getsrclines,dwarf_onesrcline,dwarf_lineaddr,dwarf_lineno,dwarf_linecol, and all line flag accessorsdwarf_getsrcfiles,dwarf_filesrc,dwarf_getsrcdirsdwarf_getmacroswith bounded callbackdwarf_getaranges,dwarf_onearange,dwarf_getarangeinfo,dwarf_getarange_addrdwarf_getcfi(.debug_frame) anddwarf_getcfi_elf(.eh_frame),dwarf_cfi_addrframe,dwarf_frame_cfa,dwarf_frame_registerdwarf_next_linesindependent of CU iterationdwarf_getscopes,dwarf_getpubnames,dwarf_ranges,dwarf_aggregate_sizeWhy
Existing elfutils fuzzers cover ELF structure parsing (
fuzz-libelf), DWFL high-level loading (fuzz-libdwfl), and core file processing (fuzz-dwfl-core). None of them exercise the deep DWARF data interpretation APIs listed above. These APIs parse complex variable-length encodings (LEB128, DWARF expressions, line number programs, CFI instructions) from untrusted.debug_*section data and represent significant attack surface in any tool that processes DWARF information.Iteration bounds
All loops are bounded to prevent timeout:
Build
Appends to existing
build.shusing the same compilation pattern as the other elfutils fuzzers.