You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I found a null pointer dereferencing bug at line 4268 in libbpf.c. This is caused due to a accessing a pointer of type Elf_Data being NULL. This holds the section data in the function and no check for it being NULL is present in bpf_object__collect_prog_relos function.
The bug is triggered by fuzzing using the harness bpf-object-fuzzer.c provided in fuzz folder.
The stack trace is attached below
#0 0x0000000000408764 in bpf_object__collect_prog_relos (obj=<optimized out>, shdr=<optimized out>, data=<optimized out>) at libbpf.c:4268
#1 bpf_object__collect_relos (obj=<optimized out>) at libbpf.c:6696
#2 bpf_object_open (path=<optimized out>, path@entry=0x0, obj_buf=<optimized out>, obj_buf_sz=<optimized out>, opts=<optimized out>) at libbpf.c:7380
#3 0x0000000000409bdb in bpf_object__open_mem (obj_buf=0x44b8c8, obj_buf_sz=0x15, opts=0x7) at libbpf.c:7415
The crashing input has been attached below.
The bug has been tested on Ubuntu 20.04, libbpf built with clang-11. null_ptr_deref_2.zip
The text was updated successfully, but these errors were encountered:
I found a null pointer dereferencing bug at line 4268 in libbpf.c. This is caused due to a accessing a pointer of type
Elf_Databeing NULL. This holds the section data in the function and no check for it being NULL is present inbpf_object__collect_prog_relosfunction.The bug is triggered by fuzzing using the harness bpf-object-fuzzer.c provided in fuzz folder.
The stack trace is attached below
The crashing input has been attached below.
The bug has been tested on Ubuntu 20.04, libbpf built with clang-11.
null_ptr_deref_2.zip
The text was updated successfully, but these errors were encountered: