0000118: UBSan: readelf.c:1350:19: runtime error: signed integer overflow: 4281348144 + 9223372033368272944 cannot be represented in type

ID	Project	Category	View Status	Date Submitted	Last Update

0000118	file	General	public	2019-11-03 06:03	2019-11-09 00:31

Reporter	atrosinenko	Assigned To	christos
Priority	normal	Severity	minor	Reproducibility	always
Status	resolved	Resolution	fixed
Product Version	5.37
Fixed in Version	5.38

Summary	0000118: UBSan: readelf.c:1350:19: runtime error: signed integer overflow: 4281348144 + 9223372033368272944 cannot be represented in type
Description	The attached fuzzed file triggers signed integer overflow in calculation of `pread` arguments.
Steps To Reproduce	1. Clone the fresh repository, tested on commit 069daf5c 2. autoreconf -i 3. ./configure CC=gcc CFLAGS=-fsanitize=undefined --disable-libseccomp 4. make 5. Execute ``` $ ./src/file -m magic/magic.mgc /tmp/file-int-overflow.bin readelf.c:1350:19: runtime error: signed integer overflow: 4281348144 + 9223372033368272944 cannot be represented in type 'long int' /tmp/file-int-overflow.bin: ERROR: error reading (Invalid argument) ```
Tags	No tags attached.

Date Modified	Username	Field	Change
2019-11-03 06:03	atrosinenko	New Issue
2019-11-03 06:03	atrosinenko	File Added: file-int-overflow.bin
2019-11-09 00:30	christos	Assigned To	=> christos
2019-11-09 00:30	christos	Status	new => assigned
2019-11-09 00:31	christos	Status	assigned => resolved
2019-11-09 00:31	christos	Resolution	open => fixed
2019-11-09 00:31	christos	Fixed in Version	=> 5.38
2019-11-09 00:31	christos	Note Added: 0003330

atrosinenko 2019-11-03 06:03 reporter	file-int-overflow.bin (285 bytes)

christos 2019-11-09 00:31 manager ~0003330	Thanks, now I check the offset against the file size.