[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Bug binutils/18708] New: integer overflow in readelf and invalid shift
|
From: |
xiedingbao at gmail dot com |
|
Subject: |
[Bug binutils/18708] New: integer overflow in readelf and invalid shift in objdump |
|
Date: |
Wed, 22 Jul 2015 18:01:42 +0000 |
https://sourceware.org/bugzilla/show_bug.cgi?id=18708
Bug ID: 18708
Summary: integer overflow in readelf and invalid shift in
objdump
Product: binutils
Version: 2.25
Status: NEW
Severity: minor
Priority: P2
Component: binutils
Assignee: unassigned at sourceware dot org
Reporter: xiedingbao at gmail dot com
Target Milestone: ---
Created attachment 8450
--> https://sourceware.org/bugzilla/attachment.cgi?id=8450&action=edit
inputs to trigger undefined behavior
I found several undefined behavior in readelf and objdump after running
afl-fuzzer for a while.
To reproduce them, you need to build the source code with compiler flag
'-fsanitize=undefined'.
Then execute command
readelf -a ubs/readelf-1
readelf -a ubs/readelf-2
readelf -a ubs/readelf-3
objdump -S ubs/objdump
You will see the following error information:
readelf.c:1543:39: runtime error: negation of -9223372036854775808 cannot be
represented in type 'bfd_signed_vma' (aka 'long'); cast to an unsigned type to
negate this value to itself
readelf.c:1555:36: runtime error: negation of -9223372036854775808 cannot be
represented in type 'bfd_signed_vma' (aka 'long'); cast to an unsigned type to
negate this value to itself
readelf.c:8374:39: runtime error: signed integer overflow: 8521 -
-9223372036854775112 cannot be represented in type 'long'
i386-dis.c:15277:26: runtime error: left shift of 136 by 24 places cannot be
represented in type 'int'
i386-dis.c:15281:26: runtime error: left shift of 136 by 24 places cannot be
represented in type 'int'
--
You are receiving this mail because:
You are on the CC list for the bug.
- [Bug binutils/18708] New: integer overflow in readelf and invalid shift in objdump,
xiedingbao at gmail dot com <=