[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Bug binutils/19255] New: Malformed ELF triggers NULL pointer dereferenc
|
From: |
bazad at stanford dot edu |
|
Subject: |
[Bug binutils/19255] New: Malformed ELF triggers NULL pointer dereference in _bfd_elf_setup_sections |
|
Date: |
Tue, 17 Nov 2015 23:28:21 +0000 |
https://sourceware.org/bugzilla/show_bug.cgi?id=19255
Bug ID: 19255
Summary: Malformed ELF triggers NULL pointer dereference in
_bfd_elf_setup_sections
Product: binutils
Version: 2.25
Status: NEW
Severity: normal
Priority: P2
Component: binutils
Assignee: unassigned at sourceware dot org
Reporter: bazad at stanford dot edu
Target Milestone: ---
Created attachment 8789
--> https://sourceware.org/bugzilla/attachment.cgi?id=8789&action=edit
ELF file to reproduce
A malformed ELF file can trigger a NULL pointer dereference in the function
_bfd_elf_setup_sections in elf.c:
835 /* There are some unknown sections in the group. */
836 (*_bfd_error_handler)
837 (_("%B: unknown [%d] section `%s' in group [%s]"),
838 abfd,
839 (unsigned int) idx->shdr->sh_type,
840 bfd_elf_string_from_elf_section (abfd,
841 (elf_elfheader (abfd)
842 ->e_shstrndx),
843 idx->shdr->sh_name),
844 shdr->bfd_section->name);
845 result = FALSE;
shdr->bfd_section is NULL when the above code is run. This is unlikely to be
exploitable.
Found with American Fuzzy Lop.
--
You are receiving this mail because:
You are on the CC list for the bug.
- [Bug binutils/19255] New: Malformed ELF triggers NULL pointer dereference in _bfd_elf_setup_sections,
bazad at stanford dot edu <=