bug-binutils
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Bug binutils/19255] New: Malformed ELF triggers NULL pointer dereferenc


From: bazad at stanford dot edu
Subject: [Bug binutils/19255] New: Malformed ELF triggers NULL pointer dereference in _bfd_elf_setup_sections
Date: Tue, 17 Nov 2015 23:28:21 +0000

https://sourceware.org/bugzilla/show_bug.cgi?id=19255

            Bug ID: 19255
           Summary: Malformed ELF triggers NULL pointer dereference in
                    _bfd_elf_setup_sections
           Product: binutils
           Version: 2.25
            Status: NEW
          Severity: normal
          Priority: P2
         Component: binutils
          Assignee: unassigned at sourceware dot org
          Reporter: bazad at stanford dot edu
  Target Milestone: ---

Created attachment 8789
  --> https://sourceware.org/bugzilla/attachment.cgi?id=8789&action=edit
ELF file to reproduce

A malformed ELF file can trigger a NULL pointer dereference in the function
_bfd_elf_setup_sections in elf.c:

835              /* There are some unknown sections in the group.  */
836              (*_bfd_error_handler)
837                (_("%B: unknown [%d] section `%s' in group [%s]"),
838                 abfd,
839                 (unsigned int) idx->shdr->sh_type,
840                 bfd_elf_string_from_elf_section (abfd,
841                                                  (elf_elfheader (abfd)
842                                                   ->e_shstrndx),
843                                                  idx->shdr->sh_name),
844                 shdr->bfd_section->name);
845              result = FALSE;

shdr->bfd_section is NULL when the above code is run. This is unlikely to be
exploitable.

Found with American Fuzzy Lop.

-- 
You are receiving this mail because:
You are on the CC list for the bug.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]