[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Bug binutils/21137] New: readelf - heap buffer overflow in elfcomm
From: |
thuanpv at comp dot nus.edu.sg |
Subject: |
[Bug binutils/21137] New: readelf - heap buffer overflow in elfcomm |
Date: |
Mon, 13 Feb 2017 09:13:16 +0000 |
https://sourceware.org/bugzilla/show_bug.cgi?id=21137
Bug ID: 21137
Summary: readelf - heap buffer overflow in elfcomm
Product: binutils
Version: 2.29 (HEAD)
Status: UNCONFIRMED
Severity: normal
Priority: P2
Component: binutils
Assignee: unassigned at sourceware dot org
Reporter: thuanpv at comp dot nus.edu.sg
Target Milestone: ---
Created attachment 9804
--> https://sourceware.org/bugzilla/attachment.cgi?id=9804&action=edit
Bug triggering input
Dear all,
This bug was found with AFLGo, a directed version of AFL/AFLFast. Thanks also
to Marcel Böhme.
This bug was found on Ubuntu 14.04 64-bit & binutils was checkout from main
repository at git://sourceware.org/git/binutils-gdb.git. Its commit is
53f7e8ea7fad1fcff1b58f4cbd74e192e0bcbc1d (Fri Feb 10 00:00:16 2017)
To reproduce:
Download the attached file - bug_3
readelf -w bug_3
binutils was built with ASAN using gcc-6.2 and clang-3.4. The configure command
was:
CC=clang CFLAGS="-DFORTIFY_SOURCE=2 -fstack-protector-all
-fsanitize=undefined,address -fno-omit-frame-pointer -g -Wno-error"
../configure --disable-shared --disable-gdb --disable-libdecnumber
--disable-readline --disable-sim
==81550==ERROR: AddressSanitizer: heap-buffer-overflow on address
0x60e00000e00c at pc 0x722a9d bp 0x7ffd132dc8b0 sp 0x7ffd132dc8a8
WRITE of size 1 at 0x60e00000e00c thread T0
#0 0x722a9c in byte_put_little_endian
/home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/elfcomm.c:75
#1 0x54acfa in target_specific_reloc_handling
/home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:11640
#2 0x52e6dc in apply_relocations
/home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:12343
#3 0x4846b5 in load_specific_debug_section
/home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:12905
#4 0x564b4c in display_debug_section
/home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:13009
#5 0x4e194f in process_section_contents
/home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:13091
#6 0x48d610 in process_object
/home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:16780
#7 0x488365 in process_file
/home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:17154
#8 0x4855c3 in main
/home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:17225
#9 0x7efe28957f44 (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
#10 0x47ddfc in _start
(/home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/readelf+0x47ddfc)
0x60e00000e00c is located 15 bytes to the right of 157-byte region
[0x60e00000df60,0x60e00000dffd)
allocated by thread T0 here:
#0 0x467d19 in __interceptor_malloc
(/home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/readelf+0x467d19)
#1 0x503114 in get_data
/home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:393
#2 0x48180a in load_specific_debug_section
/home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:12829
#3 0x564b4c in display_debug_section
/home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:13009
#4 0x4e194f in process_section_contents
/home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:13091
#5 0x48d610 in process_object
/home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:16780
#6 0x488365 in process_file
/home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:17154
#7 0x4855c3 in main
/home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:17225
--
You are receiving this mail because:
You are on the CC list for the bug.
- [Bug binutils/21137] New: readelf - heap buffer overflow in elfcomm,
thuanpv at comp dot nus.edu.sg <=
- [Bug binutils/21137] readelf - heap buffer overflow in elfcomm, cvs-commit at gcc dot gnu.org, 2017/02/13
- [Bug binutils/21137] readelf - heap buffer overflow in elfcomm, nickc at redhat dot com, 2017/02/13
- [Bug binutils/21137] readelf - heap buffer overflow in elfcomm, nickc at redhat dot com, 2017/02/13
- [Bug binutils/21137] readelf - heap buffer overflow in elfcomm, nickc at redhat dot com, 2017/02/13
- [Bug binutils/21137] readelf - heap buffer overflow in elfcomm, nickc at redhat dot com, 2017/02/13
- [Bug binutils/21137] readelf - heap buffer overflow in elfcomm, nickc at redhat dot com, 2017/02/13
- [Bug binutils/21137] readelf - heap buffer overflow in elfcomm, nickc at redhat dot com, 2017/02/13