[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Bug binutils/24798] New: Segmentation fault in elfcomm.c
From: |
featherrain26 at gmail dot com |
Subject: |
[Bug binutils/24798] New: Segmentation fault in elfcomm.c |
Date: |
Wed, 10 Jul 2019 14:41:51 +0000 |
https://sourceware.org/bugzilla/show_bug.cgi?id=24798
Bug ID: 24798
Summary: Segmentation fault in elfcomm.c
Product: binutils
Version: 2.33 (HEAD)
Status: UNCONFIRMED
Severity: critical
Priority: P2
Component: binutils
Assignee: unassigned at sourceware dot org
Reporter: featherrain26 at gmail dot com
Target Milestone: ---
Created attachment 11900
--> https://sourceware.org/bugzilla/attachment.cgi?id=11900&action=edit
Poc input
Hi, there.
I find a segmentation fault with readelf in elfcomm.c
It seems to be incomplete fix issue of CVE-2017-9038.
The system information:
Description: Ubuntu 16.04.6 LTS
Release: 16.04
Codename: xenial
gcc: 5.4
To reproduce the issue, the compile flag is:
CFLAGS="-g -O0 -m32 -fsanitize=address" ./configure ;make
Then,
./readelf -aw input
Here are the details of the crash reported by ASAN:
==97112==ERROR: AddressSanitizer: SEGV on unknown address 0x0a942768 (pc
0x08124d6a bp 0xff89c048 sp 0xff89bf90 T0)
#0 0x8124d69 in byte_get_little_endian
/mnt/data/playground/binutils-2.32-pg/binutils-2.32/binutils/elfcomm.c:148
#1 0x812126e in process_cu_tu_index
/mnt/data/playground/binutils-2.32-pg/binutils-2.32/binutils/dwarf.c:9465
#2 0x81216a7 in load_cu_tu_indexes
/mnt/data/playground/binutils-2.32-pg/binutils-2.32/binutils/dwarf.c:9511
#3 0x8121706 in find_cu_tu_set
/mnt/data/playground/binutils-2.32-pg/binutils-2.32/binutils/dwarf.c:9529
#4 0x80b705d in display_debug_section
/mnt/data/playground/binutils-2.32-pg/binutils-2.32/binutils/readelf.c:13943
#5 0x80b796e in process_section_contents
/mnt/data/playground/binutils-2.32-pg/binutils-2.32/binutils/readelf.c:14036
#6 0x80d5873 in process_object
/mnt/data/playground/binutils-2.32-pg/binutils-2.32/binutils/readelf.c:19285
#7 0x80d7b2d in process_file
/mnt/data/playground/binutils-2.32-pg/binutils-2.32/binutils/readelf.c:19708
#8 0x80d7f03 in main
/mnt/data/playground/binutils-2.32-pg/binutils-2.32/binutils/readelf.c:19767
#9 0xf6c02636 in __libc_start_main (/lib/i386-linux-gnu/libc.so.6+0x18636)
#10 0x8049a50
(/mnt/data/playground/binutils-2.32-pg/binutils-2.32/binutils/readelf+0x8049a50)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV
/mnt/data/playground/binutils-2.32-pg/binutils-2.32/binutils/elfcomm.c:148
byte_get_little_endian
==97112==ABORTING
The attachment is the POC file.
--
You are receiving this mail because:
You are on the CC list for the bug.
- [Bug binutils/24798] New: Segmentation fault in elfcomm.c,
featherrain26 at gmail dot com <=