bug-binutils
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Bug binutils/21147] New: readelf - heap buffer overflow, invalid read

From: thuanpv at comp dot nus.edu.sg
Subject: [Bug binutils/21147] New: readelf - heap buffer overflow, invalid read
Date: Mon, 13 Feb 2017 10:01:25 +0000 
https://sourceware.org/bugzilla/show_bug.cgi?id=21147

            Bug ID: 21147
           Summary: readelf - heap buffer overflow, invalid read
           Product: binutils
           Version: 2.29 (HEAD)
            Status: UNCONFIRMED
          Severity: normal
          Priority: P2
         Component: binutils
          Assignee: unassigned at sourceware dot org
          Reporter: thuanpv at comp dot nus.edu.sg
  Target Milestone: ---

Created attachment 9814
  --> https://sourceware.org/bugzilla/attachment.cgi?id=9814&action=edit
Bug triggering input

Dear all,

This bug was found with AFLGo, a directed version of AFL/AFLFast. Thanks also
to Marcel Böhme. 

This bug was found on Ubuntu 14.04 64-bit & binutils was checkout from main
repository at git://sourceware.org/git/binutils-gdb.git. Its commit is
53f7e8ea7fad1fcff1b58f4cbd74e192e0bcbc1d (Fri Feb 10 00:00:16 2017) 

binutils was built with ASAN using gcc-6.2 and clang-3.4. The configure command
was:

CC=clang CFLAGS="-DFORTIFY_SOURCE=2 -fstack-protector-all
-fsanitize=undefined,address -fno-omit-frame-pointer -g -Wno-error"
../configure --disable-shared --disable-gdb --disable-libdecnumber
--disable-readline --disable-sim

To reproduce:
Download the attached file - bug_13
readelf -p 7 bug_13

Valgrind says:
==12826== Invalid read of size 1
==12826==    at 0x423674: process_section_contents (readelf.c:13097)
==12826==    by 0x423674: process_object (readelf.c:16780)
==12826==    by 0x402111: process_file (readelf.c:17154)
==12826==    by 0x402111: main (readelf.c:17225)
==12826==  Address 0x51fd5a8 is 0 bytes after a block of size 8 alloc'd
==12826==    at 0x4C2CC70: calloc (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==12826==    by 0x406B10: request_dump_bynumber (readelf.c:4298)
==12826==    by 0x406BFA: request_dump (readelf.c:4356)
==12826==    by 0x401D47: parse_args (readelf.c:4449)
==12826==    by 0x401D47: main (readelf.c:17198)


ASAN says:
==3009==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60200000ef58
at pc 0x4e1b6d bp 0x7ffca5290210 sp 0x7ffca5290208
READ of size 1 at 0x60200000ef58 thread T0
    #0 0x4e1b6c in process_section_contents
/home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:13097
    #1 0x48d610 in process_object
/home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:16780
    #2 0x488365 in process_file
/home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:17154
    #3 0x4855c3 in main
/home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:17225
    #4 0x7f6ce7ee1f44 (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
    #5 0x47ddfc in _start
(/home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/readelf+0x47ddfc)

-- 
You are receiving this mail because:
You are on the CC list for the bug.
reply via email to
[Prev in Thread] Current Thread [Next in Thread]