[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Bug binutils/21156] readefl segfault - invalid read of size 4
|
From: |
thuanpv at comp dot nus.edu.sg |
|
Subject: |
[Bug binutils/21156] readefl segfault - invalid read of size 4 |
|
Date: |
Sat, 18 Feb 2017 05:04:25 +0000 |
https://sourceware.org/bugzilla/show_bug.cgi?id=21156
--- Comment #6 from Thuan Pham <thuanpv at comp dot nus.edu.sg> ---
Created attachment 9837
--> https://sourceware.org/bugzilla/attachment.cgi?id=9837&action=edit
Bug triggering input
Hi Nick,
Thanks for your bug fix. Your patch almost fixes the bug, except one corner
case. I have attached one more file (bug_21156_2). Readelf is still vulnerable
to buffer overflow in the while loop condition at line 678: while ((i =
*set++) > 0)
To reproduce:
Download the newly attached file: bug_21156_2
readelf -w bug_21156_2
ASAN says:
==140857==ERROR: AddressSanitizer: heap-buffer-overflow on address
0x61400000f9f4 at pc 0x47fa95 bp 0x7ffc15203a90 sp 0x7ffc15203a88
READ of size 4 at 0x61400000f9f4 thread T0
#0 0x47fa94 in find_section_in_set
/home/ubuntu/thesis/subjects/binutils-gdb-nick/build-nick-asan/binutils/../../binutils/readelf.c:678
#1 0x47edc0 in load_debug_section
/home/ubuntu/thesis/subjects/binutils-gdb-nick/build-nick-asan/binutils/../../binutils/readelf.c:13071
#2 0x6b1f83 in process_debug_info
/home/ubuntu/thesis/subjects/binutils-gdb-nick/build-nick-asan/binutils/../../binutils/dwarf.c:2331
#3 0x67aa3f in display_debug_info
/home/ubuntu/thesis/subjects/binutils-gdb-nick/build-nick-asan/binutils/../../binutils/dwarf.c:4907
#4 0x566d0a in display_debug_section
/home/ubuntu/thesis/subjects/binutils-gdb-nick/build-nick-asan/binutils/../../binutils/readelf.c:13160
#5 0x4e1b3f in process_section_contents
/home/ubuntu/thesis/subjects/binutils-gdb-nick/build-nick-asan/binutils/../../binutils/readelf.c:13235
#6 0x48d7e0 in process_object
/home/ubuntu/thesis/subjects/binutils-gdb-nick/build-nick-asan/binutils/../../binutils/readelf.c:16927
#7 0x488535 in process_file
/home/ubuntu/thesis/subjects/binutils-gdb-nick/build-nick-asan/binutils/../../binutils/readelf.c:17301
#8 0x485793 in main
/home/ubuntu/thesis/subjects/binutils-gdb-nick/build-nick-asan/binutils/../../binutils/readelf.c:17372
#9 0x7f3d8e8bff44 (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
#10 0x47ddfc in _start
(/home/ubuntu/thesis/subjects/binutils-gdb-nick/build-nick-asan/binutils/readelf+0x47ddfc)
Cheers,
Thuan
--
You are receiving this mail because:
You are on the CC list for the bug.
- [Bug binutils/21156] New: readefl segfault - invalid read of size 4, thuanpv at comp dot nus.edu.sg, 2017/02/14
- [Bug binutils/21156] readefl segfault - invalid read of size 4, nickc at redhat dot com, 2017/02/14
- [Bug binutils/21156] readefl segfault - invalid read of size 4, thuanpv at comp dot nus.edu.sg, 2017/02/14
- [Bug binutils/21156] readefl segfault - invalid read of size 4, thuanpv at comp dot nus.edu.sg, 2017/02/17
- [Bug binutils/21156] readefl segfault - invalid read of size 4, cvs-commit at gcc dot gnu.org, 2017/02/17
- [Bug binutils/21156] readefl segfault - invalid read of size 4, nickc at redhat dot com, 2017/02/17
- [Bug binutils/21156] readefl segfault - invalid read of size 4,
thuanpv at comp dot nus.edu.sg <=
- [Bug binutils/21156] readefl segfault - invalid read of size 4, cvs-commit at gcc dot gnu.org, 2017/02/20
- [Bug binutils/21156] readefl segfault - invalid read of size 4, nickc at redhat dot com, 2017/02/20
- [Bug binutils/21156] readelf segfault - invalid read of size 4, address@hidden, 2017/02/20
- [Bug binutils/21156] readelf segfault - invalid read of size 4, thuanpv at comp dot nus.edu.sg, 2017/02/20