[Bug binutils/24798] New: Segmentation fault in elfcomm.c

bug-binutils

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Bug binutils/24798] New: Segmentation fault in elfcomm.c

From:	featherrain26 at gmail dot com
Subject:	[Bug binutils/24798] New: Segmentation fault in elfcomm.c
Date:	Wed, 10 Jul 2019 14:41:51 +0000

https://sourceware.org/bugzilla/show_bug.cgi?id=24798

            Bug ID: 24798
           Summary: Segmentation fault  in elfcomm.c
           Product: binutils
           Version: 2.33 (HEAD)
            Status: UNCONFIRMED
          Severity: critical
          Priority: P2
         Component: binutils
          Assignee: unassigned at sourceware dot org
          Reporter: featherrain26 at gmail dot com
  Target Milestone: ---

Created attachment 11900
  --> https://sourceware.org/bugzilla/attachment.cgi?id=11900&action=edit
Poc input

Hi, there.

I find a segmentation fault with readelf in elfcomm.c

It seems to be incomplete fix issue of CVE-2017-9038.

The system information:
Description:    Ubuntu 16.04.6 LTS
Release:        16.04
Codename:       xenial
gcc:            5.4

To reproduce the issue, the compile flag is:
CFLAGS="-g -O0 -m32 -fsanitize=address" ./configure ;make

Then,
./readelf -aw input

Here are the details of the crash reported by ASAN:

==97112==ERROR: AddressSanitizer: SEGV on unknown address 0x0a942768 (pc
0x08124d6a bp 0xff89c048 sp 0xff89bf90 T0)
    #0 0x8124d69 in byte_get_little_endian
/mnt/data/playground/binutils-2.32-pg/binutils-2.32/binutils/elfcomm.c:148
    #1 0x812126e in process_cu_tu_index
/mnt/data/playground/binutils-2.32-pg/binutils-2.32/binutils/dwarf.c:9465
    #2 0x81216a7 in load_cu_tu_indexes
/mnt/data/playground/binutils-2.32-pg/binutils-2.32/binutils/dwarf.c:9511
    #3 0x8121706 in find_cu_tu_set
/mnt/data/playground/binutils-2.32-pg/binutils-2.32/binutils/dwarf.c:9529
    #4 0x80b705d in display_debug_section
/mnt/data/playground/binutils-2.32-pg/binutils-2.32/binutils/readelf.c:13943
    #5 0x80b796e in process_section_contents
/mnt/data/playground/binutils-2.32-pg/binutils-2.32/binutils/readelf.c:14036
    #6 0x80d5873 in process_object
/mnt/data/playground/binutils-2.32-pg/binutils-2.32/binutils/readelf.c:19285
    #7 0x80d7b2d in process_file
/mnt/data/playground/binutils-2.32-pg/binutils-2.32/binutils/readelf.c:19708
    #8 0x80d7f03 in main
/mnt/data/playground/binutils-2.32-pg/binutils-2.32/binutils/readelf.c:19767
    #9 0xf6c02636 in __libc_start_main (/lib/i386-linux-gnu/libc.so.6+0x18636)
    #10 0x8049a50 
(/mnt/data/playground/binutils-2.32-pg/binutils-2.32/binutils/readelf+0x8049a50)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV
/mnt/data/playground/binutils-2.32-pg/binutils-2.32/binutils/elfcomm.c:148
byte_get_little_endian
==97112==ABORTING

The attachment is the POC file.

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Prev in Thread]

Current Thread

[Next in Thread]

[Bug binutils/24798] New: Segmentation fault in elfcomm.c, featherrain26 at gmail dot com <=
- [Bug binutils/24798] Segmentation fault in elfcomm.c, amodra at gmail dot com, 2019/07/25
- [Bug binutils/24798] buffer overflow in process_cu_tu_index, amodra at gmail dot com, 2019/07/25
- [Bug binutils/24798] buffer overflow in process_cu_tu_index, cvs-commit at gcc dot gnu.org, 2019/07/26
- [Bug binutils/24798] buffer overflow in process_cu_tu_index, amodra at gmail dot com, 2019/07/26

Prev by Date: [Bug ld/24786] assign wrong lma if first section in overlay is empty input section
Next by Date: [Bug binutils/24800] New: ar fails to create / append archives in aixcoff64-rs6000 target
Previous by thread: [Bug binutils/24793] New: A memory leak of objdump in Binutils 2.32
Next by thread: [Bug binutils/24798] Segmentation fault in elfcomm.c
Index(es):
- Date
- Thread