[Bug binutils/27852] New: Segmentation fault on readelf -w

bug-binutils

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Bug binutils/27852] New: Segmentation fault on readelf -w

From:	shaohua.li at inf dot ethz.ch
Subject:	[Bug binutils/27852] New: Segmentation fault on readelf -w
Date:	Tue, 11 May 2021 15:00:13 +0000

https://sourceware.org/bugzilla/show_bug.cgi?id=27852

            Bug ID: 27852
           Summary: Segmentation fault on readelf -w
           Product: binutils
           Version: 2.37 (HEAD)
            Status: UNCONFIRMED
          Severity: normal
          Priority: P2
         Component: binutils
          Assignee: unassigned at sourceware dot org
          Reporter: shaohua.li at inf dot ethz.ch
  Target Milestone: ---

Created attachment 13439
  --> https://sourceware.org/bugzilla/attachment.cgi?id=13439&action=edit
poc

Hi there,

I crashes readelf (with the flag -w) with a crafted input generated by a
fuzzer.

Compiler: gcc11 (won't crash on clang12 compiled binary)

Reproduce: `readelf -w poc`

AddressSanitizer output:

==60382==ERROR: AddressSanitizer: SEGV on unknown address 0x61cf00000dbb (pc
0x000000561bd0 bp 0x7ffc9cbfc580 sp 0x7ffc9cbfc290 T0)
==60382==The signal is caused by a READ memory access.
    #0 0x561bd0 in byte_get_little_endian
/data/clean/binutils-gdb-asan/binutils/elfcomm.c:118:33
    #1 0x526109 in process_debug_info
/data/clean/binutils-gdb-asan/binutils/dwarf.c:3644:7
    #2 0x535552 in display_debug_info
/data/clean/binutils-gdb-asan/binutils/dwarf.c:7268:10
    #3 0x4ee444 in display_debug_section
/data/clean/binutils-gdb-asan/binutils/readelf.c:15549:18
    #4 0x4ee444 in process_section_contents
/data/clean/binutils-gdb-asan/binutils/readelf.c:15644:10
    #5 0x4d4a4a in process_object
/data/clean/binutils-gdb-asan/binutils/readelf.c:21378:9
    #6 0x4cb537 in process_file
/data/clean/binutils-gdb-asan/binutils/readelf.c:21800:13
    #7 0x4cb537 in main
/data/clean/binutils-gdb-asan/binutils/readelf.c:21871:11
    #8 0x7f8cb13f10b2 in __libc_start_main
/build/glibc-eX1tMB/glibc-2.31/csu/../csu/libc-start.c:308:16
    #9 0x41c46d in _start
(/data/clean/binutils-gdb-asan/binutils/readelf+0x41c46d)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV
/data/clean/binutils-gdb-asan/binutils/elfcomm.c:118:33 in
byte_get_little_endian
==60382==ABORTING

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Prev in Thread]

Current Thread

[Next in Thread]

[Bug binutils/27852] New: Segmentation fault on readelf -w, shaohua.li at inf dot ethz.ch <=
- [Bug binutils/27852] Segmentation fault on readelf -w, amodra at gmail dot com, 2021/05/12

Prev by Date: [Bug binutils/27845] readelf crashes: heap-buffer-overflow
Next by Date: [Bug binutils/27853] New: Infinite loop in dwarf.c:4387-4398
Previous by thread: [Bug binutils/27666] ar doesn't create indices on Solaris/sparcv9
Next by thread: [Bug binutils/27852] Segmentation fault on readelf -w
Index(es):
- Date
- Thread