I found a repeatable denial of service crash in readelf while fuzzing with some ELF objects the other day. Here is the GDB trace:
... Program received signal SIGSEGV, Segmentation fault. 0x08069c99 in byte_get_little_endian (field=0x8d784b8 <Address 0x8d784b8 out of bounds>, size=4) at dwarf.c:68 68 return ((unsigned long) (field[0])) (gdb) bt #0 0x08069c99 in byte_get_little_endian (field=0x8d784b8 <Address 0x8d784b8 out of bounds>, size=4) at dwarf.c:68 #1 0x0805bbfb in process_version_sections (file=0x8088058) at readelf.c:6596 #2 0x0806264e in process_object (file_name=<value optimized out>, file=0x8088058) at readelf.c:9599 #3 0x08064eae in main (argc=Cannot access memory at address 0xcf0010 ... You can find the elf object at http://www.structsoftware.net/elf-crashes-readelf - chris -- Summary: Crash in readelf from binutils 2.18 Product: binutils Version: 2.18 Status: NEW Severity: normal Priority: P2 Component: binutils AssignedTo: unassigned at sources dot redhat dot com ReportedBy: info at structsoftware dot net CC: bug-binutils at gnu dot org http://sourceware.org/bugzilla/show_bug.cgi?id=5013 ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. _______________________________________________ bug-binutils mailing list bug-binutils@gnu.org http://lists.gnu.org/mailman/listinfo/bug-binutils
