[Bug binutils/13622] New: readelf crashes when reading binary with shredded section header offset

Tue, 24 Jan 2012 17:56:03 -0800 

http://sourceware.org/bugzilla/show_bug.cgi?id=13622

             Bug #: 13622
           Summary: readelf crashes when reading binary with shredded
                    section header offset
           Product: binutils
           Version: 2.22
            Status: NEW
          Severity: normal
          Priority: P2
         Component: binutils
        AssignedTo: unassig...@sourceware.org
        ReportedBy: j...@das-labor.org
    Classification: Unclassified


When readelf tries to read a section header that is paste the size of the
target ELF it crashes with a SIGABRT.

Steps to reproduce:
1.) Trash the section header offset of any elf (i.e. write 0xFF @ 0x21 for
32bit ELF)
2.) Run readelf -a elf_with_corrupted_header

readelf: Error: Unable to read in 0x28 bytes of section headers
ELF Header:
<snip>
  Start of section headers:          39288 (bytes into file)
<snip>
readelf: Error: Unable to read in 0x4d8 bytes of section headers
readelf: Error: Section headers are not available!

Program received signal SIGABRT, Aborted.
RAX: 0x0000000000000000
=> 0x7ffff7854935 <raise+53>:   cmp    rax,0xfffffffffffff000
   0x7ffff785493b <raise+59>:   ja     0x7ffff785494f <raise+79>
   0x7ffff785493d <raise+61>:   repz ret 
   0x7ffff785493f <raise+63>:   nop
   0x7ffff7854940 <raise+64>:   test   eax,eax
   0x7ffff7854942 <raise+66>:   jg     0x7ffff7854925 <raise+37>
   0x7ffff7854944 <raise+68>:   test   eax,0x7fffffff
   0x7ffff7854949 <raise+73>:   je     0x7ffff7854960 <raise+96>

0x00007ffff7854935 in raise () from /lib/libc.so.6
gdb$ bt
#0  0x00007ffff7854935 in raise () from /lib/libc.so.6
#1  0x00007ffff7855dab in abort () from /lib/libc.so.6
#2  0x000000000041de99 in process_section_groups (file=<optimized out>) at
/tmp/binutils/src/binutils/readelf.c:4964
#3  process_object (file_name=<optimized out>, file=0x65a060) at
/tmp/binutils/src/binutils/readelf.c:13283
#4  0x0000000000401dc4 in process_file (file_name=0x7fffffffe91a "a.out") at
/tmp/binutils/src/binutils/readelf.c:13659
#5  main (argc=0x3, argv=0x7fffffffe5e8) at
/tmp/binutils/src/binutils/readelf.c:13724

-- 
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

_______________________________________________
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils

Reply via email to