objdump invalid memory accesses

paul.marinescu at imperial dot ac.uk Tue, 19 Feb 2013 03:15:08 -0800

http://sourceware.org/bugzilla/show_bug.cgi?id=15158


             Bug #: 15158
           Summary: readelf/objdump invalid memory accesses
           Product: binutils
           Version: 2.23
            Status: NEW
          Severity: normal
          Priority: P2
         Component: binutils
        AssignedTo: unassig...@sourceware.org
        ReportedBy: paul.marine...@imperial.ac.uk
    Classification: Unclassified


Created attachment 6879
  --> http://sourceware.org/bugzilla/attachment.cgi?id=6879
reproduce using valgrind readelf -wR input.o

readelf and objdump may access invalid memory (off-by-one as far as I could
see) on some broken inputs. I attached one such input. On version
2.23.52.20130219, 64bit machine, Valgrind reports

==21834== Command: binutils/readelf -wR input.o
==21834== 
==21834== Invalid read of size 1
==21834==    at 0x4238B6: process_abbrev_section.part.7 (dwarf.c:638)
==21834==    by 0x429945: process_debug_info (dwarf.c:615)
==21834==    by 0x429A37: load_debug_info (dwarf.c:2327)
==21834==    by 0x429D9E: display_debug_ranges (dwarf.c:4523)
==21834==    by 0x41D423: process_section_contents (readelf.c:10985)
==21834==    by 0x41EB11: process_object (readelf.c:13707)
==21834==    by 0x420E9B: main (readelf.c:14078)
==21834==  Address 0x4c29862 is 0 bytes after a block of size 18 alloc'd
==21834==    at 0x4A074CD: malloc (vg_replace_malloc.c:236)
==21834==    by 0x402C2C: get_data (readelf.c:325)
==21834==    by 0x4133E8: load_specific_debug_section (readelf.c:10869)
==21834==    by 0x428C76: process_debug_info (dwarf.c:2008)
==21834==    by 0x429A37: load_debug_info (dwarf.c:2327)
==21834==    by 0x429D9E: display_debug_ranges (dwarf.c:4523)
==21834==    by 0x41D423: process_section_contents (readelf.c:10985)
==21834==    by 0x41EB11: process_object (readelf.c:13707)
==21834==    by 0x420E9B: main (readelf.c:14078)
==21834== 
==21834== Invalid read of size 1
==21834==    at 0x4237F0: read_leb128 (dwarf.c:208)
==21834==    by 0x42391D: process_abbrev_section.part.7 (dwarf.c:646)
==21834==    by 0x429945: process_debug_info (dwarf.c:615)
==21834==    by 0x429A37: load_debug_info (dwarf.c:2327)
==21834==    by 0x429D9E: display_debug_ranges (dwarf.c:4523)
==21834==    by 0x41D423: process_section_contents (readelf.c:10985)
==21834==    by 0x41EB11: process_object (readelf.c:13707)
==21834==    by 0x420E9B: main (readelf.c:14078)
==21834==  Address 0x4c29863 is 1 bytes after a block of size 18 alloc'd
==21834==    at 0x4A074CD: malloc (vg_replace_malloc.c:236)
==21834==    by 0x402C2C: get_data (readelf.c:325)
==21834==    by 0x4133E8: load_specific_debug_section (readelf.c:10869)
==21834==    by 0x428C76: process_debug_info (dwarf.c:2008)
==21834==    by 0x429A37: load_debug_info (dwarf.c:2327)
==21834==    by 0x429D9E: display_debug_ranges (dwarf.c:4523)
==21834==    by 0x41D423: process_section_contents (readelf.c:10985)
==21834==    by 0x41EB11: process_object (readelf.c:13707)
==21834==    by 0x420E9B: main (readelf.c:14078)
==21834== 
==21834== Invalid read of size 1
==21834==    at 0x4237F0: read_leb128 (dwarf.c:208)
==21834==    by 0x423936: process_abbrev_section.part.7 (dwarf.c:649)
==21834==    by 0x429945: process_debug_info (dwarf.c:615)
==21834==    by 0x429A37: load_debug_info (dwarf.c:2327)
==21834==    by 0x429D9E: display_debug_ranges (dwarf.c:4523)
==21834==    by 0x41D423: process_section_contents (readelf.c:10985)
==21834==    by 0x41EB11: process_object (readelf.c:13707)
==21834==    by 0x420E9B: main (readelf.c:14078)
==21834==  Address 0x4c29864 is 2 bytes after a block of size 18 alloc'd
==21834==    at 0x4A074CD: malloc (vg_replace_malloc.c:236)
==21834==    by 0x402C2C: get_data (readelf.c:325)
==21834==    by 0x4133E8: load_specific_debug_section (readelf.c:10869)
==21834==    by 0x428C76: process_debug_info (dwarf.c:2008)
==21834==    by 0x429A37: load_debug_info (dwarf.c:2327)
==21834==    by 0x429D9E: display_debug_ranges (dwarf.c:4523)
==21834==    by 0x41D423: process_section_contents (readelf.c:10985)
==21834==    by 0x41EB11: process_object (readelf.c:13707)
==21834==    by 0x420E9B: main (readelf.c:14078)
==21834== 
readelf: Error: .debug_abbrev section not zero terminated
readelf: Warning: DIE at offset c refers to abbreviation number 16 which does
not exist
readelf: Warning: Unable to load/parse the .debug_info section, so cannot
interpret the .debug_ranges section.
==21834== 
==21834== HEAP SUMMARY:
==21834==     in use at exit: 0 bytes in 0 blocks
==21834==   total heap usage: 94 allocs, 94 frees, 16,970 bytes allocated
==21834== 
==21834== All heap blocks were freed -- no leaks are possible
==21834== 
==21834== For counts of detected and suppressed errors, rerun with: -v
==21834== ERROR SUMMARY: 3 errors from 3 contexts (suppressed: 2 from 2)

-- 
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

_______________________________________________
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils

[Bug binutils/15158] New: readelf/objdump invalid memory accesses

Reply via email to