[Bug binutils/21156] readefl segfault - invalid read of size 4

Fri, 17 Feb 2017 21:05:41 -0800 

https://sourceware.org/bugzilla/show_bug.cgi?id=21156

--- Comment #6 from Thuan Pham <thuanpv at comp dot nus.edu.sg> ---
Created attachment 9837
  --> https://sourceware.org/bugzilla/attachment.cgi?id=9837&action=edit
Bug triggering input

Hi Nick,
Thanks for your bug fix. Your patch almost fixes the bug, except one corner
case. I have attached one more file (bug_21156_2). Readelf is still vulnerable
to buffer overflow in the while loop condition at line 678:  while ((i =
*set++) > 0)

To reproduce:
Download the newly attached file: bug_21156_2
readelf -w bug_21156_2

ASAN says:

==140857==ERROR: AddressSanitizer: heap-buffer-overflow on address
0x61400000f9f4 at pc 0x47fa95 bp 0x7ffc15203a90 sp 0x7ffc15203a88
READ of size 4 at 0x61400000f9f4 thread T0
    #0 0x47fa94 in find_section_in_set
/home/ubuntu/thesis/subjects/binutils-gdb-nick/build-nick-asan/binutils/../../binutils/readelf.c:678
    #1 0x47edc0 in load_debug_section
/home/ubuntu/thesis/subjects/binutils-gdb-nick/build-nick-asan/binutils/../../binutils/readelf.c:13071
    #2 0x6b1f83 in process_debug_info
/home/ubuntu/thesis/subjects/binutils-gdb-nick/build-nick-asan/binutils/../../binutils/dwarf.c:2331
    #3 0x67aa3f in display_debug_info
/home/ubuntu/thesis/subjects/binutils-gdb-nick/build-nick-asan/binutils/../../binutils/dwarf.c:4907
    #4 0x566d0a in display_debug_section
/home/ubuntu/thesis/subjects/binutils-gdb-nick/build-nick-asan/binutils/../../binutils/readelf.c:13160
    #5 0x4e1b3f in process_section_contents
/home/ubuntu/thesis/subjects/binutils-gdb-nick/build-nick-asan/binutils/../../binutils/readelf.c:13235
    #6 0x48d7e0 in process_object
/home/ubuntu/thesis/subjects/binutils-gdb-nick/build-nick-asan/binutils/../../binutils/readelf.c:16927
    #7 0x488535 in process_file
/home/ubuntu/thesis/subjects/binutils-gdb-nick/build-nick-asan/binutils/../../binutils/readelf.c:17301
    #8 0x485793 in main
/home/ubuntu/thesis/subjects/binutils-gdb-nick/build-nick-asan/binutils/../../binutils/readelf.c:17372
    #9 0x7f3d8e8bff44 (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
    #10 0x47ddfc in _start
(/home/ubuntu/thesis/subjects/binutils-gdb-nick/build-nick-asan/binutils/readelf+0x47ddfc)
Cheers,
Thuan

-- 
You are receiving this mail because:
You are on the CC list for the bug.
_______________________________________________
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils

Reply via email to