[Bug binutils/24798] New: Segmentation fault in elfcomm.c

Wed, 10 Jul 2019 07:42:16 -0700 

https://sourceware.org/bugzilla/show_bug.cgi?id=24798

            Bug ID: 24798
           Summary: Segmentation fault  in elfcomm.c
           Product: binutils
           Version: 2.33 (HEAD)
            Status: UNCONFIRMED
          Severity: critical
          Priority: P2
         Component: binutils
          Assignee: unassigned at sourceware dot org
          Reporter: featherrain26 at gmail dot com
  Target Milestone: ---

Created attachment 11900
  --> https://sourceware.org/bugzilla/attachment.cgi?id=11900&action=edit
Poc input

Hi, there.

I find a segmentation fault with readelf in elfcomm.c

It seems to be incomplete fix issue of CVE-2017-9038.

The system information:
Description:    Ubuntu 16.04.6 LTS
Release:        16.04
Codename:       xenial
gcc:            5.4

To reproduce the issue, the compile flag is:
CFLAGS="-g -O0 -m32 -fsanitize=address" ./configure ;make

Then,
./readelf -aw input

Here are the details of the crash reported by ASAN:

==97112==ERROR: AddressSanitizer: SEGV on unknown address 0x0a942768 (pc
0x08124d6a bp 0xff89c048 sp 0xff89bf90 T0)
    #0 0x8124d69 in byte_get_little_endian
/mnt/data/playground/binutils-2.32-pg/binutils-2.32/binutils/elfcomm.c:148
    #1 0x812126e in process_cu_tu_index
/mnt/data/playground/binutils-2.32-pg/binutils-2.32/binutils/dwarf.c:9465
    #2 0x81216a7 in load_cu_tu_indexes
/mnt/data/playground/binutils-2.32-pg/binutils-2.32/binutils/dwarf.c:9511
    #3 0x8121706 in find_cu_tu_set
/mnt/data/playground/binutils-2.32-pg/binutils-2.32/binutils/dwarf.c:9529
    #4 0x80b705d in display_debug_section
/mnt/data/playground/binutils-2.32-pg/binutils-2.32/binutils/readelf.c:13943
    #5 0x80b796e in process_section_contents
/mnt/data/playground/binutils-2.32-pg/binutils-2.32/binutils/readelf.c:14036
    #6 0x80d5873 in process_object
/mnt/data/playground/binutils-2.32-pg/binutils-2.32/binutils/readelf.c:19285
    #7 0x80d7b2d in process_file
/mnt/data/playground/binutils-2.32-pg/binutils-2.32/binutils/readelf.c:19708
    #8 0x80d7f03 in main
/mnt/data/playground/binutils-2.32-pg/binutils-2.32/binutils/readelf.c:19767
    #9 0xf6c02636 in __libc_start_main (/lib/i386-linux-gnu/libc.so.6+0x18636)
    #10 0x8049a50 
(/mnt/data/playground/binutils-2.32-pg/binutils-2.32/binutils/readelf+0x8049a50)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV
/mnt/data/playground/binutils-2.32-pg/binutils-2.32/binutils/elfcomm.c:148
byte_get_little_endian
==97112==ABORTING

The attachment is the POC file.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
_______________________________________________
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils

Reply via email to