https://sourceware.org/bugzilla/show_bug.cgi?id=27852
Bug ID: 27852
Summary: Segmentation fault on readelf -w
Product: binutils
Version: 2.37 (HEAD)
Status: UNCONFIRMED
Severity: normal
Priority: P2
Component: binutils
Assignee: unassigned at sourceware dot org
Reporter: shaohua.li at inf dot ethz.ch
Target Milestone: ---
Created attachment 13439
--> https://sourceware.org/bugzilla/attachment.cgi?id=13439&action=edit
poc
Hi there,
I crashes readelf (with the flag -w) with a crafted input generated by a
fuzzer.
Compiler: gcc11 (won't crash on clang12 compiled binary)
Reproduce: `readelf -w poc`
AddressSanitizer output:
==60382==ERROR: AddressSanitizer: SEGV on unknown address 0x61cf00000dbb (pc
0x000000561bd0 bp 0x7ffc9cbfc580 sp 0x7ffc9cbfc290 T0)
==60382==The signal is caused by a READ memory access.
#0 0x561bd0 in byte_get_little_endian
/data/clean/binutils-gdb-asan/binutils/elfcomm.c:118:33
#1 0x526109 in process_debug_info
/data/clean/binutils-gdb-asan/binutils/dwarf.c:3644:7
#2 0x535552 in display_debug_info
/data/clean/binutils-gdb-asan/binutils/dwarf.c:7268:10
#3 0x4ee444 in display_debug_section
/data/clean/binutils-gdb-asan/binutils/readelf.c:15549:18
#4 0x4ee444 in process_section_contents
/data/clean/binutils-gdb-asan/binutils/readelf.c:15644:10
#5 0x4d4a4a in process_object
/data/clean/binutils-gdb-asan/binutils/readelf.c:21378:9
#6 0x4cb537 in process_file
/data/clean/binutils-gdb-asan/binutils/readelf.c:21800:13
#7 0x4cb537 in main
/data/clean/binutils-gdb-asan/binutils/readelf.c:21871:11
#8 0x7f8cb13f10b2 in __libc_start_main
/build/glibc-eX1tMB/glibc-2.31/csu/../csu/libc-start.c:308:16
#9 0x41c46d in _start
(/data/clean/binutils-gdb-asan/binutils/readelf+0x41c46d)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV
/data/clean/binutils-gdb-asan/binutils/elfcomm.c:118:33 in
byte_get_little_endian
==60382==ABORTING
--
You are receiving this mail because:
You are on the CC list for the bug.
