https://sourceware.org/bugzilla/show_bug.cgi?id=27860
Bug ID: 27860
Summary: Segmentation fault on readelf -w
Product: binutils
Version: 2.37 (HEAD)
Status: UNCONFIRMED
Severity: normal
Priority: P2
Component: binutils
Assignee: unassigned at sourceware dot org
Reporter: shaohua.li at inf dot ethz.ch
Target Milestone: ---
Created attachment 13445
--> https://sourceware.org/bugzilla/attachment.cgi?id=13445&action=edit
poc
Hi there,
I crashed `readelf -w` with a crafted input. I attached the poc. Note that,
this poc will only crash gcc11 compiled binary, but not clang12 compiled
binary.
Compiler: gcc11 (clang12 compiled binary won't crash)
Reproduce: `readelf -w poc`
gdb bt for your convenience:
Program received signal SIGSEGV, Segmentation fault.
byte_get_little_endian (field=0x561b44463ee8 <error: Cannot access memory at
address 0x561b44463ee8>, size=4) at elfcomm.c:118
118 return ((unsigned long) (field[0]))
(gdb) bt
#0 byte_get_little_endian (field=0x561b44463ee8 <error: Cannot access memory
at address 0x561b44463ee8>, size=4)
at elfcomm.c:118
#1 0x0000561b53d187f4 in display_debug_frames (section=0x561b53db0ed8
<debug_displays+728>, file=<optimized out>)
at dwarf.c:8723
#2 0x0000561b53cf07e3 in display_debug_section (filedata=<optimized out>,
section=0x561b54548260, shndx=8) at readelf.c:15549
#3 process_section_contents (filedata=filedata@entry=0x561b54546310) at
readelf.c:15644
#4 0x0000561b53cf1949 in process_section_contents (filedata=0x561b54546310) at
readelf.c:15603
#5 process_object (filedata=filedata@entry=0x561b54546310) at readelf.c:21378
#6 0x0000561b53cf4a1f in process_object (filedata=0x561b54546310) at
readelf.c:21314
#7 process_archive (filedata=filedata@entry=0x561b54546310,
is_thin_archive=is_thin_archive@entry=false) at readelf.c:21710
#8 0x0000561b53cbe531 in process_file (file_name=0x7ffff727a888 "poc") at
readelf.c:21783
#9 main (argc=<optimized out>, argv=<optimized out>) at readelf.c:21871
--
You are receiving this mail because:
You are on the CC list for the bug.
