https://sourceware.org/bugzilla/show_bug.cgi?id=30227
Bug ID: 30227
Summary: Large allocation in readelf
Product: binutils
Version: 2.40
Status: UNCONFIRMED
Severity: normal
Priority: P2
Component: binutils
Assignee: unassigned at sourceware dot org
Reporter: youngseok.main at gmail dot com
Target Milestone: ---
Created attachment 14746
--> https://sourceware.org/bugzilla/attachment.cgi?id=14746&action=edit
poc_file
We found a large allocation bug in readelf by fuzzing.
Command Input:
readelf -w poc_file
poc_file is attached.
Output:
readelf: Warning: Section 13 has an out of range sh_link value of 1920234344
readelf: Warning: Section 14 has an out of range sh_link value of 1818850658
readelf: Warning: Section 14 has an out of range sh_info value of 1684614500
readelf: Warning: could not find separate debug file ''
readelf: Warning: tried: /lib/debug/
readelf: Warning: tried: /usr/lib/debug/usr/
readelf: Warning: tried:
/usr/lib/debug//home/youngseok/oss-fuzz-reports/readelf/inter_30_30//
readelf: Warning: tried: /usr/lib/debug/
readelf: Warning: tried:
/home/youngseok/oss-fuzz-reports/readelf/inter_30_30/.debug/
readelf: Warning: tried: /home/youngseok/oss-fuzz-reports/readelf/inter_30_30/
readelf: Warning: tried: .debug/
readelf: Warning: tried:
readelf: Warning: could not find separate debug file ''
readelf: Warning: tried: /lib/debug/
readelf: Warning: tried: /usr/lib/debug/usr/
readelf: Warning: tried:
/usr/lib/debug//home/youngseok/oss-fuzz-reports/readelf/inter_30_30//
readelf: Warning: tried: /usr/lib/debug/
readelf: Warning: tried:
/home/youngseok/oss-fuzz-reports/readelf/inter_30_30/.debug/
readelf: Warning: tried: /home/youngseok/oss-fuzz-reports/readelf/inter_30_30/
readelf: Warning: tried: .debug/
readelf: Warning: tried:
readelf: Warning: unable to open file '' referenced from .debug_sup section
readelf: Warning: .note.gnu.build-id data size is too small
Stack Trace:
==12360==AddressSanitizer CHECK failed:
../../../../src/libsanitizer/sanitizer_common/sanitizer_common.cc:118 "((0 &&
"unable to mmap")) != (0)" (0x0, 0x0)
#0 0x7ffff6f01bf2 (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xe9bf2)
#1 0x7ffff6f20575 in __sanitizer::CheckFailed(char const*, int, char
const*, unsigned long long, unsigned long long)
(/usr/lib/x86_64-linux-gnu/libasan.so.4+0x108575)
#2 0x7ffff6f0b482 (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xf3482)
#3 0x7ffff6f17895 (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xff895)
#4 0x7ffff6e448f1 (/usr/lib/x86_64-linux-gnu/libasan.so.4+0x2c8f1)
#5 0x7ffff6e3f04b (/usr/lib/x86_64-linux-gnu/libasan.so.4+0x2704b)
#6 0x7ffff6ef6cf0 in __interceptor_calloc
(/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdecf0)
#7 0x55555578a438 in xcalloc xmalloc.c:164
#8 0x5555556ed9ad in xcalloc2 dwarf.c:11216
#9 0x5555556ec203 in process_cu_tu_index dwarf.c:10934
#10 0x5555556ed601 in load_cu_tu_indexes dwarf.c:11098
#11 0x5555556ed66b in find_cu_tu_set dwarf.c:11116
#12 0x555555675e15 in display_debug_section readelf.c:16372
#13 0x555555676355 in process_section_contents readelf.c:16470
#14 0x555555693477 in process_object readelf.c:22506
#15 0x555555695709 in process_file readelf.c:22929
#16 0x555555695b68 in main readelf.c:23000
#17 0x7ffff6a48c86 in __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x21c86)
#18 0x55555561d749 in _start
(/home/youngseok/latest-subjects/binutils-gdb/binutils/readelf+0xc9749)
*Environment*
- OS: Ubuntu 18.04
- gcc: 7.5.0
- binutils: 2.40.50.20230314
--
You are receiving this mail because:
You are on the CC list for the bug.
