https://sourceware.org/bugzilla/show_bug.cgi?id=30313
Bug ID: 30313
Summary: readelf: memory allocation failure
(display_debug_lines_decoded dwarf.c:5075)
Product: binutils
Version: 2.40
Status: UNCONFIRMED
Severity: normal
Priority: P2
Component: binutils
Assignee: unassigned at sourceware dot org
Reporter: youngseok.main at gmail dot com
Target Milestone: ---
Created attachment 14804
--> https://sourceware.org/bugzilla/attachment.cgi?id=14804&action=edit
poc_file used in command input
Our fuzzer found a large allocation of 89281220608 bytes in the latest readelf
executable.
**Command Input**
--deb=decodedline poc_file
poc_file is attached.
**Command Output**
readelf: Warning: Section 2 has an out of range sh_link value of 66
readelf: Warning: Section 4 has an out of range sh_info value of 134513376
readelf: Warning: Section 11 has an out of range sh_link value of 2188640256
readelf: Warning: Section 13 has an out of range sh_link value of 2191261696
readelf: Warning: Section 14 has an out of range sh_link value of 237
readelf: Warning: Section 15 has an out of range sh_link value of 251
readelf: Warning: Section 24 has an out of range sh_link value of 1616928864
readelf: Warning: Section 24 has an out of range sh_info value of 1616928864
readelf: Warning: Section 25 has an out of range sh_link value of 1616928864
readelf: Warning: Section 25 has an out of range sh_info value of 1616922976
readelf: Error: Unable to find program interpreter name
readelf: Warning: Corrupt debuglink section:
readelf: Warning: Corrupt debuglink section:
readelf: Warning: .debug_sup section is corrupt/empty
readelf: Warning: .note.gnu.build-id section is corrupt/empty
readelf: Warning: Section is too small to contain a CU/TU header
readelf: Warning: Section is too small to contain a CU/TU header
Contents of the .debug_line section:
readelf: Warning: Only DWARF version 2, 3, 4 and 5 line info is currently
supported.
Contents of the .debug_line section:
readelf: Warning: The length field (0x20) in the debug_line header is wrong -
the section is too small
Contents of the .debug_line section:
readelf: Warning: The length field (0x1c) in the debug_line header is wrong -
the section is too small
Section '.debug_line' has no debugging data.
Contents of the .debug_line section:
readelf: Warning: Only DWARF version 2, 3, 4 and 5 line info is currently
supported.
Contents of the .debug_line section:
readelf: Warning: Line range of 0 is invalid, using 1 instead
readelf: Error: read LEB value is too large to store in destination variable
**Sanitizer Dump**
==2131==AddressSanitizer CHECK failed:
../../../../src/libsanitizer/sanitizer_common/sanitizer_common.cc:118 "((0 &&
"unable to mmap")) != (0)" (0x0, 0x0)
#0 0x7ffff6f01bf2 (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xe9bf2)
#1 0x7ffff6f20575 in __sanitizer::CheckFailed(char const*, int, char
const*, unsigned long long, unsigned long long)
(/usr/lib/x86_64-linux-gnu/libasan.so.4+0x108575)
#2 0x7ffff6f0b482 (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xf3482)
#3 0x7ffff6f17895 (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xff895)
#4 0x7ffff6e448f1 (/usr/lib/x86_64-linux-gnu/libasan.so.4+0x2c8f1)
#5 0x7ffff6e3f04b (/usr/lib/x86_64-linux-gnu/libasan.so.4+0x2704b)
#6 0x7ffff6ef6cf0 in __interceptor_calloc
(/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdecf0)
#7 0x55555578ab57 in xcalloc xmalloc.c:164
#8 0x5555556b8a65 in display_debug_lines_decoded dwarf.c:5075
#9 0x5555556bd140 in display_debug_lines dwarf.c:5712
#10 0x555555675e25 in display_debug_section readelf.c:16375
#11 0x555555676321 in process_section_contents readelf.c:16471
#12 0x555555693871 in process_object readelf.c:22574
#13 0x555555695b03 in process_file readelf.c:22997
#14 0x555555695f62 in main readelf.c:23068
#15 0x7ffff6a48c86 in __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x21c86)
#16 0x55555561d749 in _start
(/home/youngseok/subjects/latest_asan_install/binutils/bin/readelf+0xc9749)
**Environment**
- OS: Ubuntu 18.04
- gcc: 7.5.0
- binutils: 2.40.50.20230404
binutils is built it address sanitizer. Here is the build script:
CFLAGS="-fsanitize=address -g -O0" CXXFLAGS="-fsanitize=address -g -O0" \
./configure --enable-targets=all
--
You are receiving this mail because:
You are on the CC list for the bug.
