[Bug binutils/33636] New: elfedit crashes with SIGSEGV on crafted input due to invalid memory access (binutils 2.44)

Sun, 16 Nov 2025 16:13:05 -0800 

https://sourceware.org/bugzilla/show_bug.cgi?id=33636

            Bug ID: 33636
           Summary: elfedit crashes with SIGSEGV on crafted input due to
                    invalid memory access (binutils 2.44)
           Product: binutils
           Version: 2.44
            Status: UNCONFIRMED
          Severity: normal
          Priority: P2
         Component: binutils
          Assignee: unassigned at sourceware dot org
          Reporter: 970429025 at qq dot com
  Target Milestone: ---

Created attachment 16467
  --> https://sourceware.org/bugzilla/attachment.cgi?id=16467&action=edit
The PoC attachment contains the input file that triggers the crash

Overview:
Running elfedit from binutils 2.44 with a specific input file triggers a
segmentation fault due to invalid memory access.

Steps to Reproduce:
./elfedit --disable-x86-feature=lam_u57 Invalid_memory_access

Actual Results:
Program terminates with SIGSEGV.
Crash occurs inside byte_get_little_endian() while dereferencing an invalid
pointer.

Relevant GDB excerpt:
Program received signal SIGSEGV, Segmentation fault.
byte_get_little_endian (field=field@entry=0x77d300f70000 <error: Cannot access
memory at address 0x77d300f70000>, size=size@entry=4)
    at ../../binutils-2.44/binutils/elfcomm.c:135
135             ((uint64_t) field[3] << 24));
(gdb) bt
#0  byte_get_little_endian (field=field@entry=0x77d300f70000 <error: Cannot
access memory at address 0x77d300f70000>, size=size@entry=4)
    at ../../binutils-2.44/binutils/elfcomm.c:135
#1  0x00000000004038de in update_gnu_property
(file_name=file_name@entry=0x7ffc425a5565 "Invalid_Pointer_Dereference",
file=file@entry=0x16db53d0)
    at ../../binutils-2.44/binutils/elfedit.c:125
#2  0x00000000004036d8 in process_file (file_name=0x7ffc425a5565
"Invalid_Pointer_Dereference")
    at ../../binutils-2.44/binutils/elfedit.c:803
#3  0x000000000040338e in main (argc=<optimized out>, argv=0x3)
    at ../../binutils-2.44/binutils/elfedit.c:1102
(gdb)

Expected Results:
elfedit should reject malformed ELF input and exit cleanly instead of crashing.

Build & Platform:
Binutils 2.44
Component: elfedit
OS: Ubuntu 18.04.6 LTS
Platform: x86_64

Additional Information:
The PoC attachment contains the input file that triggers the crash
(Invalid_memory_access).
Crash type: invalid memory access (SIGSEGV).
Fully reproducible.

-- 
You are receiving this mail because:
You are on the CC list for the bug.

Reply via email to