https://sourceware.org/bugzilla/show_bug.cgi?id=34326

            Bug ID: 34326
           Summary: readelf: SIGSEGV in update_all_relocations when
                    processing ELF relocation table
           Product: binutils
           Version: 2.47 (HEAD)
            Status: UNCONFIRMED
          Severity: normal
          Priority: P2
         Component: binutils
          Assignee: unassigned at sourceware dot org
          Reporter: 970429025 at qq dot com
  Target Milestone: ---

Created attachment 16800
  --> https://sourceware.org/bugzilla/attachment.cgi?id=16800&action=edit
The PoC attachment contains the input file (Heap_Corruption) that triggers this
behavior.

Overview:

Running readelf on a ELF input file causes the program to crash with SIGSEGV.

The crash occurs in update_all_relocations() while processing relocation
information.

Steps to Reproduce:

./readelf -a Heap_Corruption

Actual Results:

readelf terminates with SIGSEGV.

GDB output excerpt:

Program received signal SIGSEGV, Segmentation fault.

#0  0x0000775b7724310a in ?? () from /lib/x86_64-linux-gnu/libc.so.6
#1  0x00000000004763fe in update_all_relocations ()
#2  0x0000000000479f5b in display_relocations ()
#3  0x0000000000450c31 in process_relocs ()
#4  0x0000000000441a83 in process_object ()
#5  0x000000000043260b in process_file ()
#6  0x00000000004305b6 in main ()

Expected Results:

readelf should exit gracefully after reporting an error or warning, rather than
crashing with SIGSEGV.

Build & Platform:

binutils version: GNU Binutils 2.46.50.20260601
component: readelf
OS: Ubuntu 22.04.5 LTS
arch: x86_64

Additional Information:

The PoC attachment contains the input file that triggers the crash:
Heap_Corruption.

Crash type: SIGSEGV
Crash location: update_all_relocations()
Fully reproducible.

-- 
You are receiving this mail because:
You are on the CC list for the bug.

Reply via email to