https://sourceware.org/bugzilla/show_bug.cgi?id=23754
Bug ID: 23754
Summary: NULL-Pointer dereference problem in function
do_oper_extract in the eu-ar binaries
Product: elfutils
Version: unspecified
Status: UNCONFIRMED
Severity: normal
Priority: P2
Component: tools
Assignee: unassigned at sourceware dot org
Reporter: wcventure at 126 dot com
CC: elfutils-devel at sourceware dot org
Target Milestone: ---
Hi,
Our fuzzer caught NULL-Pointer dereference problems in eu-ar.c in the latest
elfutils(v0.174) code base, those inputs will cause the signal SIGSEGV,
Segmentation fault. I have confirmed them with address sanitizer.
Please use the “ ./eu-ar -tv $POC ” to reproduce the bug. If you have any
questions, please let me know. Thank you.
The ASAN dumps the stack trace as follows:
ASAN:DEADLYSIGNAL
=================================================================
==24906==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000030 (pc
0x7fb225ed3071 bp 0x7fffdbcb2a50 sp 0x7fffdbcb2370 T0)
==24906==The signal is caused by a READ memory access.
==24906==Hint: address points to the zero page.
#0 0x7fb225ed3070 (/lib/x86_64-linux-gnu/libc.so.6+0xc3070)
#1 0x7fb225ed50a5 in __strftime_l (/lib/x86_64-linux-gnu/libc.so.6+0xc50a5)
#2 0x404574 in do_oper_extract
/mnt/c/wcventure/Fuzzing_Object/elfutils-0.174/src/ar.c:542
#3 0x403203 in main
/mnt/c/wcventure/Fuzzing_Object/elfutils-0.174/src/ar.c:252
#4 0x7fb225e3082f in __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
#5 0x402428 in _start
(/mnt/c/wcventure/Fuzzing_Object/elfutils-0.174/build/bin/eu-ar+0x402428)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV (/lib/x86_64-linux-gnu/libc.so.6+0xc3070)
==24906==ABORTING
--
You are receiving this mail because:
You are on the CC list for the bug.
