https://sourceware.org/bugzilla/show_bug.cgi?id=23787
Bug ID: 23787
Summary: Invalid Address Deference problem in function elf_end
in libelf the latest elfutils-0.174
Product: elfutils
Version: unspecified
Status: UNCONFIRMED
Severity: normal
Priority: P2
Component: libelf
Assignee: unassigned at sourceware dot org
Reporter: wcventure at 126 dot com
CC: elfutils-devel at sourceware dot org
Target Milestone: ---
Created attachment 11338
--> https://sourceware.org/bugzilla/attachment.cgi?id=11338&action=edit
POC1
Hi,
Our fuzzer found an Invalid Address Deference problem in function elf_end in
libelf the latest elfutils-0.174 code base. I have confirmed them with Address
Sanitizer, too.
The function elf_end is called by size.c. Here are the POC files. Please use "
./eu-size $POC " to reproduce this bug.
The ASAN dumps the stack trace as follows:
ASAN:DEADLYSIGNAL
=================================================================
==21938==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000010 (pc
0x7f1a0efb3cd6 bp 0x7ffd04b5dc40 sp 0x7ffd04b5db50 T0)
==21938==The signal is caused by a READ memory access.
==21938==Hint: address points to the zero page.
#0 0x7f1a0efb3cd5 in elf_end (/usr/lib/x86_64-linux-gnu/libelf.so.1+0x4cd5)
#1 0x405aa2 in handle_ar
/media/hjwang/01D3344861A8D2E0/wcventure/Project/elfutils/src/size.c:373
#2 0x401c7a in process_file
/media/hjwang/01D3344861A8D2E0/wcventure/Project/elfutils/src/size.c:294
#3 0x401c7a in main
/media/hjwang/01D3344861A8D2E0/wcventure/Project/elfutils/src/size.c:186
#4 0x7f1a0ec0582f in __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
#5 0x4029f8 in _start
(/media/hjwang/01D3344861A8D2E0/wcventure/Project/elfutils/build/bin/eu-size+0x4029f8)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV (/usr/lib/x86_64-linux-gnu/libelf.so.1+0x4cd5)
in elf_end
==21938==ABORTING
Aborted
--
You are receiving this mail because:
You are on the CC list for the bug.
