[Bug binutils/16723] New: Excessive memory usage

2014-03-18 Thread duretsimon73 at gmail dot com 
https://sourceware.org/bugzilla/show_bug.cgi?id=16723

Bug ID: 16723
   Summary: Excessive memory usage
   Product: binutils
   Version: unspecified
Status: NEW
  Severity: minor
  Priority: P2
 Component: binutils
  Assignee: unassigned at sourceware dot org
  Reporter: duretsimon73 at gmail dot com

Created attachment 7481
  --> https://sourceware.org/bugzilla/attachment.cgi?id=7481&action=edit
File wich cause the bug

Objdump and readelf have bug when handle malformed ELF file, with a bad
.gnu.version_r section.

Objdump use excessive memory when disassembly the malformed ELF file.
Readelf enter in infinite loop (or t long) when running with -V option.

readelf -S a.out | grep .gnu.version_r
[ 8] .gnu.version_rVERNEED 08048914 000914 80 00   A  6
15335426  4

Here is the backtrace of objdump when running under GDB :
gdb$ bt
#0  bfd_getl32 (p=0x81ad914) at libbfd.c:616
#1  0x080aabd8 in _bfd_elf_swap_verneed_in (abfd=abfd@entry=0x81a7920,
src=src@entry=0x81ad908, dst=dst@entry=0x9dcb8830) at elf.c:128
#2  0x080b2c94 in _bfd_elf_slurp_version_tables (abfd=abfd@entry=0x81a7920,
default_imported_symver=default_imported_symver@entry=0x0) at elf.c:7204
#3  0x080a707b in bfd_elf32_slurp_symbol_table (abfd=0x81a7920,
symptrs=0x81ad7d0, dynamic=0x1) at elfcode.h:1159
#4  0x080b251d in _bfd_elf_canonicalize_dynamic_symtab (abfd=0x81a7920,
allocation=0x81ad7d0) at elf.c:7069
#5  0x0804e292 in slurp_dynamic_symtab (abfd=0x81a7920) at ./objdump.c:599
#6  dump_bfd (abfd=abfd@entry=0x81a7920) at ./objdump.c:3231
#7  0x0804f14f in display_object_bfd (abfd=0x81a7920) at ./objdump.c:3312
#8  display_any_bfd (file=file@entry=0x81a7920, level=level@entry=0x0) at
./objdump.c:3386
#9  0x08050ecf in display_file (filename=0xbce8
"/home/tosh/TOSH_GIT/elfzz/vuln/objdump", target=) at
./objdump.c:3407
#10 0x0804bb90 in main (argc=0x3, argv=0xbb64) at ./objdump.c:3689


Here is the backtrace of readelf when running under GDB :
gdb$ bt
#0  0xb7fdd424 in __kernel_vsyscall ()
#1  0xb7ed12d3 in __write_nocancel () from /usr/lib/libc.so.6
#2  0xb7e65191 in _IO_new_file_write () from /usr/lib/libc.so.6
#3  0xb7e643ef in new_do_write () from /usr/lib/libc.so.6
#4  0xb7e6613e in __GI__IO_do_write () from /usr/lib/libc.so.6
#5  0xb7e664dd in __GI__IO_file_overflow () from /usr/lib/libc.so.6
#6  0xb7e6577b in __GI__IO_file_xsputn () from /usr/lib/libc.so.6
#7  0xb7e39bc2 in vfprintf () from /usr/lib/libc.so.6
#8  0xb7e4310f in printf () from /usr/lib/libc.so.6
#9  0x08057ad0 in process_version_sections (file=file@entry=0x80b0920) at
readelf.c:8908
#10 0x0806ad4f in process_object (file_name=file_name@entry=0xbce8
"/home/tosh/TOSH_GIT/elfzz/vuln/objdump", file=file@entry=0x80b0920) at
readelf.c:14275
#11 0x08049751 in process_file (file_name=0xbce8
"/home/tosh/TOSH_GIT/elfzz/vuln/objdump") at readelf.c:14648

File wich cause the bug is in attachment, for reproduce :
$ objdump -d a.out
$ readelf -V a.out

-- 
You are receiving this mail because:
You are on the CC list for the bug.

___
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils

[Bug binutils/16723] Excessive memory usage

2014-03-19 Thread duretsimon73 at gmail dot com 
https://sourceware.org/bugzilla/show_bug.cgi?id=16723

--- Comment #2 from Tosh  ---
Hi, 
it seems good for readelf :)

Thanks.
Tosh

-- 
You are receiving this mail because:
You are on the CC list for the bug.

___
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils

[Bug binutils/18420] New: Segfault in readelf with --unwind option

2015-05-16 Thread duretsimon73 at gmail dot com 
https://sourceware.org/bugzilla/show_bug.cgi?id=18420

Bug ID: 18420
   Summary: Segfault in readelf with --unwind option
   Product: binutils
   Version: 2.25
Status: NEW
  Severity: normal
  Priority: P2
 Component: binutils
  Assignee: unassigned at sourceware dot org
  Reporter: duretsimon73 at gmail dot com
  Target Milestone: ---

Created attachment 8318
  --> https://sourceware.org/bugzilla/attachment.cgi?id=8318&action=edit
ELF 32-bit MSB executable, IA-64, version 1, dynamically linked, interpreter
/usr/lib/hpux32/uld.so:/usr/lib/hpux32/dld.so, stripped, too many notes (256)

Hello,

the attached file cause a segfault on readelf when used with --unwind option
(or --all)

Here are information about the crash :


GNU readelf (GNU Binutils) 2.25.51.20150516
Copyright (C) 2015 Free Software Foundation, Inc.
This program is free software; you may redistribute it under the terms of
the GNU General Public License version 3 or (at your option) any later version.
This program has absolutely no warranty.


Program received signal SIGSEGV, Segmentation fault.
[--registers---]
RAX: 0x6ed001 
RBX: 0x6ed000 
RCX: 0x0 
RDX: 0x2d ('-')
RSI: 0x77bd3970 --> 0x0 
RDI: 0x77bd2740 --> 0xfbad2a84 
RBP: 0x0 
RSP: 0x7fffe400 --> 0xd ('\r')
RIP: 0x425b9f (:  movzx  ebp,BYTE PTR [rbx])
R8 : 0x77bd3970 --> 0x0 
R9 : 0x77fc4700 (0x77fc4700)
R10: 0x97 
R11: 0x246 
R12: 0xaaab 
R13: 0x117db4 
R14: 0x6a70b8 --> 0x100100d8de0300 
R15: 0x34 ('4')
EFLAGS: 0x10206 (carry PARITY adjust zero sign trap INTERRUPT direction
overflow)
[-code-]
   0x425b93 : nopDWORD PTR [rax+rax*1+0x0]
   0x425b98 : learax,[rbx+0x1]
   0x425b9c : test   r13,r13
=> 0x425b9f : movzx  ebp,BYTE PTR [rbx]
   0x425ba2 : movrbx,rax
   0x425ba5 : jne0x425be0 
   0x425ba7 : movecx,r13d
   0x425baa : movzx  edx,bpl
[stack-]
| 0x7fffe400 --> 0xd ('\r')
0008| 0x7fffe408 --> 0x77883139 (:  addrsp,0xd8)
0016| 0x7fffe410 --> 0x7fffe4e0 --> 0x1 
0024| 0x7fffe418 --> 0x300018 
0032| 0x7fffe420 --> 0x7fffe4f0 --> 0x77003162 
0040| 0x7fffe428 --> 0x7fffe430 --> 0x43f859 --> 0x726f746f4d007270
('pr')
0048| 0x7fffe430 --> 0x43f859 --> 0x726f746f4d007270 ('pr')
0056| 0x7fffe438 --> 0x448ae3 --> 0x53444e5f52003150 ('P1')
[--]
Legend: code, data, rodata, value
Stopped reason: SIGSEGV
0x00425b9f in unw_decode_p2_p5 (dp=, code=, arg=) at unwind-ia64.c:780
780 UNW_DEC_SPILL_MASK ("P4", dp, arg);

gdb-peda$ bt
#0  0x00425b9f in unw_decode_p2_p5 (dp=, code=, arg=) at unwind-ia64.c:780
#1  0x004118e9 in dump_ia64_unwind (aux=) at
readelf.c:6738
#2  ia64_process_unwind (file=0x77bd2740 <_IO_2_1_stdout_>) at
readelf.c:7019
#3  0x00423e63 in process_unwind (file=0x67f010) at readelf.c:8435
#4  process_object (file_name=file_name@entry=0x7fffeb80 "./pown/file",
file=file@entry=0x67f010) at readelf.c:16015
#5  0x00401d41 in process_file (file_name=0x7fffeb80 "./pown/file")
at readelf.c:16397
#6  main (argc=0x3, argv=0x7fffe898) at readelf.c:16468
#7  0x77854800 in __libc_start_main () from /usr/lib/libc.so.6
#8  0x00401f19 in _start ()

Best regards,
Tosh

-- 
You are receiving this mail because:
You are on the CC list for the bug.

___
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils