[Bug tools/21299] New: heap-based buffer overflow in handle_gnu_hash (readelf.c)

https://sourceware.org/bugzilla/show_bug.cgi?id=21299 Bug ID: 21299 Summary: heap-based buffer overflow in handle_gnu_hash (readelf.c) Product: elfutils Version: unspecified Status: UNCONFIRMED Severity: normal

[Bug tools/21300] New: heap-based buffer overflow in ebl_object_note_type_name (eblobjnotetypename.c)

https://sourceware.org/bugzilla/show_bug.cgi?id=21300 Bug ID: 21300 Summary: heap-based buffer overflow in ebl_object_note_type_name (eblobjnotetypename.c) Product: elfutils Version: unspecified Status: UNCONFIRMED

[Bug libelf/21301] New: memory allocation failure in __libelf_decompress

https://sourceware.org/bugzilla/show_bug.cgi?id=21301 Bug ID: 21301 Summary: memory allocation failure in __libelf_decompress Product: elfutils Version: unspecified Status: UNCONFIRMED Severity: normal Priority: P2

[Bug tools/21299] heap-based buffer overflow in handle_gnu_hash (readelf.c)

https://sourceware.org/bugzilla/show_bug.cgi?id=21299 Mark Wielaard changed: What|Removed |Added CC||mjw at redhat dot com --- Comment #1

[PATCH] readelf: Fix off by one sanity check in handle_gnu_hash.

We sanity check to make sure we don't index outside the chain array by testing inner > max_nsyms. But inner is a zero-based index, while max_nsyms is the maximum number. Change the check to inner >= max_nsyms. https://sourceware.org/bugzilla/show_bug.cgi?id=21299 Signed-off-by: Mark Wielaard ---

[Bug tools/21300] heap-based buffer overflow in ebl_object_note_type_name (eblobjnotetypename.c)

https://sourceware.org/bugzilla/show_bug.cgi?id=21300 Mark Wielaard changed: What|Removed |Added CC||mjw at redhat dot com --- Comment #1

[PATCH] Use the empty string for note names with zero size (without any data).

ELF notes can have a zero sized name. In which case there is no data at all (so also no zero terminator). Make sure to use the empty string for such notes if the code does not otherwise explicitly check n_namesz. https://sourceware.org/bugzilla/show_bug.cgi?id=21300 Signed-off-by: Mark Wielaard

[Bug tools/21300] heap-based buffer overflow in ebl_object_note_type_name (eblobjnotetypename.c)

https://sourceware.org/bugzilla/show_bug.cgi?id=21300 --- Comment #2 from Mark Wielaard --- Posted a patch: https://sourceware.org/ml/elfutils-devel/2017-q1/msg00111.html -- You are receiving this mail because: You are on the CC list for the bug.

[Bug libelf/21301] memory allocation failure in __libelf_decompress

https://sourceware.org/bugzilla/show_bug.cgi?id=21301 Mark Wielaard changed: What|Removed |Added CC||mjw at redhat dot com --- Comment #1

[PATCH] libelf: Check compression ratio before trying to allocate output buffer.

The maximum compression factor (http://www.zlib.net/zlib_tech.html) is 1032:1. Add a sanity check for that before trying to allocate lots of memory and trying to decompress lots of bogus data. https://sourceware.org/bugzilla/show_bug.cgi?id=21301 Signed-off-by: Mark Wielaard --- libelf/ChangeLo

Re: [PATCH] backends: Add support for EM_PPC64 GNU_ATTRIBUTES.

On Wed, 2017-02-15 at 14:39 +0100, Mark Wielaard wrote: > ppc64 and ppc64le ELF files can also contain a power specific > .gnu.attributes section. Add support for those and recognize the new > GNU_Power_ABI_FP Single-precision hard float value. I pushed this to master. It has been in the fedora el

Re: [PATCH] libasm: Fix GCC7 one -Wformat-truncation=2 warning.

On Sun, 2017-02-12 at 21:54 +0100, Mark Wielaard wrote: > Make sure that if we have really many labels the tempsym doesn't get > truncated because it is too small to hold the whole name. I pushed this to master. It has been in the fedora elfutils for some time now. > This doesn't enable -Wformat-