bug-binutils
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Bug binutils/15201] New: readelf invalid memory accesses (debug ranges)


From: paul.marinescu at imperial dot ac.uk
Subject: [Bug binutils/15201] New: readelf invalid memory accesses (debug ranges)
Date: Tue, 26 Feb 2013 17:22:52 +0000

http://sourceware.org/bugzilla/show_bug.cgi?id=15201

             Bug #: 15201
           Summary: readelf invalid memory accesses (debug ranges)
           Product: binutils
           Version: 2.23
            Status: NEW
          Severity: normal
          Priority: P2
         Component: binutils
        AssignedTo: address@hidden
        ReportedBy: address@hidden
    Classification: Unclassified


Created attachment 6899
  --> http://sourceware.org/bugzilla/attachment.cgi?id=6899
valgrind readelf -wR bugtest.o

Valgrind shows various invalid memory accesses made from the
display_debug_ranges function. I used version 2.23.52.20130219 for the trace.

As far as I can tell, the problems stems from the fact that
display_debug_ranges loops until it finds two null bytes, without ever checking
the section size.

I attached the file used to get the output below.


==24717== Memcheck, a memory error detector
==24717== Copyright (C) 2002-2010, and GNU GPL'd, by Julian Seward et al.
==24717== Using Valgrind-3.6.1 and LibVEX; rerun with -h for copyright info
==24717== Command: /home/pm/binutils/binutils/readelf -wR tmpdir/copy.o.test
==24717== 
Contents of the .debug_ranges section:

    Offset   Begin    End
==24717== Invalid read of size 1
==24717==    at 0x42EC10: byte_get_little_endian (elfcomm.c:143)
==24717==    by 0x42EC48: byte_get_signed (elfcomm.c:224)
==24717==    by 0x429FA9: display_debug_ranges (dwarf.c:4616)
==24717==    by 0x41D423: process_section_contents (readelf.c:10985)
==24717==    by 0x41EB11: process_object (readelf.c:13707)
==24717==    by 0x420E9B: main (readelf.c:14078)
==24717==  Address 0x4c28872 is 1 bytes after a block of size 33 alloc'd
==24717==    at 0x4A074CD: malloc (vg_replace_malloc.c:236)
==24717==    by 0x402C2C: get_data (readelf.c:325)
==24717==    by 0x4133E8: load_specific_debug_section (readelf.c:10869)
==24717==    by 0x41D217: process_section_contents (readelf.c:10978)
==24717==    by 0x41EB11: process_object (readelf.c:13707)
==24717==    by 0x420E9B: main (readelf.c:14078)
==24717== 
==24717== Invalid read of size 1
==24717==    at 0x42EC14: byte_get_little_endian (elfcomm.c:144)
==24717==    by 0x42EC48: byte_get_signed (elfcomm.c:224)
==24717==    by 0x429FA9: display_debug_ranges (dwarf.c:4616)
==24717==    by 0x41D423: process_section_contents (readelf.c:10985)
==24717==    by 0x41EB11: process_object (readelf.c:13707)
==24717==    by 0x420E9B: main (readelf.c:14078)
==24717==  Address 0x4c28873 is 2 bytes after a block of size 33 alloc'd
==24717==    at 0x4A074CD: malloc (vg_replace_malloc.c:236)
==24717==    by 0x402C2C: get_data (readelf.c:325)
==24717==    by 0x4133E8: load_specific_debug_section (readelf.c:10869)
==24717==    by 0x41D217: process_section_contents (readelf.c:10978)
==24717==    by 0x41EB11: process_object (readelf.c:13707)
==24717==    by 0x420E9B: main (readelf.c:14078)
==24717== 
==24717== Invalid read of size 1
==24717==    at 0x42EC24: byte_get_little_endian (elfcomm.c:142)
==24717==    by 0x42EC48: byte_get_signed (elfcomm.c:224)
==24717==    by 0x429FA9: display_debug_ranges (dwarf.c:4616)
==24717==    by 0x41D423: process_section_contents (readelf.c:10985)
==24717==    by 0x41EB11: process_object (readelf.c:13707)
==24717==    by 0x420E9B: main (readelf.c:14078)
==24717==  Address 0x4c28871 is 0 bytes after a block of size 33 alloc'd
==24717==    at 0x4A074CD: malloc (vg_replace_malloc.c:236)
==24717==    by 0x402C2C: get_data (readelf.c:325)
==24717==    by 0x4133E8: load_specific_debug_section (readelf.c:10869)
==24717==    by 0x41D217: process_section_contents (readelf.c:10978)
==24717==    by 0x41EB11: process_object (readelf.c:13707)
==24717==    by 0x420E9B: main (readelf.c:14078)
==24717== 
==24717== Invalid read of size 1
==24717==    at 0x42EC2A: byte_get_little_endian (elfcomm.c:145)
==24717==    by 0x42EC48: byte_get_signed (elfcomm.c:224)
==24717==    by 0x429FA9: display_debug_ranges (dwarf.c:4616)
==24717==    by 0x41D423: process_section_contents (readelf.c:10985)
==24717==    by 0x41EB11: process_object (readelf.c:13707)
==24717==    by 0x420E9B: main (readelf.c:14078)
==24717==  Address 0x4c28874 is 3 bytes after a block of size 33 alloc'd
==24717==    at 0x4A074CD: malloc (vg_replace_malloc.c:236)
==24717==    by 0x402C2C: get_data (readelf.c:325)
==24717==    by 0x4133E8: load_specific_debug_section (readelf.c:10869)
==24717==    by 0x41D217: process_section_contents (readelf.c:10978)
==24717==    by 0x41EB11: process_object (readelf.c:13707)
==24717==    by 0x420E9B: main (readelf.c:14078)
==24717== 
    0000001d <End of list>
==24717== Invalid read of size 1
==24717==    at 0x42EC10: byte_get_little_endian (elfcomm.c:143)
==24717==    by 0x42EC48: byte_get_signed (elfcomm.c:224)
==24717==    by 0x429F99: display_debug_ranges (dwarf.c:4614)
==24717==    by 0x41D423: process_section_contents (readelf.c:10985)
==24717==    by 0x41EB11: process_object (readelf.c:13707)
==24717==    by 0x420E9B: main (readelf.c:14078)
==24717==  Address 0x4c2887e is 13 bytes after a block of size 33 alloc'd
==24717==    at 0x4A074CD: malloc (vg_replace_malloc.c:236)
==24717==    by 0x402C2C: get_data (readelf.c:325)
==24717==    by 0x4133E8: load_specific_debug_section (readelf.c:10869)
==24717==    by 0x41D217: process_section_contents (readelf.c:10978)
==24717==    by 0x41EB11: process_object (readelf.c:13707)
==24717==    by 0x420E9B: main (readelf.c:14078)
==24717== 
==24717== Invalid read of size 1
==24717==    at 0x42EC14: byte_get_little_endian (elfcomm.c:144)
==24717==    by 0x42EC48: byte_get_signed (elfcomm.c:224)
==24717==    by 0x429F99: display_debug_ranges (dwarf.c:4614)
==24717==    by 0x41D423: process_section_contents (readelf.c:10985)
==24717==    by 0x41EB11: process_object (readelf.c:13707)
==24717==    by 0x420E9B: main (readelf.c:14078)
==24717==  Address 0x4c2887f is 14 bytes after a block of size 33 alloc'd
==24717==    at 0x4A074CD: malloc (vg_replace_malloc.c:236)
==24717==    by 0x402C2C: get_data (readelf.c:325)
==24717==    by 0x4133E8: load_specific_debug_section (readelf.c:10869)
==24717==    by 0x41D217: process_section_contents (readelf.c:10978)
==24717==    by 0x41EB11: process_object (readelf.c:13707)
==24717==    by 0x420E9B: main (readelf.c:14078)
==24717== 
==24717== Invalid read of size 1
==24717==    at 0x42EC24: byte_get_little_endian (elfcomm.c:142)
==24717==    by 0x42EC48: byte_get_signed (elfcomm.c:224)
==24717==    by 0x429F99: display_debug_ranges (dwarf.c:4614)
==24717==    by 0x41D423: process_section_contents (readelf.c:10985)
==24717==    by 0x41EB11: process_object (readelf.c:13707)
==24717==    by 0x420E9B: main (readelf.c:14078)
==24717==  Address 0x4c2887d is 12 bytes after a block of size 33 alloc'd
==24717==    at 0x4A074CD: malloc (vg_replace_malloc.c:236)
==24717==    by 0x402C2C: get_data (readelf.c:325)
==24717==    by 0x4133E8: load_specific_debug_section (readelf.c:10869)
==24717==    by 0x41D217: process_section_contents (readelf.c:10978)
==24717==    by 0x41EB11: process_object (readelf.c:13707)
==24717==    by 0x420E9B: main (readelf.c:14078)
==24717== 
==24717== Invalid read of size 1
==24717==    at 0x42EC2A: byte_get_little_endian (elfcomm.c:145)
==24717==    by 0x42EC48: byte_get_signed (elfcomm.c:224)
==24717==    by 0x429F99: display_debug_ranges (dwarf.c:4614)
==24717==    by 0x41D423: process_section_contents (readelf.c:10985)
==24717==    by 0x41EB11: process_object (readelf.c:13707)
==24717==    by 0x420E9B: main (readelf.c:14078)
==24717==  Address 0x4c28880 is 15 bytes after a block of size 33 alloc'd
==24717==    at 0x4A074CD: malloc (vg_replace_malloc.c:236)
==24717==    by 0x402C2C: get_data (readelf.c:325)
==24717==    by 0x4133E8: load_specific_debug_section (readelf.c:10869)
==24717==    by 0x41D217: process_section_contents (readelf.c:10978)
==24717==    by 0x41EB11: process_object (readelf.c:13707)
==24717==    by 0x420E9B: main (readelf.c:14078)
==24717== 
    0000002d <End of list>

==24717== 
==24717== HEAP SUMMARY:
==24717==     in use at exit: 8,192 bytes in 1 blocks
==24717==   total heap usage: 99 allocs, 98 frees, 25,218 bytes allocated
==24717== 
==24717== LEAK SUMMARY:
==24717==    definitely lost: 8,192 bytes in 1 blocks
==24717==    indirectly lost: 0 bytes in 0 blocks
==24717==      possibly lost: 0 bytes in 0 blocks
==24717==    still reachable: 0 bytes in 0 blocks
==24717==         suppressed: 0 bytes in 0 blocks
==24717== Rerun with --leak-check=full to see details of leaked memory
==24717== 
==24717== For counts of detected and suppressed errors, rerun with: -v
==24717== ERROR SUMMARY: 12 errors from 8 contexts (suppressed: 2 from 2)

-- 
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.



reply via email to

[Prev in Thread] Current Thread [Next in Thread]