[Bug binutils/17531] readelf crashes on fuzzed samples

bug-binutils

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Bug binutils/17531] readelf crashes on fuzzed samples

From:	cherepan at mccme dot ru
Subject:	[Bug binutils/17531] readelf crashes on fuzzed samples
Date:	Sun, 08 Feb 2015 16:48:09 +0000

https://sourceware.org/bugzilla/show_bug.cgi?id=17531

--- Comment #82 from Alexander Cherepanov <cherepan at mccme dot ru> ---
Created attachment 8108
  --> https://sourceware.org/bugzilla/attachment.cgi?id=8108&action=edit
Problems with `readelf -agteAruhlsSdIncVWw --dyn-syms -D` (32-bit) -- ubsan

This is an experimental report. Attached samples expose undefined behavior. The
errors are collected with binutils built with gcc-4.9 -fsanitize=undefined
(exact configure is in configure-ubsan.txt).

It it's useful I'll integrate it into the usual reports. It it's not useful
feel free to ignore it.

----------------------------------------------------------------------

ubsan

Files: 12
Errors:
      1 ../../../source/binutils/dwarf.c:2771:3: runtime error: variable length
array bound evaluates to non-positive value ...
      1 ../../../source/binutils/dwarf.c:279:45: runtime error: shift exponent
... is too large for 64-bit type 'long long unsigned int'
      1 ../../../source/binutils/dwarf.c:3781:4: runtime error: variable length
array bound evaluates to non-positive value ...
      1 ../../../source/binutils/dwarf.c:451:7: runtime error: variable length
array bound evaluates to non-positive value ...
      1 ../../../source/binutils/dwarf.c:5884:6: runtime error: variable length
array bound evaluates to non-positive value ...
      1 ../../../source/binutils/dwarf.c:5892:4: runtime error: variable length
array bound evaluates to non-positive value ...
      1 ../../../source/binutils/dwarf.c:6431:3: runtime error: signed integer
overflow: ... * ... cannot be represented in type 'int'
      1 ../../../source/binutils/dwarf.c:6437:29: runtime error: signed integer
overflow: ... * ... cannot be represented in type 'int'
      1 ../../../source/binutils/dwarf.c:6447:3: runtime error: signed integer
overflow: ... * ... cannot be represented in type 'int'
      1 ../../../source/binutils/dwarf.c:6453:29: runtime error: signed integer
overflow: ... * ... cannot be represented in type 'int'
      1 ../../../source/binutils/dwarf.c:6460:40: runtime error: signed integer
overflow: ... * ... cannot be represented in type 'int'
      1 ../../../source/binutils/dwarf.c:6469:40: runtime error: signed integer
overflow: ... * ... cannot be represented in type 'int'
      1 ../../../source/binutils/readelf.c:15068:46: runtime error: signed
integer overflow: ... - ... cannot be represented in type 'int'
      1 ../../../source/binutils/readelf.c:1615:7: runtime error: negation of
... cannot be represented in type 'long long int'; cast to an unsigned type to
negate this value to itself
      1 ../../../source/binutils/readelf.c:1627:6: runtime error: negation of
... cannot be represented in type 'long long int'; cast to an unsigned type to
negate this value to itself

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Prev in Thread]

Current Thread

[Next in Thread]

[Bug binutils/17531] readelf crashes on fuzzed samples, (continued)
- [Bug binutils/17531] readelf crashes on fuzzed samples, nickc at redhat dot com, 2015/02/03
- [Bug binutils/17531] readelf crashes on fuzzed samples, cherepan at mccme dot ru, 2015/02/03
- [Bug binutils/17531] readelf crashes on fuzzed samples, cvs-commit at gcc dot gnu.org, 2015/02/04
- [Bug binutils/17531] readelf crashes on fuzzed samples, nickc at redhat dot com, 2015/02/04
- [Bug binutils/17531] readelf crashes on fuzzed samples, cherepan at mccme dot ru, 2015/02/04
- [Bug binutils/17531] readelf crashes on fuzzed samples, cherepan at mccme dot ru, 2015/02/04
- [Bug binutils/17531] readelf crashes on fuzzed samples, cvs-commit at gcc dot gnu.org, 2015/02/06
- [Bug binutils/17531] readelf crashes on fuzzed samples, cvs-commit at gcc dot gnu.org, 2015/02/06
- [Bug binutils/17531] readelf crashes on fuzzed samples, nickc at redhat dot com, 2015/02/06
- [Bug binutils/17531] readelf crashes on fuzzed samples, cherepan at mccme dot ru, 2015/02/08
- [Bug binutils/17531] readelf crashes on fuzzed samples, cherepan at mccme dot ru <=
- [Bug binutils/17531] readelf crashes on fuzzed samples, cvs-commit at gcc dot gnu.org, 2015/02/10
- [Bug binutils/17531] readelf crashes on fuzzed samples, nickc at redhat dot com, 2015/02/10
- [Bug binutils/17531] readelf crashes on fuzzed samples, cvs-commit at gcc dot gnu.org, 2015/02/10
- [Bug binutils/17531] readelf crashes on fuzzed samples, nickc at redhat dot com, 2015/02/10
- [Bug binutils/17531] readelf crashes on fuzzed samples, cherepan at mccme dot ru, 2015/02/10
- [Bug binutils/17531] readelf crashes on fuzzed samples, cvs-commit at gcc dot gnu.org, 2015/02/11
- [Bug binutils/17531] readelf crashes on fuzzed samples, nickc at redhat dot com, 2015/02/11
- [Bug binutils/17531] readelf crashes on fuzzed samples, cherepan at mccme dot ru, 2015/02/11
- [Bug binutils/17531] readelf crashes on fuzzed samples, cvs-commit at gcc dot gnu.org, 2015/02/13
- [Bug binutils/17531] readelf crashes on fuzzed samples, nickc at redhat dot com, 2015/02/13

Prev by Date: [Bug binutils/17531] readelf crashes on fuzzed samples
Next by Date: [Bug binutils/17512] libbfd/binutils: crashes on fuzzed samples
Previous by thread: [Bug binutils/17531] readelf crashes on fuzzed samples
Next by thread: [Bug binutils/17531] readelf crashes on fuzzed samples
Index(es):
- Date
- Thread