bug-binutils
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Bug binutils/17531] readelf crashes on fuzzed samples


From: nickc at redhat dot com
Subject: [Bug binutils/17531] readelf crashes on fuzzed samples
Date: Tue, 10 Feb 2015 17:56:25 +0000

https://sourceware.org/bugzilla/show_bug.cgi?id=17531

--- Comment #86 from Nick Clifton <nickc at redhat dot com> ---
Hi Alexander,

> Problems with `readelf -agteAruhlsSdIncVWw --dyn-syms -D` (32-bit) -- ubsan

> This is an experimental report. Attached samples expose undefined behavior.
> The errors are collected with binutils built with gcc-4.9
> -fsanitize=undefined (exact configure is in configure-ubsan.txt).
> 
> It it's useful I'll integrate it into the usual reports. It it's not useful
> feel free to ignore it.

I do find it useful, so please do integrate it into your reports.

> Errors:
>       1 ../../../source/binutils/dwarf.c:2771:3: runtime error: variable
> length array bound evaluates to non-positive value ...
>       1 ../../../source/binutils/dwarf.c:279:45: runtime error: shift
> exponent ... is too large for 64-bit type 'long long unsigned int'
>       1 ../../../source/binutils/dwarf.c:3781:4: runtime error: variable
> length array bound evaluates to non-positive value ...
>       1 ../../../source/binutils/dwarf.c:451:7: runtime error: variable
> length array bound evaluates to non-positive value ...
>       1 ../../../source/binutils/dwarf.c:5884:6: runtime error: variable
> length array bound evaluates to non-positive value ...
>       1 ../../../source/binutils/dwarf.c:5892:4: runtime error: variable
> length array bound evaluates to non-positive value ...
>       1 ../../../source/binutils/dwarf.c:6431:3: runtime error: signed
> integer overflow: ... * ... cannot be represented in type 'int'
>       1 ../../../source/binutils/dwarf.c:6437:29: runtime error: signed
> integer overflow: ... * ... cannot be represented in type 'int'
>       1 ../../../source/binutils/dwarf.c:6447:3: runtime error: signed
> integer overflow: ... * ... cannot be represented in type 'int'
>       1 ../../../source/binutils/dwarf.c:6453:29: runtime error: signed
> integer overflow: ... * ... cannot be represented in type 'int'
>       1 ../../../source/binutils/dwarf.c:6460:40: runtime error: signed
> integer overflow: ... * ... cannot be represented in type 'int'
>       1 ../../../source/binutils/dwarf.c:6469:40: runtime error: signed
> integer overflow: ... * ... cannot be represented in type 'int'
>       1 ../../../source/binutils/readelf.c:15068:46: runtime error: signed
> integer overflow: ... - ... cannot be represented in type 'int'
>       1 ../../../source/binutils/readelf.c:1615:7: runtime error: negation
> of ... cannot be represented in type 'long long int'; cast to an unsigned
> type to negate this value to itself
>       1 ../../../source/binutils/readelf.c:1627:6: runtime error: negation
> of ... cannot be represented in type 'long long int'; cast to an unsigned
> type to negate this value to itself

These should all be fixed now.

Cheers
  Nick

-- 
You are receiving this mail because:
You are on the CC list for the bug.



reply via email to

[Prev in Thread] Current Thread [Next in Thread]