[Bug binutils/18831] readelf "Build ID" overflow

[address@hidden]

https://sourceware.org/bugzilla/show_bug.cgi?id=18831

--- Comment #2 from Nafiez <address@hidden> ---
Output from GDB:

Starting program: /usr/bin/readelf -a /home/fuzz/fuzzy/readelf/out/crashes/test

...snippet...

Displaying notes found at file offset 0x00000188 with length 0x00000024:
  Owner                 Data size       Description
  GNU                  0xffffffff       NT_GNU_BUILD_ID (unique build ID
bitstring)

  Build ID: <random_number_here> <---- Integer overflow

Program received signal SIGSEGV, Segmentation fault.
[----------------------------------registers-----------------------------------]
EAX: 0x2 
EBX: 0x80b347f --> 0xbbff6500 
ECX: 0xb7fa8898 --> 0x0 
EDX: 0x2 
ESI: 0x80d2000 
EDI: 0x8084b32 --> 0x494e5500 ('')
EBP: 0x80b347c --> 0x554e47 ('GNU')
ESP: 0xbfffed90 --> 0x1 
EIP: 0x8061ab0 (movzx  eax,BYTE PTR [esi])
EFLAGS: 0x10216 (carry PARITY ADJUST zero sign trap INTERRUPT direction
overflow)
[-------------------------------------code-------------------------------------]
   0x8061aa4:   lea    ebx,[esi+eax*1]
   0x8061aa7:   je     0x806192e
   0x8061aad:   lea    esi,[esi+0x0]
=> 0x8061ab0:   movzx  eax,BYTE PTR [esi]
   0x8061ab3:   add    esi,0x1
   0x8061ab6:   mov    DWORD PTR [esp+0x4],0x80a30ba
   0x8061abe:   mov    DWORD PTR [esp],0x1
   0x8061ac5:   mov    DWORD PTR [esp+0x8],eax
[------------------------------------stack-------------------------------------]
0000| 0xbfffed90 --> 0x1 
0004| 0xbfffed94 --> 0x80a30ba ("%02x")
0008| 0xbfffed98 --> 0x0 
0012| 0xbfffed9c --> 0xffffffff  <--- integer overflow
0016| 0xbfffeda0 --> 0x809e480 ("NT_GNU_BUILD_ID (unique build ID bitstring)")
0020| 0xbfffeda4 --> 0x18 
0024| 0xbfffeda8 --> 0x1 
0028| 0xbfffedac --> 0x1 
[------------------------------------------------------------------------------]
Legend: code, data, rodata, value
Stopped reason: SIGSEGV
0x08061ab0 in ?? ()

-- 
You are receiving this mail because:
You are on the CC list for the bug.