bug-binutils
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Bug binutils/21343] New: readelf: heap-based buffer overflow in byte_ge


From: ago at gentoo dot org
Subject: [Bug binutils/21343] New: readelf: heap-based buffer overflow in byte_get_little_endian (elfcomm.c)
Date: Sat, 01 Apr 2017 19:01:33 +0000

https://sourceware.org/bugzilla/show_bug.cgi?id=21343

            Bug ID: 21343
           Summary: readelf: heap-based buffer overflow in
                    byte_get_little_endian (elfcomm.c)
           Product: binutils
           Version: 2.28
            Status: UNCONFIRMED
          Severity: normal
          Priority: P2
         Component: binutils
          Assignee: unassigned at sourceware dot org
          Reporter: ago at gentoo dot org
  Target Milestone: ---

Hello,

on binutils 2.28, compiled with clang-4:

# readelf -a $FILE
==20283==ERROR: AddressSanitizer: heap-buffer-overflow on address
0x602000000053 at pc 0x00000064c022 bp 0x7ffdc9b780d0 sp 0x7ffdc9b780c8
READ of size 1 at 0x602000000053 thread T0
    #0 0x64c021 in byte_get_little_endian
/tmp/portage/sys-devel/binutils-2.28/work/binutils-2.28/binutils/elfcomm.c:150:26

Reproducer:
https://github.com/asarubbo/poc/blob/master/00257-binutils-readelf-heapoverflow-byte_get_little_endian


FTR: This bug is confirmed on master.

-- 
You are receiving this mail because:
You are on the CC list for the bug.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]