bug-binutils
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Bug binutils/23063] New: Crash in readelf (assertion failure)

From: thuanpv at comp dot nus.edu.sg
Subject: [Bug binutils/23063] New: Crash in readelf (assertion failure)
Date: Sat, 14 Apr 2018 01:27:31 +0000 
https://sourceware.org/bugzilla/show_bug.cgi?id=23063

            Bug ID: 23063
           Summary: Crash in readelf (assertion failure)
           Product: binutils
           Version: 2.31 (HEAD)
            Status: UNCONFIRMED
          Severity: normal
          Priority: P2
         Component: binutils
          Assignee: unassigned at sourceware dot org
          Reporter: thuanpv at comp dot nus.edu.sg
  Target Milestone: ---

Created attachment 10950
  --> https://sourceware.org/bugzilla/attachment.cgi?id=10950&action=edit
crash-inducing sample file

Dear all,

This bug was found with AFLSmart, an extension of AFL. Thanks also to Marcel
Böhme, Andrew Santosa and Alexandru Razvan Caciulescu. 

This bug was found on Ubuntu 16.04 64-bit & binutils was checked out from main
repository at git://sourceware.org/git/binutils-gdb.git. Its commit is
68e91e42492551e165b103d819c021c4953da10b (April 14 2018) 

To reproduce:
Download the attached file - crash2
readelf -aW crash2

Error message:

readelf: Warning: section 30: sh_link value of 234 is larger than the number of
sections
Key to Flags:
  W (write), A (alloc), X (execute), M (merge), S (strings), I (info),
  L (link order), O (extra OS processing required), G (group), T (TLS),
  C (compressed), x (unknown), o (OS specific), E (exclude),
  p (processor specific)

There are no section groups in this file.

Program Headers:
  Type           Offset   VirtAddr   PhysAddr   FileSiz MemSiz  Flg Align
  PHDR           0x000034 0x08048034 0x08048034 0x02420 0x00120 R E 0x4
readelf: Error: the PHDR segment is not covered by a LOAD segment
  INTERP         0x000054 0x08048000 0x08048000 0x005c4 0x005c4 R E 0x10f9
      [Requesting program interpreter: ]
  LOAD           0x000f08 0x08049f08 0x08049f08 0x0018d 0x00118 RW  0
readelf: Error: the segment's file size is larger than its memory size
  DYNAMIC        0x000f0a 0x00009f14 0x00170000 0x00000 0x00d00     0x45000009
readelf: Error: no .dynamic section in the dynamic segment
  NOTE           0x000168 0x08048168 0x20008168 0x00054 0x0fa44  W  0x4
  LOPROC+0x374e5 0x0004cc 0x1c041000 0x080484cc 0x0ec2c 0xe600002c R   0x4
  GNU_MBIND+0x2f 0xfc0000 0x00000062 0x00000000 0x00000 0x00000 RW  0xbcbcbcbc
  <unknown>: bcb 0xbcbcbcbc 0xbcbcbcbc 0xbcbcbcbc 0xbcbcbcbc 0xbcbcbcbc R  
0xbcbcbcbc
  <unknown>: bcb 0xbcbcbcbc 0xbcbcbcbc 0x6f732e78 0x0002e 0x00000 R  
0xd4110004

There is no dynamic section in this file.

There are no relocations in this file.

The decoding of unwind sections for machine type None is not currently
supported.

Symbol table '<no-strings>' contains 0 entries:
   Num:    Value  Size Type    Bind   Vis      Ndx Name

Symbol table '<no-strings>' contains 1 entry:
   Num:    Value  Size Type    Bind   Vis      Ndx Name
     0: 00000000 0x20003400 NOTYPE  LOCAL  INTERNAL [<other>: 8]  bad section
index[10240] <corrupt>

No version information found in this file.

Displaying notes found at file offset 0x00000168 with length 0x00000054:
  Owner                 Data size       Description
readelf: readelf.c:516: print_symbol: Assertion `width != 0' failed.
  !N�������������������������:Aborted


Valgrind says:

readelf: Error: the segment's file size is larger than its memory size
  DYNAMIC        0x000f0a 0x00009f14 0x00170000 0x00000 0x00d00     0x45000009
readelf: Error: no .dynamic section in the dynamic segment
  NOTE           0x000168 0x08048168 0x20008168 0x00054 0x0fa44  W  0x4
  LOPROC+0x374e5 0x0004cc 0x1c041000 0x080484cc 0x0ec2c 0xe600002c R   0x4
  GNU_MBIND+0x2f 0xfc0000 0x00000062 0x00000000 0x00000 0x00000 RW  0xbcbcbcbc
  <unknown>: bcb 0xbcbcbcbc 0xbcbcbcbc 0xbcbcbcbc 0xbcbcbcbc 0xbcbcbcbc R  
0xbcbcbcbc
  <unknown>: bcb 0xbcbcbcbc 0xbcbcbcbc 0x6f732e78 0x0002e 0x00000 R  
0xd4110004

There is no dynamic section in this file.

There are no relocations in this file.

The decoding of unwind sections for machine type None is not currently
supported.

Symbol table '<no-strings>' contains 0 entries:
   Num:    Value  Size Type    Bind   Vis      Ndx Name

Symbol table '<no-strings>' contains 1 entry:
   Num:    Value  Size Type    Bind   Vis      Ndx Name
     0: 00000000 0x20003400 NOTYPE  LOCAL  INTERNAL [<other>: 8]  bad section
index[10240] <corrupt>

No version information found in this file.

Displaying notes found at file offset 0x00000168 with length 0x00000054:
  Owner                 Data size       Description
readelf: readelf.c:516: print_symbol: Assertion `width != 0' failed.
  !N�������������������������:==14623== 
==14623== Process terminating with default action of signal 6 (SIGABRT)
==14623==    at 0x4E6F428: raise (raise.c:54)
==14623==    by 0x4E71029: abort (abort.c:89)
==14623==    by 0x4E67BD6: __assert_fail_base (assert.c:92)
==14623==    by 0x4E67C81: __assert_fail (assert.c:101)
==14623==    by 0x419C90: print_symbol (readelf.c:516)
==14623==    by 0x46B9F3: print_gnu_build_attribute_name (readelf.c:17896)
==14623==    by 0x46B9F3: process_note (readelf.c:17966)
==14623==    by 0x46B9F3: process_notes_at.part.58 (readelf.c:18166)
==14623==    by 0x4C728D: process_notes_at (readelf.c:18200)
==14623==    by 0x4C728D: process_corefile_note_segments (readelf.c:18196)
==14623==    by 0x4C728D: process_note_sections (readelf.c:18324)
==14623==    by 0x4C728D: process_notes (readelf.c:18337)
==14623==    by 0x4C728D: process_object (readelf.c:18695)
==14623==    by 0x404841: process_file (readelf.c:19104)
==14623==    by 0x404841: main (readelf.c:19163)

Thanks,

Thuan

-- 
You are receiving this mail because:
You are on the CC list for the bug.
reply via email to
[Prev in Thread] Current Thread [Next in Thread]