[Bug binutils/25645] New: [readelf] Crash with -a -D option in byte_get

bug-binutils

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Bug binutils/25645] New: [readelf] Crash with -a -D option in byte_get_

From:	dkcjd2000 at gmail dot com
Subject:	[Bug binutils/25645] New: [readelf] Crash with -a -D option in byte_get_little_endian at elfcomm.c:148
Date:	Mon, 09 Mar 2020 08:56:21 +0000

https://sourceware.org/bugzilla/show_bug.cgi?id=25645

            Bug ID: 25645
           Summary: [readelf] Crash with -a -D option in
                    byte_get_little_endian at elfcomm.c:148
           Product: binutils
           Version: 2.34
            Status: UNCONFIRMED
          Severity: normal
          Priority: P2
         Component: binutils
          Assignee: unassigned at sourceware dot org
          Reporter: dkcjd2000 at gmail dot com
  Target Milestone: ---

Created attachment 12360
  --> https://sourceware.org/bugzilla/attachment.cgi?id=12360&action=edit
crash test case file

Hello,
I'm currently developing a new fuzzing feature, and I found a crash with
readelf.

It crashed in byte_get_little_endian at elfcomm.c:148.

I built it with Ubuntu 16.04 with gcc 5.4.0.

You can reproduce the crash with the following command:
./readelf -a -D <attached file>

The call stack of the crash is:
Program received signal SIGSEGV, Segmentation fault.
0x000000000046b56d in byte_get_little_endian (field=0x70d00c <error: Cannot
access memory at address 0x70d00c>, size=4) at elfcomm.c:148
148           return  ((unsigned long) (field[0]))
(gdb) bt
#0  0x000000000046b56d in byte_get_little_endian (field=0x70d00c <error: Cannot
access memory at address 0x70d00c>, size=4) at elfcomm.c:148
#1  0x000000000041e9ac in dump_ia64_vms_dynamic_fixups (filedata=0x6ed000,
fixup=0x7fffffffdd70, strtab=0x0, strtab_sz=0) at readelf.c:7114
#2  0x000000000041ef7d in process_ia64_vms_dynamic_relocs (filedata=0x6ed000)
at readelf.c:7219
#3  0x000000000041f244 in process_relocs (filedata=0x6ed000) at readelf.c:7316
#4  0x000000000043fd39 in process_object (filedata=0x6ed000) at readelf.c:19966
#5  0x0000000000440aa7 in process_archive (filedata=0x6ed000,
is_thin_archive=0) at readelf.c:20331
#6  0x0000000000440dae in process_file (file_name=0x7fffffffe5ce
"./readelf_byte_get_little_endian") at readelf.c:20399
#7  0x0000000000440fba in main (argc=4, argv=0x7fffffffe348) at readelf.c:20475

Thank you,
Ahcheong Lee

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Prev in Thread]

Current Thread

[Next in Thread]

[Bug binutils/25645] New: [readelf] Crash with -a -D option in byte_get_little_endian at elfcomm.c:148, dkcjd2000 at gmail dot com <=
- [Bug binutils/25645] [readelf] Crash with -a -D option in byte_get_little_endian at elfcomm.c:148, dkcjd2000 at gmail dot com, 2020/03/09
- [Bug binutils/25645] [readelf] Crash with -a -D option in byte_get_little_endian at elfcomm.c:148, amodra at gmail dot com, 2020/03/09
- [Bug binutils/25645] [readelf] Crash with -a -D option in byte_get_little_endian at elfcomm.c:148, amodra at gmail dot com, 2020/03/09

Prev by Date: [Bug ld/25617] ld should reconstruct dynamic symbol table from PT_DYNAMIC when there is no section header
Next by Date: [Bug binutils/25640] nm shows symbol as 'U' while showed as 'T'
Previous by thread: [Bug binutils/25644] New: binutils source package missing binutils.info file
Next by thread: [Bug binutils/25645] [readelf] Crash with -a -D option in byte_get_little_endian at elfcomm.c:148
Index(es):
- Date
- Thread