[Bug binutils/30313] New: readelf: memory allocation failure (display

bug-binutils

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Bug binutils/30313] New: readelf: memory allocation failure (display_de

From:	youngseok.main at gmail dot com
Subject:	[Bug binutils/30313] New: readelf: memory allocation failure (display_debug_lines_decoded dwarf.c:5075)
Date:	Tue, 04 Apr 2023 08:30:13 +0000

https://sourceware.org/bugzilla/show_bug.cgi?id=30313

            Bug ID: 30313
           Summary: readelf: memory allocation failure
                    (display_debug_lines_decoded dwarf.c:5075)
           Product: binutils
           Version: 2.40
            Status: UNCONFIRMED
          Severity: normal
          Priority: P2
         Component: binutils
          Assignee: unassigned at sourceware dot org
          Reporter: youngseok.main at gmail dot com
  Target Milestone: ---

Created attachment 14804
  --> https://sourceware.org/bugzilla/attachment.cgi?id=14804&action=edit
poc_file used in command input

Our fuzzer found a large allocation of 89281220608 bytes in the latest readelf
executable.

**Command Input**
--deb=decodedline poc_file

poc_file is attached.

**Command Output**
readelf: Warning: Section 2 has an out of range sh_link value of 66
readelf: Warning: Section 4 has an out of range sh_info value of 134513376
readelf: Warning: Section 11 has an out of range sh_link value of 2188640256
readelf: Warning: Section 13 has an out of range sh_link value of 2191261696
readelf: Warning: Section 14 has an out of range sh_link value of 237
readelf: Warning: Section 15 has an out of range sh_link value of 251
readelf: Warning: Section 24 has an out of range sh_link value of 1616928864
readelf: Warning: Section 24 has an out of range sh_info value of 1616928864
readelf: Warning: Section 25 has an out of range sh_link value of 1616928864
readelf: Warning: Section 25 has an out of range sh_info value of 1616922976
readelf: Error: Unable to find program interpreter name
readelf: Warning: Corrupt debuglink section:
readelf: Warning: Corrupt debuglink section:
readelf: Warning: .debug_sup section is corrupt/empty
readelf: Warning: .note.gnu.build-id section is corrupt/empty
readelf: Warning: Section  is too small to contain a CU/TU header
readelf: Warning: Section  is too small to contain a CU/TU header
Contents of the .debug_line section:

readelf: Warning: Only DWARF version 2, 3, 4 and 5 line info is currently
supported.
Contents of the .debug_line section:

readelf: Warning: The length field (0x20) in the debug_line header is wrong -
the section is too small
Contents of the .debug_line section:

readelf: Warning: The length field (0x1c) in the debug_line header is wrong -
the section is too small

Section '.debug_line' has no debugging data.
Contents of the .debug_line section:

readelf: Warning: Only DWARF version 2, 3, 4 and 5 line info is currently
supported.
Contents of the .debug_line section:

readelf: Warning: Line range of 0 is invalid, using 1 instead
readelf: Error: read LEB value is too large to store in destination variable

**Sanitizer Dump**
==2131==AddressSanitizer CHECK failed:
../../../../src/libsanitizer/sanitizer_common/sanitizer_common.cc:118 "((0 &&
"unable to mmap")) != (0)" (0x0, 0x0)
    #0 0x7ffff6f01bf2  (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xe9bf2)
    #1 0x7ffff6f20575 in __sanitizer::CheckFailed(char const*, int, char
const*, unsigned long long, unsigned long long)
(/usr/lib/x86_64-linux-gnu/libasan.so.4+0x108575)
    #2 0x7ffff6f0b482  (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xf3482)
    #3 0x7ffff6f17895  (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xff895)
    #4 0x7ffff6e448f1  (/usr/lib/x86_64-linux-gnu/libasan.so.4+0x2c8f1)
    #5 0x7ffff6e3f04b  (/usr/lib/x86_64-linux-gnu/libasan.so.4+0x2704b)
    #6 0x7ffff6ef6cf0 in __interceptor_calloc
(/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdecf0)
    #7 0x55555578ab57 in xcalloc xmalloc.c:164
    #8 0x5555556b8a65 in display_debug_lines_decoded dwarf.c:5075
    #9 0x5555556bd140 in display_debug_lines dwarf.c:5712
    #10 0x555555675e25 in display_debug_section readelf.c:16375
    #11 0x555555676321 in process_section_contents readelf.c:16471
    #12 0x555555693871 in process_object readelf.c:22574
    #13 0x555555695b03 in process_file readelf.c:22997
    #14 0x555555695f62 in main readelf.c:23068
    #15 0x7ffff6a48c86 in __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x21c86)
    #16 0x55555561d749 in _start
(/home/youngseok/subjects/latest_asan_install/binutils/bin/readelf+0xc9749)

**Environment**
- OS: Ubuntu 18.04
- gcc: 7.5.0
- binutils: 2.40.50.20230404

binutils is built it address sanitizer. Here is the build script:
CFLAGS="-fsanitize=address -g -O0" CXXFLAGS="-fsanitize=address -g -O0" \
./configure --enable-targets=all

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Prev in Thread]

Current Thread

[Next in Thread]

[Bug binutils/30313] New: readelf: memory allocation failure (display_debug_lines_decoded dwarf.c:5075), youngseok.main at gmail dot com <=
- [Bug binutils/30313] readelf: memory allocation failure (display_debug_lines_decoded dwarf.c:5075), cvs-commit at gcc dot gnu.org, 2023/04/11
- [Bug binutils/30313] readelf: memory allocation failure (display_debug_lines_decoded dwarf.c:5075), nickc at redhat dot com, 2023/04/11

Prev by Date: [Bug binutils/30312] New: readelf: heap overflow (end_cu_tu_entry dwarf.c:10760)
Next by Date: Issue 57643 in oss-fuzz: binutils:fuzz_objdump: Use-of-uninitialized-value in floatformat_to_double
Previous by thread: [Bug binutils/30312] New: readelf: heap overflow (end_cu_tu_entry dwarf.c:10760)
Next by thread: [Bug binutils/30313] readelf: memory allocation failure (display_debug_lines_decoded dwarf.c:5075)
Index(es):
- Date
- Thread