[Bug binutils/15158] New: readelf/objdump invalid memory accesses

bug-binutils

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Bug binutils/15158] New: readelf/objdump invalid memory accesses

From:	paul.marinescu at imperial dot ac.uk
Subject:	[Bug binutils/15158] New: readelf/objdump invalid memory accesses
Date:	Tue, 19 Feb 2013 11:14:44 +0000

http://sourceware.org/bugzilla/show_bug.cgi?id=15158

             Bug #: 15158
           Summary: readelf/objdump invalid memory accesses
           Product: binutils
           Version: 2.23
            Status: NEW
          Severity: normal
          Priority: P2
         Component: binutils
        AssignedTo: address@hidden
        ReportedBy: address@hidden
    Classification: Unclassified


Created attachment 6879
  --> http://sourceware.org/bugzilla/attachment.cgi?id=6879
reproduce using valgrind readelf -wR input.o

readelf and objdump may access invalid memory (off-by-one as far as I could
see) on some broken inputs. I attached one such input. On version
2.23.52.20130219, 64bit machine, Valgrind reports

==21834== Command: binutils/readelf -wR input.o
==21834== 
==21834== Invalid read of size 1
==21834==    at 0x4238B6: process_abbrev_section.part.7 (dwarf.c:638)
==21834==    by 0x429945: process_debug_info (dwarf.c:615)
==21834==    by 0x429A37: load_debug_info (dwarf.c:2327)
==21834==    by 0x429D9E: display_debug_ranges (dwarf.c:4523)
==21834==    by 0x41D423: process_section_contents (readelf.c:10985)
==21834==    by 0x41EB11: process_object (readelf.c:13707)
==21834==    by 0x420E9B: main (readelf.c:14078)
==21834==  Address 0x4c29862 is 0 bytes after a block of size 18 alloc'd
==21834==    at 0x4A074CD: malloc (vg_replace_malloc.c:236)
==21834==    by 0x402C2C: get_data (readelf.c:325)
==21834==    by 0x4133E8: load_specific_debug_section (readelf.c:10869)
==21834==    by 0x428C76: process_debug_info (dwarf.c:2008)
==21834==    by 0x429A37: load_debug_info (dwarf.c:2327)
==21834==    by 0x429D9E: display_debug_ranges (dwarf.c:4523)
==21834==    by 0x41D423: process_section_contents (readelf.c:10985)
==21834==    by 0x41EB11: process_object (readelf.c:13707)
==21834==    by 0x420E9B: main (readelf.c:14078)
==21834== 
==21834== Invalid read of size 1
==21834==    at 0x4237F0: read_leb128 (dwarf.c:208)
==21834==    by 0x42391D: process_abbrev_section.part.7 (dwarf.c:646)
==21834==    by 0x429945: process_debug_info (dwarf.c:615)
==21834==    by 0x429A37: load_debug_info (dwarf.c:2327)
==21834==    by 0x429D9E: display_debug_ranges (dwarf.c:4523)
==21834==    by 0x41D423: process_section_contents (readelf.c:10985)
==21834==    by 0x41EB11: process_object (readelf.c:13707)
==21834==    by 0x420E9B: main (readelf.c:14078)
==21834==  Address 0x4c29863 is 1 bytes after a block of size 18 alloc'd
==21834==    at 0x4A074CD: malloc (vg_replace_malloc.c:236)
==21834==    by 0x402C2C: get_data (readelf.c:325)
==21834==    by 0x4133E8: load_specific_debug_section (readelf.c:10869)
==21834==    by 0x428C76: process_debug_info (dwarf.c:2008)
==21834==    by 0x429A37: load_debug_info (dwarf.c:2327)
==21834==    by 0x429D9E: display_debug_ranges (dwarf.c:4523)
==21834==    by 0x41D423: process_section_contents (readelf.c:10985)
==21834==    by 0x41EB11: process_object (readelf.c:13707)
==21834==    by 0x420E9B: main (readelf.c:14078)
==21834== 
==21834== Invalid read of size 1
==21834==    at 0x4237F0: read_leb128 (dwarf.c:208)
==21834==    by 0x423936: process_abbrev_section.part.7 (dwarf.c:649)
==21834==    by 0x429945: process_debug_info (dwarf.c:615)
==21834==    by 0x429A37: load_debug_info (dwarf.c:2327)
==21834==    by 0x429D9E: display_debug_ranges (dwarf.c:4523)
==21834==    by 0x41D423: process_section_contents (readelf.c:10985)
==21834==    by 0x41EB11: process_object (readelf.c:13707)
==21834==    by 0x420E9B: main (readelf.c:14078)
==21834==  Address 0x4c29864 is 2 bytes after a block of size 18 alloc'd
==21834==    at 0x4A074CD: malloc (vg_replace_malloc.c:236)
==21834==    by 0x402C2C: get_data (readelf.c:325)
==21834==    by 0x4133E8: load_specific_debug_section (readelf.c:10869)
==21834==    by 0x428C76: process_debug_info (dwarf.c:2008)
==21834==    by 0x429A37: load_debug_info (dwarf.c:2327)
==21834==    by 0x429D9E: display_debug_ranges (dwarf.c:4523)
==21834==    by 0x41D423: process_section_contents (readelf.c:10985)
==21834==    by 0x41EB11: process_object (readelf.c:13707)
==21834==    by 0x420E9B: main (readelf.c:14078)
==21834== 
readelf: Error: .debug_abbrev section not zero terminated
readelf: Warning: DIE at offset c refers to abbreviation number 16 which does
not exist
readelf: Warning: Unable to load/parse the .debug_info section, so cannot
interpret the .debug_ranges section.
==21834== 
==21834== HEAP SUMMARY:
==21834==     in use at exit: 0 bytes in 0 blocks
==21834==   total heap usage: 94 allocs, 94 frees, 16,970 bytes allocated
==21834== 
==21834== All heap blocks were freed -- no leaks are possible
==21834== 
==21834== For counts of detected and suppressed errors, rerun with: -v
==21834== ERROR SUMMARY: 3 errors from 3 contexts (suppressed: 2 from 2)

-- 
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

[Prev in Thread]

Current Thread

[Next in Thread]

[Bug binutils/15158] New: readelf/objdump invalid memory accesses, paul.marinescu at imperial dot ac.uk <=

Prev by Date: [Bug binutils/15157] New: readelf crash (double free?)
Next by Date: [Bug binutils/15159] New: binutils lacks Intel SMAP support (clac and stac instructions)
Previous by thread: [Bug binutils/15157] New: readelf crash (double free?)
Next by thread: [Bug binutils/15159] New: binutils lacks Intel SMAP support (clac and stac instructions)
Index(es):
- Date
- Thread