[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Bug binutils/21437] heap-buffer-overflow in byte_get_little_endian (bin
|
From: |
brian.carpenter at gmail dot com |
|
Subject: |
[Bug binutils/21437] heap-buffer-overflow in byte_get_little_endian (binutils/elfcomm.c:148) |
|
Date: |
Thu, 27 Apr 2017 19:10:32 +0000 |
https://sourceware.org/bugzilla/show_bug.cgi?id=21437
--- Comment #3 from Brian 'geeknik' Carpenter <brian.carpenter at gmail dot
com> ---
Without AFL and ASan:
valgrind -q binutils/readelf -a ../test000
ELF Header:
Magic: 7f 45 4c 46 30 30 30 30 30 30 30 30 ff ff ff ff
Class: <unknown: 30>
Data: <unknown: 30>
Version: 48 <unknown: %lx>
OS/ABI: <unknown: 30>
ABI Version: 48
Type: <unknown>: 3030
Machine: <unknown>: 0x3030
Version: 0x30303030
Entry point address: 0x30303030
Start of program headers: 808464432 (bytes into file)
Start of section headers: 84 (bytes into file)
Flags: 0x30303030
Size of this header: 12336 (bytes)
Size of program headers: 12336 (bytes)
Number of program headers: 12336
Size of section headers: 40 (bytes)
Number of section headers: 4
Section header string table index: 12336 <corrupt: out of range>
readelf: Warning: Section 0 has an out of range sh_link value of 808464432
readelf: Warning: Section 1 has an out of range sh_link value of 808464432
readelf: Warning: Section 2 has an out of range sh_link value of 808464432
readelf: Warning: Section 3 has an out of range sh_link value of 808464432
Section Headers:
[Nr] Name Type Addr Off Size ES Flg Lk Inf
Al
readelf: Warning: [ 0]: Unexpected value (808464432) in info field.
readelf: Warning: Size of section 0 is larger than the entire file!
[ 0] <no-name> 30303030: <unkn 30303030 30303030 30303030 30303030
MSxxop 808464432 808464432 808464432
readelf: Warning: section 0: sh_link value of 808464432 is larger than the
number of sections
readelf: Warning: [ 1]: Link field (808464432) should index a string section.
[ 1] <no-name> VERDEF 30303030 000000 000030 30303030 MSxxop
808464432 808464432 808464432
readelf: Warning: section 1: sh_link value of 808464432 is larger than the
number of sections
readelf: Warning: [ 2]: Unexpected value (808464432) in info field.
readelf: Warning: Size of section 2 is larger than the entire file!
[ 2] <no-name> 30303030: <unkn 30303030 30303030 30303030 30303030
MSxxop 808464432 808464432 808464432
readelf: Warning: section 2: sh_link value of 808464432 is larger than the
number of sections
readelf: Warning: [ 3]: Unexpected value (808464432) in info field.
readelf: Warning: Size of section 3 is larger than the entire file!
[ 3] <no-name> 30303030: <unkn 30303030 30303030 30303030 30303030
MSxxop 808464432 808464432 808464432
readelf: Warning: section 3: sh_link value of 808464432 is larger than the
number of sections
Key to Flags:
W (write), A (alloc), X (execute), M (merge), S (strings), I (info),
L (link order), O (extra OS processing required), G (group), T (TLS),
C (compressed), x (unknown), o (OS specific), E (exclude),
p (processor specific)
There are no section groups in this file.
readelf: Error: Too many program headers - 0x3030 - the file is not that big
There is no dynamic section in this file.
There are no relocations in this file.
The decoding of unwind sections for machine type <unknown>: 0x3030 is not
currently supported.
Version definition section '<no-name>' contains 808464432 entries:
Addr: 0x0000000030303030 Offset: 00000000 Link: 808464432 (<corrupt>)
==4842== Invalid read of size 4
==4842== at 0x8087AE0: byte_get_little_endian (elfcomm.c:151)
==4842== by 0x805843B: process_version_sections (readelf.c:10189)
==4842== by 0x806E441: process_object (readelf.c:17788)
==4842== by 0x8049A2F: process_file (readelf.c:18183)
==4842== by 0x8049A2F: main (readelf.c:18255)
==4842== Address 0x4208bd7 is 1 bytes before a block of size 49 alloc'd
==4842== at 0x402E23C: malloc (in
/usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
==4842== by 0x804D314: get_data (readelf.c:392)
==4842== by 0x80582DE: process_version_sections (readelf.c:10137)
==4842== by 0x806E441: process_object (readelf.c:17788)
==4842== by 0x8049A2F: process_file (readelf.c:18183)
==4842== by 0x8049A2F: main (readelf.c:18255)
==4842==
000000: Rev: 17791 Flags: INFO | <unknown> Index: 12336 Cnt: 12336 Name
index: 1279622912
Version def aux past end of section
Version definition past end of section
readelf: Error: Too many program headers - 0x3030 - the file is not that big
--
You are receiving this mail because:
You are on the CC list for the bug.
- [Bug binutils/21437] New: heap-buffer-overflow in byte_get_little_endian (binutils/elfcomm.c:148), brian.carpenter at gmail dot com, 2017/04/26
- [Bug binutils/21437] heap-buffer-overflow in byte_get_little_endian (binutils/elfcomm.c:148), nickc at redhat dot com, 2017/04/27
- [Bug binutils/21437] heap-buffer-overflow in byte_get_little_endian (binutils/elfcomm.c:148), brian.carpenter at gmail dot com, 2017/04/27
- [Bug binutils/21437] heap-buffer-overflow in byte_get_little_endian (binutils/elfcomm.c:148),
brian.carpenter at gmail dot com <=
- [Bug binutils/21437] heap-buffer-overflow in byte_get_little_endian (binutils/elfcomm.c:148), nickc at redhat dot com, 2017/04/28
- [Bug binutils/21437] heap-buffer-overflow in byte_get_little_endian (binutils/elfcomm.c:148), nickc at redhat dot com, 2017/04/28
- [Bug binutils/21437] heap-buffer-overflow in byte_get_little_endian (binutils/elfcomm.c:148), cvs-commit at gcc dot gnu.org, 2017/04/28
- [Bug binutils/21437] heap-buffer-overflow in byte_get_little_endian (binutils/elfcomm.c:148), nickc at redhat dot com, 2017/04/28