[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Bug binutils/24048] memory leaks in readelf
From: |
0x0keeper at gmail dot com |
Subject: |
[Bug binutils/24048] memory leaks in readelf |
Date: |
Mon, 31 Dec 2018 15:47:18 +0000 |
https://sourceware.org/bugzilla/show_bug.cgi?id=24048
--- Comment #2 from zerokeeper <0x0keeper at gmail dot com> ---
update,update!i'm so sorry.the second comment is bug 24049,i comment worng.
this first comment AddressSanitizer symbolize
==14781==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 528 byte(s) in 1 object(s) allocated from:
#0 0x7fc1cf81e602 in malloc
(/usr/lib/x86_64-linux-gnu/libasan.so.2+0x98602)
#1 0x555afc in xmalloc xmalloc.c:147
SUMMARY: AddressSanitizer: 528 byte(s) leaked in 1 allocation(s).
now i fuzz a new poc to memory leak in readelf.c:425
➜ binutils-2.31 ./binutils/readelf -a binutils-readelf--memory-leak-filedata
ELF Header:
Magic: 7f 45 4c 46 02 01 01 00 00 00 00 00 00 00 00 00
Class: ELF64
Data: 2's complement, little endian
Version: 1 (current)
OS/ABI: UNIX - System V
ABI Version: 0
Type: <unknown>: 1002
Machine: Advanced Micro Devices X86-64
Version: 0x1
Entry point address: 0x400720
Start of program headers: 64 (bytes into file)
Start of section headers: 28880 (bytes into file)
Flags: 0x0
Size of this header: 64 (bytes)
Size of program headers: 56 (bytes)
Number of program headers: 10
Size of section headers: 64 (bytes)
Number of section headers: 37
Section header string table index: 34
Section Headers:
[Nr] Name Type Address Offset
Size EntSize Flags Link Info Align
[ 0] NULL 0000000000000000 00000000
0000000000000000 0000000000000000 0 0 0
[ 1] .intÿ PROGBITS 0000000000400270 00000270
000000000000001c 0000000000000000 A 0 0 1
[ 2] .note.ABI-tag NOTE 000000000040028c 0000028c
0000000000000020 0000000000000000 A 0 0 4294967277
[ 3] .gnu.hash
...........
...........
Version symbols section '.gnu.version' contains 11 entries:
Addr: 0000000000400514 Offset: 0x000514 Link: 4 (.dynsym)
000: 0 (*local*) 0 (*local*) 0 (*local*) 2 (GLIBCXX_3.4)
004: 3 (GLIBC_2.2.5) 3 (GLIBC_2.2.5) 0 (*local*) 2 (GLIBCXX_3.4)
008: 0 (*local*) 2 (GLIBCXX_3.4) 2 (GLIBCXX_3.4)
Version needs section '.gnu.version_r' contains 2 entries:
Addr: 0x0000000000400530 Offset: 0x000530 Link: 5 (.dynstr)
000000: Version: 1 File: libc.so.6 Cnt: 1
0x0010: Name: GLIBC_2.2.5 Flags: none Version: 3
0x0020: Version: 1 File: libstdc++.so.6 Cnt: 1
0x0030: Name: GLIBCXX_3.4 Flags: none Version: 2
Displaying notes found in: .note.ABI-tag
readelf: Warning: Corrupt note: alignment 4294967277, expecting 4 or 8
=================================================================
==21374==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 33 byte(s) in 1 object(s) allocated from:
#0 0x7f8f21c8b602 in malloc
(/usr/lib/x86_64-linux-gnu/libasan.so.2+0x98602)
#1 0x425ffb in get_data /root/fuzz/binutils-2.31/binutils/readelf.c:425
SUMMARY: AddressSanitizer: 33 byte(s) leaked in 1 allocation(s).
here is code readelf.c:425
410
411 if (fseek (filedata->handle, archive_file_offset + offset, SEEK_SET))
412 {
413 if (reason)
414 error (_("Unable to seek to 0x%lx for %s\n"),
415 archive_file_offset + offset, reason);
416 return NULL;
417 }
418
419 mvar = var;
420 if (mvar == NULL)
421 {
422 /* Check for overflow. */
423 if (nmemb < (~(bfd_size_type) 0 - 1) / size)
424 /* + 1 so that we can '\0' terminate invalid string table
sections. */
425 mvar = malloc ((size_t) amt + 1);
426
427 if (mvar == NULL)
428 {
429 if (reason)
430 error (_("Out of memory allocating %s bytes for %s\n"),
431 bfd_vmatoa ("u", amt), reason);
432 return NULL;
433 }
--
You are receiving this mail because:
You are on the CC list for the bug.