[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Bug binutils/24273] An out-of-bounds read in bfd_hash_hash()
From: |
nickc at redhat dot com |
Subject: |
[Bug binutils/24273] An out-of-bounds read in bfd_hash_hash() |
Date: |
Thu, 28 Feb 2019 14:31:18 +0000 |
https://sourceware.org/bugzilla/show_bug.cgi?id=24273
Nick Clifton <nickc at redhat dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|UNCONFIRMED |RESOLVED
Resolution|--- |FIXED
--- Comment #3 from Nick Clifton <nickc at redhat dot com> ---
(In reply to Mingi Cho from comment #2)
Hi Mingi,
> CC=clang-5.0 CXX=clang++-5.0 CFLAGS="-m32 -g -O0 -fsanitize=address
> -fsanitize-recover=address" CXXFLAGS="-m32 -g -O0 -fsanitize=address
> -fsanitize-recover=address"
Ah, yes, I cannot build a toolchain configured that way. There is a
long standing problem with Fedora and 32-bit address sanitization:
==29514==Shadow memory range interleaves with an existing
memory mapping. ASan cannot proceed correctly. ABORTING.
Fortunately I was able to reproduce the problem using valgrind instead.
The bug is a nasty one - the corrupt file has the string table
index field in the ELF header pointing to a group section, whose
contents are of course not NUL-terminated. This leads to an
attempt to compute a hash value from an unterminated string which
then triggers the fault.
I have checked in a patch to fix the problem, by adding code to ensure
that if a string retrieved from the string section is not properly
terminated then an error value will be returned.
Cheers
Nick
--
You are receiving this mail because:
You are on the CC list for the bug.