bug-binutils
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Bug binutils/24273] An out-of-bounds read in bfd_hash_hash()


From: nickc at redhat dot com
Subject: [Bug binutils/24273] An out-of-bounds read in bfd_hash_hash()
Date: Thu, 28 Feb 2019 14:31:18 +0000

https://sourceware.org/bugzilla/show_bug.cgi?id=24273

Nick Clifton <nickc at redhat dot com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|UNCONFIRMED                 |RESOLVED
         Resolution|---                         |FIXED

--- Comment #3 from Nick Clifton <nickc at redhat dot com> ---
(In reply to Mingi Cho from comment #2)

Hi Mingi,

> CC=clang-5.0 CXX=clang++-5.0 CFLAGS="-m32 -g -O0 -fsanitize=address
> -fsanitize-recover=address" CXXFLAGS="-m32 -g -O0 -fsanitize=address
> -fsanitize-recover=address" 

Ah, yes, I cannot build a toolchain configured that way.  There is a 
long standing problem with Fedora and 32-bit address sanitization:

  ==29514==Shadow memory range interleaves with an existing 
  memory mapping. ASan cannot proceed correctly. ABORTING.

Fortunately I was able to reproduce the problem using valgrind instead.

The bug is a nasty one - the corrupt file has the string table
index field in the ELF header pointing to a group section, whose 
contents are of course not NUL-terminated.  This leads to an 
attempt to compute a hash value from an unterminated string which
then triggers the fault.

I have checked in a patch to fix the problem, by adding code to ensure
that if a string retrieved from the string section is not properly
terminated then an error value will be returned.

Cheers
  Nick

-- 
You are receiving this mail because:
You are on the CC list for the bug.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]