This is the mail archive of the
elfutils-devel@sourceware.org
mailing list for the elfutils project.
Re: Bugzilla component missing and another (minor) fuzzing-related bug report
- From: Alexander Cherepanov <ch3root at openwall dot com>
- To: elfutils-devel at lists dot fedorahosted dot org
- Date: Wed, 24 Jun 2015 00:12:45 +0300
- Subject: Re: Bugzilla component missing and another (minor) fuzzing-related bug report
On 2015-06-23 18:44, Hanno Böck wrote:
> The elfutils webpage says:
> "To report bugs: please open a bugzilla report against the elfutils
> component."
>
> However it seems the redhat bugzilla doesn't have an elfutils
> component. Therefore I'm reporting it here, hope that's okay.
IIRC, to find elfutils, you have to choose Fedora as a product in bugzilla.
> The attached file will cause a huge malloc allocation with elfutils' nm
> tool. This will crash if you try to run it with address sanitizer.
>
> The reason is likely that nm will try to allocate space for something
> based on the header value - no matter if that value makes any sense. A
> sanity check that checks in such cases if the file itself is smaller
> than the supposedly allocated memory could avoid that.
I've reported several similar issues before. Mark replied:
"I believe the "Argument 'size' of function malloc has a fishy (possibly
negative) value" in dwarf_begin_elf.c (check_section) is correct, but
harmless. We do check the value doesn't actually overflow, the
allocation will likely fail, but that is also checked."
https://bugzilla.redhat.com/show_bug.cgi?id=1170810#c6
Specifically about nm --
https://bugzilla.redhat.com/show_bug.cgi?id=1170810#c40 .
--
Alexander Cherepanov