This is the mail archive of the
elfutils-devel@sourceware.org
mailing list for the elfutils project.
Re: out-of-bounds read / crash in elfutils tools (readelf, nm, ...) with malformed file
- From: Mark Wielaard <mjw at redhat dot com>
- To: elfutils-devel at lists dot fedorahosted dot org
- Date: Mon, 10 Nov 2014 21:58:27 +0100
- Subject: Re: out-of-bounds read / crash in elfutils tools (readelf, nm, ...) with malformed file
On Sun, Nov 09, 2014 at 10:59:46PM +0100, Hanno Böck wrote:
> Am Sun, 09 Nov 2014 17:57:57 +0100
> schrieb Mark Wielaard <mjw@redhat.com>:
>
> > > , however here are three more in
> > > nm. Seems they only crash on 32 bit.
> >
> > I cannot get these to crash on either a fedora 20 x86_64 setup, nor
> > on a fedora 21-beta i686 setup. Could you run under gdb and provide a
> > backtrace?
> [...]
> Backtrace 2, id:000113,src:000000,op:flip32,pos:5474:
> Program received signal SIGSEGV, Segmentation fault.
> 0xf7dce3ab in __strcmp_ssse3 () from /lib32/libc.so.6
> (gdb) bt
> #0 0xf7dce3ab in __strcmp_ssse3 () from /lib32/libc.so.6
> #1 0xf7f6686d in ?? () from /usr/lib32/libdw.so.1
> #2 0xf7f66d80 in dwarf_begin_elf () from /usr/lib32/libdw.so.1
Note how here it seems to have picked up the system installed libdw.so.
Please make sure you setup LD_LIBRARY_PATH (should include backends,
libelf and libdw) correctly when running the tests.
I can only replicate your backtraces when using the system libelf/libdw,
not when running against lastest git master. e.g.
$ LD_LIBRARY_PATH=backends:libelf:libdw src/nm id\:000010\,src\:000000\,op\:flip1\,pos\:5556
Symbols from id:000010,src:000000,op:flip1,pos:5556:
Name Value Class Type Size Line Section
Thanks,
Mark