This is the mail archive of the
elfutils-devel@sourceware.org
mailing list for the elfutils project.
Re: out-of-bounds read / crash in elfutils tools (readelf, nm, ...) with malformed file
- From: Mark Wielaard <mjw at redhat dot com>
- To: elfutils-devel at lists dot fedorahosted dot org
- Date: Fri, 07 Nov 2014 16:45:07 +0100
- Subject: Re: out-of-bounds read / crash in elfutils tools (readelf, nm, ...) with malformed file
On Fri, 2014-11-07 at 16:32 +0100, Hanno Böck wrote:
> Am Fri, 07 Nov 2014 12:58:07 +0100
> schrieb Mark Wielaard <mjw@redhat.com>:
> > > > Thanks. If you have any other examples please do report them.
> > >
> > > Ten to crash readelf -a attached, according to american-fuzzy-lop
> > > all distinct code paths.
> >
> > Thanks. eu-readelf didn't sanitize the hash section data before use.
> > The attached patch should fix that.
>
> Fixes some of them but not all.
> Still crashers:
> id:000053,src:000000,op:flip1,pos:879
> id:000054,src:000000,op:flip1,pos:885
Those seem fine for me. How do they crash for you? Could you run under
gdb and provide a backtrace?
Thanks,
Mark