Created attachment 10646 [details] poc of the crash Triggered by "./readelf -w $POC" Tested on Ubuntu 16.04 (x86) Segmentation fault occurred when processing malformed ELF file. The GDB debugging information is as follows: Program received signal SIGSEGV, Segmentation fault. 0x08049298 in load_debug_section (debug=str, data=0x8104908) at readelf.c:13584 13584 if (strs != NULL && strs->sh_size != 0) (gdb) bt #0 0x08049298 in load_debug_section (debug=str, data=0x8104908) at readelf.c:13584 #1 0x0809abcf in load_separate_debug_file (file=0x8104908, filename=0xbffff2b8 "/home/min/Downloads/load_debug_section") at dwarf.c:9839 #2 0x0805264f in process_object (filedata=0x8104908) at readelf.c:18569 #3 0x0804b079 in process_file (file_name=0xbffff2b8 "/home/min/Downloads/load_debug_section") at readelf.c:18991 #4 0x0804a42a in main (argc=3, argv=0xbffff0a4) at readelf.c:19050 Credits: Mingi Cho and Taekyoung Kwon of the Information Security Lab, Yonsei University.
The master branch has been updated by Nick Clifton <nickc@sourceware.org>: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=f425ec6600b69e39eb605f3128806ff688137ea8 commit f425ec6600b69e39eb605f3128806ff688137ea8 Author: Nick Clifton <nickc@redhat.com> Date: Thu Nov 30 10:25:01 2017 +0000 Prevent an illegal memory access in readelf when attempting to parse a corrupt ELF file. PR 22510 * readelf.c (load_debug_section): Fail if there are no section headers available.
Hi Mingi, Thanks for reporting this bug. I have checked in the obvious fix - a check for an absence of section headers before attempting to load any debug section: https://sourceware.org/ml/binutils/2017-11/msg00568.html Cheers Nick