Created attachment 11425 [details] Triggered by “./readelf -aW poc0” version: binutils 2.31 Summary: There is an illegal READ memory access at binutils/readelf.c:8028(function slurp_hppa_unwind_table) that could cause crash in binutils 2.31. Description: The asan debug is as follows: $./readelf -aW POC0 ASAN:DEADLYSIGNAL ================================================================= ==112614==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7f41689057d9 bp 0x7fffc6885440 sp 0x7fffc6884ba0 T0) ==112614==The signal is caused by a READ memory access. ==112614==Hint: address points to the zero page. #0 0x7f41689057d8 (/usr/lib/x86_64-linux-gnu/libasan.so.4+0x5a7d8) #1 0x55eb6edc3485 in slurp_hppa_unwind_table /home/company/real/binutils-2.31/binutils/readelf.c:8028 #2 0x55eb6edc3485 in hppa_process_unwind /home/company/real/binutils-2.31/binutils/readelf.c:8115 #3 0x55eb6ede985c in process_unwind /home/company/real/binutils-2.31/binutils/readelf.c:9253 #4 0x55eb6ede985c in process_object /home/company/real/binutils-2.31/binutils/readelf.c:18822 #5 0x55eb6ed9daa9 in process_file /home/company/real/binutils-2.31/binutils/readelf.c:19259 #6 0x55eb6ed9daa9 in main /home/company/real/binutils-2.31/binutils/readelf.c:19318 #7 0x7f41684ec1c0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x211c0) #8 0x55eb6ed9e319 in _start (/home/company/real/binutils-2.31/install_asan/bin/readelf+0x98319) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV (/usr/lib/x86_64-linux-gnu/libasan.so.4+0x5a7d8) ==112614==ABORTING
The master branch has been updated by Alan Modra <amodra@sourceware.org>: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=726bd37d6c5d5013d34023044ed7cbbb01317978 commit 726bd37d6c5d5013d34023044ed7cbbb01317978 Author: Alan Modra <amodra@gmail.com> Date: Sat Dec 1 21:15:03 2018 +1030 PR23945, NULL pointer dereference in readelf.c:slurp_hppa_unwind_table PR 23945 * readelf.c (slurp_ia64_unwind_table): Don't call elf_ia64_reloc_type needlessly. (slurp_hppa_unwind_table): Use same range checks and error messages as slurp_ia64_unwind_table.
Fixed