Created attachment 12033 [details] pocs and error messages When executing `./eu-unstrip $FILE ./stripped -o /dev/null`, there might be some crashes if elfutils is built with ASAN. e.g., invalid read at unstrip.c:1661, unstrip.c:1663, unstrip.c:444 and unstrip.c:774. The relevant files are attached. ASAN:DEADLYSIGNAL ================================================================= ==19829==ERROR: AddressSanitizer: SEGV on unknown address 0x1000802274a1 (pc 0x5555555673e7 bp 0x7fffffffbd10 sp 0x7fffffffa4e0 T0) ==19829==The signal is caused by a READ memory access. #0 0x5555555673e6 in copy_elided_sections /home/hongxu/FOT/Targets/elfutils/eu-asan/src/unstrip.c:1661 #1 0x55555556bea1 in handle_file /home/hongxu/FOT/Targets/elfutils/eu-asan/src/unstrip.c:2162 #2 0x55555556c760 in handle_explicit_files /home/hongxu/FOT/Targets/elfutils/eu-asan/src/unstrip.c:2227 #3 0x55555556f1f6 in main /home/hongxu/FOT/Targets/elfutils/eu-asan/src/unstrip.c:2562 #4 0x7ffff6596b96 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b96) #5 0x555555559a89 in _start (/home/hongxu/FOT/Targets/elfutils/eu-asan/install/bin/eu-unstrip+0x5a89) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV /home/hongxu/FOT/Targets/elfutils/eu-asan/src/unstrip.c:1661 in copy_elided_sections ==19829==ABORTING
Created attachment 12035 [details] more pocs
Comment on attachment 12035 [details] more pocs crashes with different backtraces
Created attachment 12047 [details] unstrip: Add various checks for bad input data eu-unstrip was clearly not written for bad ELF input files. Not surprisingly because it would be slightly odd to run it on untrusted input, which wasn't just stripped in two. But I have added a couple of robustness fixed that should at least not make it crash and give an error message that will hopefully explain what is wrong with the input files.
commit 90f4bb30381b0354b8b40cd09e68005713bfd69a (HEAD -> master, origin/master, origin/HEAD) Author: Mark Wielaard <mark@klomp.org> Date: Mon Oct 21 10:55:32 2019 +0200 unstrip: Add various checks for bad input data. There were various ways to crash eu-unstrip with bad ELF input data. Add various tests against bad data and allocate some structures on the heap instead of on the stack. https://sourceware.org/bugzilla/show_bug.cgi?id=25082 Signed-off-by: Mark Wielaard <mark@klomp.org>