Created attachment 12470 [details] PoC Hi, A general protection fault was discovered in the latest commit 1a9fe4b of elfutils 0.179, as demonstrated by eu-readelf, that can cause a denial of service via a crafted file. To reproduce: eu-readelf -a PoC Valgrind says: ==3222== Process terminating with default action of signal 11 (SIGSEGV) ==3222== General Protection Fault ==3222== at 0x4124AB: handle_gnu_hash (readelf.c:3430) ==3222== by 0x4124AB: handle_hash (readelf.c:3501) ==3222== by 0x45EA8B: process_elf_file (readelf.c:1012) ==3222== by 0x465129: process_dwflmod (readelf.c:790) ==3222== by 0x4FCC888: dwfl_getmodules (dwfl_getmodules.c:86) ==3222== by 0x4094D5: process_file (readelf.c:898) ==3222== by 0x404D1E: main (readelf.c:372) Thanks, Manh Dung
Sorry, I cannot replicate this on either x86_64 or i686. Running the reproducer under valgrind doesn't show any issues. Could you provide more details how you configured and build the binary? How exactly are you invoking it and what exactly is the complete output?
Created attachment 12479 [details] Valgrind's output
Hi Mark, I use Ubuntu 16.04 64 bit. I recompile elf-utils using gcc 5.5.0 and I cannot reproduce the bug. However, compiling elf-utils using afl-gcc of AFL version 2.52b can trigger the bug (please see the attached log of Valgrind). Thus, I think this bug is probably triggered due to a different compiler that I've tested. Best, Manh Dung
Sorry, I cannot replicate even when building elfutils with CC=afl-gcc, with or without AFL_HARDEN=1. Could you provide more information on how exactly you configure, build and run.
So I think you can savely close this issue if you cannot reproduce the bug on your side. The root cause is probably due to my hardware specifics. Thanks, MD
OK, closed for now. Thanks.