Bug 5011 - Crash in readelf from binutils 2.18
Summary: Crash in readelf from binutils 2.18
Status: RESOLVED FIXED
Alias: None
Product: binutils
Classification: Unclassified
Component: binutils (show other bugs)
Version: 2.18
: P2 normal
Target Milestone: ---
Assignee: unassigned
URL:
Keywords:
: 5013 (view as bug list)
Depends on:
Blocks:
 
Reported: 2007-09-08 14:28 UTC by Chris Rohlf
Modified: 2007-09-10 09:06 UTC (History)
1 user (show)

See Also:
Host:
Target:
Build:
Last reconfirmed:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Chris Rohlf 2007-09-08 14:28:06 UTC 
I found a repeatable denial of service crash in readelf
while fuzzing with some ELF objects the other day. Here is
the GDB trace:

...
Program received signal SIGSEGV, Segmentation fault.
0x08069c99 in byte_get_little_endian (field=0x8d784b8 <Address 0x8d784b8 out of
bounds>, size=4) at dwarf.c:68
68            return  ((unsigned long) (field[0]))
(gdb) bt
#0  0x08069c99 in byte_get_little_endian (field=0x8d784b8 <Address 0x8d784b8 out
of bounds>, size=4) at dwarf.c:68
#1  0x0805bbfb in process_version_sections (file=0x8088058) at readelf.c:6596
#2  0x0806264e in process_object (file_name=<value optimized out>,
file=0x8088058) at readelf.c:9599
#3  0x08064eae in main (argc=Cannot access memory at address 0xcf0010
...

You can find the elf object at http://www.structsoftware.net/elf-crashes-readelf

- chris
Comment 2 Alan Modra 2007-09-10 09:06:32 UTC 
*** Bug 5013 has been marked as a duplicate of this bug. ***