This is the mail archive of the
elfutils-devel@sourceware.org
mailing list for the elfutils project.
[Bug libdw/23541] New: heap-buffer-overflow in /elfutils/libdw/dwarf_getaranges.c:156
- From: "wcventure at 126 dot com" <sourceware-bugzilla at sourceware dot org>
- To: elfutils-devel at sourceware dot org
- Date: Thu, 16 Aug 2018 22:36:24 +0000
- Subject: [Bug libdw/23541] New: heap-buffer-overflow in /elfutils/libdw/dwarf_getaranges.c:156
- Auto-submitted: auto-generated
https://sourceware.org/bugzilla/show_bug.cgi?id=23541
Bug ID: 23541
Summary: heap-buffer-overflow in
/elfutils/libdw/dwarf_getaranges.c:156
Product: elfutils
Version: unspecified
Status: UNCONFIRMED
Severity: normal
Priority: P2
Component: libdw
Assignee: unassigned at sourceware dot org
Reporter: wcventure at 126 dot com
CC: elfutils-devel at sourceware dot org
Target Milestone: ---
Created attachment 11189
--> https://sourceware.org/bugzilla/attachment.cgi?id=11189&action=edit
addr2line -e @@ -- 500 50 10 -1000
When executing "./eu-addr2line -e @@ -- 500 50 10 -1000", AddressSanitizer
catch a heap-buffer-overflow crash.
117833==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60200000edbb
at pc 0x7fde94ff95ed bp 0x7fff4f475910 sp 0x7fff4f475900
READ of size 1 at 0x60200000edbb thread T0
#0 0x7fde94ff95ec in dwarf_getaranges
/home/wcventure/Documents/Cproject/elfutils/libdw/dwarf_getaranges.c:156
#1 0x7fde95091c6f in addrarange
/home/wcventure/Documents/Cproject/elfutils/libdwfl/cu.c:54
#2 0x7fde95091c6f in __libdwfl_addrcu
/home/wcventure/Documents/Cproject/elfutils/libdwfl/cu.c:313
#3 0x7fde95098b5e in dwfl_module_getsrc
/home/wcventure/Documents/Cproject/elfutils/libdwfl/dwfl_module_getsrc.c:44
#4 0x40461c in handle_address
/home/wcventure/Documents/Cproject/elfutils/src/addr2line.c:680
#5 0x40263b in main
/home/wcventure/Documents/Cproject/elfutils/src/addr2line.c:197
#6 0x7fde9459282f in __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
#7 0x402c08 in _start
(/home/wcventure/Documents/Cproject/elfutils/build/bin/eu-addr2line+0x402c08)
0x60200000edbb is located 0 bytes to the right of 11-byte region
[0x60200000edb0,0x60200000edbb)
allocated by thread T0 here:
#0 0x7fde953cc602 in malloc
(/usr/lib/x86_64-linux-gnu/libasan.so.2+0x98602)
#1 0x7fde94d10ce8 in convert_data
/home/wcventure/Documents/Cproject/elfutils/libelf/elf_getdata.c:164
#2 0x7fde94d10ce8 in __libelf_set_data_list_rdlock
/home/wcventure/Documents/Cproject/elfutils/libelf/elf_getdata.c:431
SUMMARY: AddressSanitizer: heap-buffer-overflow
/home/wcventure/Documents/Cproject/elfutils/libdw/dwarf_getaranges.c:156
dwarf_getaranges
Shadow bytes around the buggy address:
0x0c047fff9d60: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c047fff9d70: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c047fff9d80: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c047fff9d90: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c047fff9da0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
=>0x0c047fff9db0: fa fa fa fa fa fa 00[03]fa fa 01 fa fa fa 00 01
0x0c047fff9dc0: fa fa 00 04 fa fa 00 04 fa fa 00 04 fa fa 00 04
0x0c047fff9dd0: fa fa 00 04 fa fa 00 04 fa fa 00 04 fa fa fd fa
0x0c047fff9de0: fa fa 00 04 fa fa 00 04 fa fa 00 04 fa fa 00 04
0x0c047fff9df0: fa fa 00 04 fa fa 00 04 fa fa 00 04 fa fa fd fa
0x0c047fff9e00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap right redzone: fb
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
==117833==ABORTING
--
You are receiving this mail because:
You are on the CC list for the bug.