This is the mail archive of the mailing list for the elfutils project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: Bugzilla component missing and another (minor) fuzzing-related bug report

On 2015-06-23 18:44, Hanno Böck wrote:
> The elfutils webpage says:
> "To report bugs: please open a ​bugzilla report against the elfutils
> component."
> However it seems the redhat bugzilla doesn't have an elfutils
> component. Therefore I'm reporting it here, hope that's okay.

IIRC, to find elfutils, you have to choose Fedora as a product in bugzilla.

> The attached file will cause a huge malloc allocation with elfutils' nm
> tool. This will crash if you try to run it with address sanitizer.
> The reason is likely that nm will try to allocate space for something
> based on the header value - no matter if that value makes any sense. A
> sanity check that checks in such cases if the file itself is smaller
> than the supposedly allocated memory could avoid that.

I've reported several similar issues before. Mark replied:

"I believe the "Argument 'size' of function malloc has a fishy (possibly 
negative) value" in dwarf_begin_elf.c (check_section) is correct, but 
harmless. We do check the value doesn't actually overflow, the 
allocation will likely fail, but that is also checked."

Specifically about nm -- .

Alexander Cherepanov

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]