This is the mail archive of the mailing list for the elfutils project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: Bugzilla component missing and another (minor) fuzzing-related bug report

On 2015-06-24 11:14, Mark Wielaard wrote:
>>> The attached file will cause a huge malloc allocation with elfutils' nm
>>> tool. This will crash if you try to run it with address sanitizer.
>>> The reason is likely that nm will try to allocate space for something
>>> based on the header value - no matter if that value makes any sense. A
>>> sanity check that checks in such cases if the file itself is smaller
>>> than the supposedly allocated memory could avoid that.
>> I've reported several similar issues before. Mark replied:
>> "I believe the "Argument 'size' of function malloc has a fishy (possibly
>> negative) value" in dwarf_begin_elf.c (check_section) is correct, but
>> harmless. We do check the value doesn't actually overflow, the allocation
>> will likely fail, but that is also checked."
> But in this case as far as I know these kind of malloc argument checks
> are indeed just noise. We do check the results of malloc everywhere
> (or should at least). I might be wrong of course, or miss something
> subtle. So please do let me know if you think it is something to fix
> differently from how we handle it currently.

gcc doesn't support objects more than half the address space in size -- . So if you are 
malloc'ing >2GB on 32-bit platforms you should be concerned.

Alexander Cherepanov

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]