[Bug libdw/24398] New: An invalid address deference problem was discovered in the print_debug_macinfo_section function __libdw_next_unit in libdw/dwarf_filesrc.c in libdw

wcventure at 126 dot com sourceware-bugzilla@sourceware.org
Fri Mar 29 06:23:00 GMT 2019


https://sourceware.org/bugzilla/show_bug.cgi?id=24398

            Bug ID: 24398
           Summary: An invalid address deference problem was discovered in
                    the print_debug_macinfo_section function
                    __libdw_next_unit in libdw/dwarf_filesrc.c in libdw
           Product: elfutils
           Version: unspecified
            Status: UNCONFIRMED
          Severity: normal
          Priority: P2
         Component: libdw
          Assignee: unassigned at sourceware dot org
          Reporter: wcventure at 126 dot com
                CC: elfutils-devel at sourceware dot org
  Target Milestone: ---

Created attachment 11709
  --> https://sourceware.org/bugzilla/attachment.cgi?id=11709&action=edit
POC

Hi, 

An invalid address deference problem was discovered in the
print_debug_macinfo_section function __libdw_next_unit in libdw/dwarf_filesrc.c
in libdw, as distributed in Elfutils 0.176(release version). A crafted ELF
input can cause segment faults and I have confirmed them with address sanitizer
too.

Here are the POC files. Please use "./eu-readelf -w $POC" to reproduce the
error.

> ASAN:SIGSEGV
> =================================================================
> ==7264==ERROR: AddressSanitizer: SEGV on unknown address 0x02007c2b0d91 (pc 0x7fe377095ed7 bp 0x7fff0ae365f0 sp 0x7fff0ae36380 T0)
>     #0 0x7fe377095ed6 in dwarf_filesrc /elfutils-0.176/libdw/dwarf_filesrc.c:41
>     #1 0x435ca5 in print_debug_macinfo_section /elfutils-0.176/src/readelf.c:9701
>     #2 0x4553a6 in print_debug /elfutils-0.176/src/readelf.c:11222
>     #3 0x45c74e in process_elf_file /elfutils-0.176/src/readelf.c:998
>     #4 0x4639cf in process_dwflmod /elfutils-0.176/src/readelf.c:760
>     #5 0x7fe3771220b8 in dwfl_getmodules /elfutils-0.176/libdwfl/dwfl_getmodules.c:86
>     #6 0x40c28b in process_file /elfutils-0.176/src/readelf.c:868
>     #7 0x405a8a in main /elfutils-0.176/src/readelf.c:350
>     #8 0x7fe3767ac82f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
>     #9 0x406cd8 in _start (/elfutils-0.176_ASAN/build/bin/eu-readelf+0x406cd8)
> 
> AddressSanitizer can not provide additional info.
> SUMMARY: AddressSanitizer: SEGV /elfutils-0.176/libdw/dwarf_filesrc.c:41 dwarf_filesrc
> ==7264==ABORTING

-- 
You are receiving this mail because:
You are on the CC list for the bug.


More information about the Elfutils-devel mailing list