[Bug libdw/24398] New: An invalid address deference problem was discovered in the print_debug_macinfo_section function __libdw_next_unit in libdw/dwarf_filesrc.c in libdw
wcventure at 126 dot com
sourceware-bugzilla@sourceware.org
Fri Mar 29 06:23:00 GMT 2019
https://sourceware.org/bugzilla/show_bug.cgi?id=24398
Bug ID: 24398
Summary: An invalid address deference problem was discovered in
the print_debug_macinfo_section function
__libdw_next_unit in libdw/dwarf_filesrc.c in libdw
Product: elfutils
Version: unspecified
Status: UNCONFIRMED
Severity: normal
Priority: P2
Component: libdw
Assignee: unassigned at sourceware dot org
Reporter: wcventure at 126 dot com
CC: elfutils-devel at sourceware dot org
Target Milestone: ---
Created attachment 11709
--> https://sourceware.org/bugzilla/attachment.cgi?id=11709&action=edit
POC
Hi,
An invalid address deference problem was discovered in the
print_debug_macinfo_section function __libdw_next_unit in libdw/dwarf_filesrc.c
in libdw, as distributed in Elfutils 0.176(release version). A crafted ELF
input can cause segment faults and I have confirmed them with address sanitizer
too.
Here are the POC files. Please use "./eu-readelf -w $POC" to reproduce the
error.
> ASAN:SIGSEGV
> =================================================================
> ==7264==ERROR: AddressSanitizer: SEGV on unknown address 0x02007c2b0d91 (pc 0x7fe377095ed7 bp 0x7fff0ae365f0 sp 0x7fff0ae36380 T0)
> #0 0x7fe377095ed6 in dwarf_filesrc /elfutils-0.176/libdw/dwarf_filesrc.c:41
> #1 0x435ca5 in print_debug_macinfo_section /elfutils-0.176/src/readelf.c:9701
> #2 0x4553a6 in print_debug /elfutils-0.176/src/readelf.c:11222
> #3 0x45c74e in process_elf_file /elfutils-0.176/src/readelf.c:998
> #4 0x4639cf in process_dwflmod /elfutils-0.176/src/readelf.c:760
> #5 0x7fe3771220b8 in dwfl_getmodules /elfutils-0.176/libdwfl/dwfl_getmodules.c:86
> #6 0x40c28b in process_file /elfutils-0.176/src/readelf.c:868
> #7 0x405a8a in main /elfutils-0.176/src/readelf.c:350
> #8 0x7fe3767ac82f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
> #9 0x406cd8 in _start (/elfutils-0.176_ASAN/build/bin/eu-readelf+0x406cd8)
>
> AddressSanitizer can not provide additional info.
> SUMMARY: AddressSanitizer: SEGV /elfutils-0.176/libdw/dwarf_filesrc.c:41 dwarf_filesrc
> ==7264==ABORTING
--
You are receiving this mail because:
You are on the CC list for the bug.
More information about the Elfutils-devel
mailing list