[Bug libelf/28666] memmove() reads out-of-range in elf32_xlatetom

[evvers at ya dot ru]

https://sourceware.org/bugzilla/show_bug.cgi?id=28666

--- Comment #8 from Evgeny Vereshchagin <evvers at ya dot ru> ---
Created attachment 13840
  --> https://sourceware.org/bugzilla/attachment.cgi?id=13840&action=edit
File triggering an "invalid read"

I've just added a file triggering that issue.

```
$ git describe
elfutils-0.186-20-g98e7adf7

autoreconf -i -f
./configure --enable-maintainer-mode
make -j$(nproc) V=1
$ DEBUGINFOD_URLS= LD_PRELOAD="./libelf/libelf.so ./libdw/libdw.so" valgrind
--leak-check=full ./src/stack --core
../crash-51ef1bcb1fbd741ff5fde645079625a8ed871225
==55019== Memcheck, a memory error detector
==55019== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==55019== Using Valgrind-3.18.1 and LibVEX; rerun with -h for copyright info
==55019== Command: ./src/stack --core
../crash-51ef1bcb1fbd741ff5fde645079625a8ed871225
==55019==
==55019== Invalid read of size 8
==55019==    at 0x484B214: memmove (vg_replace_strmem.c:1382)
==55019==    by 0x48585DF: memmove (string_fortified.h:36)
==55019==    by 0x48585DF: elf32_xlatetom (elf32_xlatetom.c:96)
==55019==    by 0x48C793A: dwfl_link_map_report (link_map.c:1013)
==55019==    by 0x48C8CA5: dwfl_core_file_report@@ELFUTILS_0.158
(core-file.c:548)
==55019==    by 0x402EC6: parse_opt (stack.c:595)
==55019==    by 0x4C4D591: argp_parse (in /usr/lib64/libc.so.6)
==55019==    by 0x4024EA: main (stack.c:695)
==55019==  Address 0x6026000 is not stack'd, malloc'd or (recently) free'd
==55019==
```

-- 
You are receiving this mail because:
You are on the CC list for the bug.