[Bug binutils/16723] New: Excessive memory usage

duretsimon73 at gmail dot com Tue, 18 Mar 2014 11:18:38 -0700

https://sourceware.org/bugzilla/show_bug.cgi?id=16723


            Bug ID: 16723
           Summary: Excessive memory usage
           Product: binutils
           Version: unspecified
            Status: NEW
          Severity: minor
          Priority: P2
         Component: binutils
          Assignee: unassigned at sourceware dot org
          Reporter: duretsimon73 at gmail dot com

Created attachment 7481
  --> https://sourceware.org/bugzilla/attachment.cgi?id=7481&action=edit
File wich cause the bug

Objdump and readelf have bug when handle malformed ELF file, with a bad
.gnu.version_r section.

Objdump use excessive memory when disassembly the malformed ELF file.
Readelf enter in infinite loop (or toooo long) when running with -V option.

readelf -S a.out | grep .gnu.version_r
[ 8] .gnu.version_r    VERNEED         08048914 000914 000080 00   A  6
15335426  4

Here is the backtrace of objdump when running under GDB :
gdb$ bt
#0  bfd_getl32 (p=0x81ad914) at libbfd.c:616
#1  0x080aabd8 in _bfd_elf_swap_verneed_in (abfd=abfd@entry=0x81a7920,
src=src@entry=0x81ad908, dst=dst@entry=0x9dcb8830) at elf.c:128
#2  0x080b2c94 in _bfd_elf_slurp_version_tables (abfd=abfd@entry=0x81a7920,
default_imported_symver=default_imported_symver@entry=0x0) at elf.c:7204
#3  0x080a707b in bfd_elf32_slurp_symbol_table (abfd=0x81a7920,
symptrs=0x81ad7d0, dynamic=0x1) at elfcode.h:1159
#4  0x080b251d in _bfd_elf_canonicalize_dynamic_symtab (abfd=0x81a7920,
allocation=0x81ad7d0) at elf.c:7069
#5  0x0804e292 in slurp_dynamic_symtab (abfd=0x81a7920) at ./objdump.c:599
#6  dump_bfd (abfd=abfd@entry=0x81a7920) at ./objdump.c:3231
#7  0x0804f14f in display_object_bfd (abfd=0x81a7920) at ./objdump.c:3312
#8  display_any_bfd (file=file@entry=0x81a7920, level=level@entry=0x0) at
./objdump.c:3386
#9  0x08050ecf in display_file (filename=0xbffffce8
"/home/tosh/TOSH_GIT/elfzz/vuln/objdump", target=<optimized out>) at
./objdump.c:3407
#10 0x0804bb90 in main (argc=0x3, argv=0xbffffb64) at ./objdump.c:3689


Here is the backtrace of readelf when running under GDB :
gdb$ bt
#0  0xb7fdd424 in __kernel_vsyscall ()
#1  0xb7ed12d3 in __write_nocancel () from /usr/lib/libc.so.6
#2  0xb7e65191 in _IO_new_file_write () from /usr/lib/libc.so.6
#3  0xb7e643ef in new_do_write () from /usr/lib/libc.so.6
#4  0xb7e6613e in __GI__IO_do_write () from /usr/lib/libc.so.6
#5  0xb7e664dd in __GI__IO_file_overflow () from /usr/lib/libc.so.6
#6  0xb7e6577b in __GI__IO_file_xsputn () from /usr/lib/libc.so.6
#7  0xb7e39bc2 in vfprintf () from /usr/lib/libc.so.6
#8  0xb7e4310f in printf () from /usr/lib/libc.so.6
#9  0x08057ad0 in process_version_sections (file=file@entry=0x80b0920) at
readelf.c:8908
#10 0x0806ad4f in process_object (file_name=file_name@entry=0xbffffce8
"/home/tosh/TOSH_GIT/elfzz/vuln/objdump", file=file@entry=0x80b0920) at
readelf.c:14275
#11 0x08049751 in process_file (file_name=0xbffffce8
"/home/tosh/TOSH_GIT/elfzz/vuln/objdump") at readelf.c:14648

File wich cause the bug is in attachment, for reproduce :
$ objdump -d a.out
$ readelf -V a.out

-- 
You are receiving this mail because:
You are on the CC list for the bug.

_______________________________________________
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils

[Bug binutils/16723] New: Excessive memory usage

Reply via email to