[Bug binutils/21343] New: readelf: heap-based buffer overflow in byte_get_little_endian (elfcomm.c)

ago at gentoo dot org Sat, 01 Apr 2017 12:02:00 -0700

https://sourceware.org/bugzilla/show_bug.cgi?id=21343


            Bug ID: 21343
           Summary: readelf: heap-based buffer overflow in
                    byte_get_little_endian (elfcomm.c)
           Product: binutils
           Version: 2.28
            Status: UNCONFIRMED
          Severity: normal
          Priority: P2
         Component: binutils
          Assignee: unassigned at sourceware dot org
          Reporter: ago at gentoo dot org
  Target Milestone: ---

Hello,

on binutils 2.28, compiled with clang-4:

# readelf -a $FILE
==20283==ERROR: AddressSanitizer: heap-buffer-overflow on address
0x602000000053 at pc 0x00000064c022 bp 0x7ffdc9b780d0 sp 0x7ffdc9b780c8
READ of size 1 at 0x602000000053 thread T0
    #0 0x64c021 in byte_get_little_endian
/tmp/portage/sys-devel/binutils-2.28/work/binutils-2.28/binutils/elfcomm.c:150:26

Reproducer:
https://github.com/asarubbo/poc/blob/master/00257-binutils-readelf-heapoverflow-byte_get_little_endian


FTR: This bug is confirmed on master.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
_______________________________________________
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils

[Bug binutils/21343] New: readelf: heap-based buffer overflow in byte_get_little_endian (elfcomm.c)

Reply via email to