readelf.c:17059)

brian.carpenter at gmail dot com Wed, 26 Apr 2017 20:14:44 -0700

https://sourceware.org/bugzilla/show_bug.cgi?id=21439


            Bug ID: 21439
           Summary: heap-buffer-overflow in print_gnu_build_attribute_name
                    (binutils/readelf.c:17059)
           Product: binutils
           Version: 2.29 (HEAD)
            Status: UNCONFIRMED
          Severity: critical
          Priority: P2
         Component: binutils
          Assignee: unassigned at sourceware dot org
          Reporter: brian.carpenter at gmail dot com
  Target Milestone: ---

Created attachment 10028
  --> https://sourceware.org/bugzilla/attachment.cgi?id=10028&action=edit
testcase

Triggered in 7a81a73 (27 April 2017). Compiled with afl-clang-fast on Debian 8
x64.

./readelf -a test001

<SNIP>

==5875==ERROR: AddressSanitizer: heap-buffer-overflow on address 0xb5d006b3 at
pc 0x081c2d95 bp 0xbfa4d8a8 sp 0xbfa4d89c
READ of size 2 at 0xb5d006b3 thread T0
    #0 0x81c2d94 in print_gnu_build_attribute_name
/root/binutils2/binutils/readelf.c:17059:28
    #1 0x81c2d94 in process_note /root/binutils2/binutils/readelf.c:17187
    #2 0x81c2d94 in process_notes_at /root/binutils2/binutils/readelf.c:17360
    #3 0x81822ec in process_note_sections
/root/binutils2/binutils/readelf.c:17494:10
    #4 0x81822ec in process_notes /root/binutils2/binutils/readelf.c:17529
    #5 0x81822ec in process_object /root/binutils2/binutils/readelf.c:17794
    #6 0x8155cdd in process_file /root/binutils2/binutils/readelf.c:18183:13
    #7 0x8155cdd in main /root/binutils2/binutils/readelf.c:18255
    #8 0xb7530275 in __libc_start_main
/build/glibc-4LXvX6/glibc-2.24/csu/../csu/libc-start.c:291
    #9 0x8060ec7 in _start (/root/binutils2/binutils/readelf+0x8060ec7)

0xb5d006b3 is located 0 bytes to the right of 3-byte region
[0xb5d006b0,0xb5d006b3)
allocated by thread T0 here:
    #0 0x811aa94 in __interceptor_malloc
(/root/binutils2/binutils/readelf+0x811aa94)
    #1 0x81bdbfb in process_notes_at
/root/binutils2/binutils/readelf.c:17345:20
    #2 0x81822ec in process_note_sections
/root/binutils2/binutils/readelf.c:17494:10
    #3 0x81822ec in process_notes /root/binutils2/binutils/readelf.c:17529
    #4 0x81822ec in process_object /root/binutils2/binutils/readelf.c:17794
    #5 0x8155cdd in process_file /root/binutils2/binutils/readelf.c:18183:13
    #6 0x8155cdd in main /root/binutils2/binutils/readelf.c:18255
    #7 0xb7530275 in __libc_start_main
/build/glibc-4LXvX6/glibc-2.24/csu/../csu/libc-start.c:291

SUMMARY: AddressSanitizer: heap-buffer-overflow
/root/binutils2/binutils/readelf.c:17059:28 in print_gnu_build_attribute_name

-- 
You are receiving this mail because:
You are on the CC list for the bug.
_______________________________________________
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils

[Bug binutils/21439] New: heap-buffer-overflow in print_gnu_build_attribute_name (binutils/readelf.c:17059)

Reply via email to