https://sourceware.org/bugzilla/show_bug.cgi?id=25645
Bug ID: 25645
Summary: [readelf] Crash with -a -D option in
byte_get_little_endian at elfcomm.c:148
Product: binutils
Version: 2.34
Status: UNCONFIRMED
Severity: normal
Priority: P2
Component: binutils
Assignee: unassigned at sourceware dot org
Reporter: dkcjd2000 at gmail dot com
Target Milestone: ---
Created attachment 12360
--> https://sourceware.org/bugzilla/attachment.cgi?id=12360&action=edit
crash test case file
Hello,
I'm currently developing a new fuzzing feature, and I found a crash with
readelf.
It crashed in byte_get_little_endian at elfcomm.c:148.
I built it with Ubuntu 16.04 with gcc 5.4.0.
You can reproduce the crash with the following command:
./readelf -a -D <attached file>
The call stack of the crash is:
Program received signal SIGSEGV, Segmentation fault.
0x000000000046b56d in byte_get_little_endian (field=0x70d00c <error: Cannot
access memory at address 0x70d00c>, size=4) at elfcomm.c:148
148 return ((unsigned long) (field[0]))
(gdb) bt
#0 0x000000000046b56d in byte_get_little_endian (field=0x70d00c <error: Cannot
access memory at address 0x70d00c>, size=4) at elfcomm.c:148
#1 0x000000000041e9ac in dump_ia64_vms_dynamic_fixups (filedata=0x6ed000,
fixup=0x7fffffffdd70, strtab=0x0, strtab_sz=0) at readelf.c:7114
#2 0x000000000041ef7d in process_ia64_vms_dynamic_relocs (filedata=0x6ed000)
at readelf.c:7219
#3 0x000000000041f244 in process_relocs (filedata=0x6ed000) at readelf.c:7316
#4 0x000000000043fd39 in process_object (filedata=0x6ed000) at readelf.c:19966
#5 0x0000000000440aa7 in process_archive (filedata=0x6ed000,
is_thin_archive=0) at readelf.c:20331
#6 0x0000000000440dae in process_file (file_name=0x7fffffffe5ce
"./readelf_byte_get_little_endian") at readelf.c:20399
#7 0x0000000000440fba in main (argc=4, argv=0x7fffffffe348) at readelf.c:20475
Thank you,
Ahcheong Lee
--
You are receiving this mail because:
You are on the CC list for the bug.
