https://sourceware.org/bugzilla/show_bug.cgi?id=29290
Bug ID: 29290
Summary: dwarf.c: null pointer dereference
Product: binutils
Version: 2.39 (HEAD)
Status: UNCONFIRMED
Severity: normal
Priority: P2
Component: binutils
Assignee: unassigned at sourceware dot org
Reporter: h3xrabbit at gmail dot com
Target Milestone: ---
Created attachment 14177
--> https://sourceware.org/bugzilla/attachment.cgi?id=14177&action=edit
PoC to trigger null pointer dereference
During fuzzing campaign, I discovered a null pointer dereference bug in readelf
(on the latest commit 9544899f2809833729159b0acb414ef7730650d5) in
read_and_display_attr_value(), that can may a denial of service via a crafted
file.
To reproduce the bug:
```
readelf -w poc
```
ASAN output:
```
=================================================================
==527903==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000078 (pc
0x0000005da25e bp 0x7ffc9e9d8460 sp 0x7ffc9e9d79e0 T0)
==527903==The signal is caused by a READ memory access.
==527903==Hint: address points to the zero page.
#0 0x5da25e in read_and_display_attr_value ../../binutils/dwarf.c:2758:50
#1 0x5cbe63 in display_debug_names ../../binutils/dwarf.c:10369:16
#2 0x57a10c in display_debug_section ../../binutils/readelf.c:16234:18
#3 0x5318a4 in process_section_contents ../../binutils/readelf.c:16330:10
#4 0x51183a in process_object ../../binutils/readelf.c:22368:9
#5 0x501331 in process_file ../../binutils/readelf.c:22791:13
#6 0x4feb82 in main ../../binutils/readelf.c:22862:11
#7 0x7fb874918082 in __libc_start_main
/build/glibc-SzIz7B/glibc-2.31/csu/../csu/libc-start.c:308:16
#8 0x41c4ad in _start (build3/binutils/readelf+0x41c4ad)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV
/tmp/binutils/build3/binutils/../../binutils/dwarf.c:2758:50 in
read_and_display_attr_value
==527903==ABORTING
--
You are receiving this mail because:
You are on the CC list for the bug.
