[Bug binutils/31456] New: readelf: SEGV in read_leb128

Thu, 07 Mar 2024 05:19:35 -0800 

https://sourceware.org/bugzilla/show_bug.cgi?id=31456

            Bug ID: 31456
           Summary: readelf: SEGV in read_leb128
           Product: binutils
           Version: 2.43 (HEAD)
            Status: UNCONFIRMED
          Severity: normal
          Priority: P2
         Component: binutils
          Assignee: unassigned at sourceware dot org
          Reporter: chkunq at gmail dot com
  Target Milestone: ---

Created attachment 15388
  --> https://sourceware.org/bugzilla/attachment.cgi?id=15388&action=edit
A zip archive containing the input files to trigger the bug

Dear All,

This bug was found on Ubuntu 20.04 64-bit & binutils was checked out from main
repository at git://sourceware.org/git/binutils-gdb.git. Its commit is
5b95198e2e40b0301d37d989edc344a334c26b12 (Thu, 7 Mar 2024 00:00:53).

binutils was built with ASAN using clang-14. The configure command was:

CC=clang CFLAGS="-DFORTIFY_SOURCE -fstack-protector-all -fsanitize=address
-fno-omit-frame-pointer -g -Wno-error" ../configure --disable-shared
--disable-gdb --disable-libdecnumber --disable-readline --disable-sim

To reproduce:
Download and unzip the attached zip archive, and get POCs
readelf -w [poc_file]

ASAN says:
==2829534==ERROR: AddressSanitizer: SEGV on unknown address 0x5021010101da (pc
0x00000056213d bp 0x000000782da0 sp 0x7ffdaff86770 T0)
==2829534==The signal is caused by a READ memory access.
    #0 0x56213d in read_leb128
/data/symccgo/bug/binutils/obj-asan/binutils/../../binutils-gdb/binutils/dwarf.c:289:28
    #1 0x56213d in display_debug_names
/data/symccgo/bug/binutils/obj-asan/binutils/../../binutils-gdb/binutils/dwarf.c:10759:8
    #2 0x4be79d in display_debug_section
/data/symccgo/bug/binutils/obj-asan/binutils/../../binutils-gdb/binutils/readelf.c:16950:18
    #3 0x4be79d in process_section_contents
/data/symccgo/bug/binutils/obj-asan/binutils/../../binutils-gdb/binutils/readelf.c:17046:10
    #4 0x471fa3 in process_object
/data/symccgo/bug/binutils/obj-asan/binutils/../../binutils-gdb/binutils/readelf.c:23160:9
    #5 0x46b2d4 in process_file
/data/symccgo/bug/binutils/obj-asan/binutils/../../binutils-gdb/binutils/readelf.c:23583:13
    #6 0x46b2d4 in main
/data/symccgo/bug/binutils/obj-asan/binutils/../../binutils-gdb/binutils/readelf.c:23654:11
    #7 0x7ff763b87082 in __libc_start_main
/build/glibc-SzIz7B/glibc-2.31/csu/../csu/libc-start.c:308:16
    #8 0x37225d in _start
(/data/symccgo/bug/binutils/obj-asan/binutils/readelf+0x37225d)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV
/data/symccgo/bug/binutils/obj-asan/binutils/../../binutils-gdb/binutils/dwarf.c:289:28
in read_leb128
==2829534==ABORTING

-- 
You are receiving this mail because:
You are on the CC list for the bug.

Reply via email to