https://sourceware.org/bugzilla/show_bug.cgi?id=34324

            Bug ID: 34324
           Summary: readelf: SIGABRT in process_relocs when processing ELF
                    relocation data
           Product: binutils
           Version: 2.47 (HEAD)
            Status: UNCONFIRMED
          Severity: normal
          Priority: P2
         Component: binutils
          Assignee: unassigned at sourceware dot org
          Reporter: 970429025 at qq dot com
  Target Milestone: ---

Created attachment 16798
  --> https://sourceware.org/bugzilla/attachment.cgi?id=16798&action=edit
The PoC attachment contains the input file (Denial_of_Service) that triggers
this behavior.

Overview:

Running readelf with -a -D on a ELF input file causes the program to terminate
with SIGABRT.

The program does not exit gracefully and instead aborts while processing
relocation information in process_relocs().

Steps to Reproduce:

./readelf -a -D Denial_of_Service

Actual Results:

readelf terminates with SIGABRT.

GDB output excerpt:

Program received signal SIGABRT, Aborted.

#0  0x00007400717969fc in pthread_kill () from /lib/x86_64-linux-gnu/libc.so.6
#1  0x0000740071742476 in raise () from /lib/x86_64-linux-gnu/libc.so.6
#2  0x00007400717287f3 in abort () from /lib/x86_64-linux-gnu/libc.so.6
#3  0x000000000045076e in process_relocs ()
#4  0x0000000000441a83 in process_object ()
#5  0x000000000043260b in process_file ()
#6  0x00000000004305b6 in main ()

Expected Results:

readelf should exit normally, rather than terminating via abort().

Build & Platform:

binutils version: GNU Binutils 2.46.50.20260601
component: readelf
OS: Ubuntu 22.04.5 LTS
arch: x86_64

Additional Information:

The PoC attachment contains the input file that triggers the crash:
Denial_of_Service.

Crash type: SIGABRT
Crash location: process_relocs()
Affected option: -D
Fully reproducible.

-- 
You are receiving this mail because:
You are on the CC list for the bug.

Reply via email to