https://sourceware.org/bugzilla/show_bug.cgi?id=32654
Mark Wielaard <mark at klomp dot org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Last reconfirmed| |2025-02-08
Assignee|unassigned at sourceware dot org |mark at klomp dot org
Ever confirmed|0 |1
CC| |mark at klomp dot org
Status|UNCONFIRMED |ASSIGNED
--- Comment #1 from Mark Wielaard <mark at klomp dot org> ---
Replicated with valgrind and eu-readelf --syms -D
==722925== Invalid read of size 1
==722925== at 0x484B0E6: strlen (vg_replace_strmem.c:505)
==722925== by 0x49B0057: __printf_buffer (vfprintf-process-arg.c:435)
==722925== by 0x49B0D92: __vfprintf_internal (vfprintf-internal.c:1544)
==722925== by 0x49A4BF2: printf (printf.c:33)
==722925== by 0x4091E2: process_symtab (readelf.c:2654)
==722925== by 0x40A31C: handle_dynamic_symtab (readelf.c:3062)
==722925== by 0x408D47: print_symtab (readelf.c:2582)
==722925== by 0x4044CE: process_elf_file (readelf.c:1064)
==722925== by 0x403B91: process_dwflmod (readelf.c:840)
==722925== by 0x48BD942: dwfl_getmodules (dwfl_getmodules.c:86)
==722925== by 0x403FC5: process_file (readelf.c:948)
==722925== by 0x402AE0: main (readelf.c:417)
==722925== Address 0x49681e7 is not stack'd, malloc'd or (recently) free'd
The issue is that with -D we aren't using elf_strptr, which will validate the
string, but use the string from the symstr_data->d_buf directly without
checking it is a valid string.
Issue introduced when support for -D/--dynamic was added by commit 4d8de4b2fa05
("readelf: display dynamic symtab without section headers")
--
You are receiving this mail because:
You are on the CC list for the bug.
