https://gcc.gnu.org/bugzilla/show_bug.cgi?id=90924
--- Comment #6 from Martin Liška <marxin at gcc dot gnu.org> --- (In reply to Ren Kimura from comment #5) > Yes. I can understand what you want to say. It may annoying for developers > to fix such nitpicky bugs. I'm willing to fix any inappropriate ELF container that will be created with GCC or with an other ELF creating tool. > But unfortunately these kind of bugs have been reported like, memory > corruption with *crafted* ELF file. > https://www.google.com/search?q=binutils+crafted+elf+cve I can imagine bazillion of such corruptions if you do a random mutation of an ELF container. > > From the perspective of attackers, they can prevent some kind of services by > sending crafted ELF file through network. i.e. Denial of Service. I'm all ears here. What kind of service would run or analyze untrusted ELF executables? > > Please consider our request of fixing. Patches are welcome, feel free to send a patch submission to the mailing list. > > Thanks > > (In reply to Martin Liška from comment #4) > > (In reply to Ren Kimura from comment #3) > > > Hi. Sorry for late. I've just attached more simple one. > > > > > > PoC file for this bug can be created easily, just generating ELF file and > > > edit e_shstrndx in ELF header file to 0. > > > > > > Attached one is built from simple Hello World program. > > > > > > #include <stdio.h> > > > int main() { > > > printf("Hello World\n"); > > > }; > > > > > > gcc -o memcorrupt_nm-2.30_gcc-9.1.0_gold_simple hello_world.c > > > > > > Edit e_shtrndx (offset 0x3E) to 0. > > > > What sense does it make to create a valid ELF container and then corrupt it? > > It's expected that various tools will crash then.
