[Bug general/25831] New: Assertion failure in eu-objdump
https://sourceware.org/bugzilla/show_bug.cgi?id=25831 Bug ID: 25831 Summary: Assertion failure in eu-objdump Product: elfutils Version: unspecified Status: UNCONFIRMED Severity: normal Priority: P2 Component: general Assignee: unassigned at sourceware dot org Reporter: nguyenmanhdung1710 at gmail dot com CC: elfutils-devel at sourceware dot org Target Milestone: --- Created attachment 12465 --> https://sourceware.org/bugzilla/attachment.cgi?id=12465&action=edit PoC for an assertion failure Hi, An assertion failure was discovered in the latest commit 1a9fe4b of elfutils 0.179, as demonstrated by eu-objdump via a crafted file. To reproduce: eu-objdump -d PoC Valgrind says: objdump: ../../libcpu/i386_disasm.c:449: x86_64_disasm: Assertion `correct_prefix == 0 || (prefixes & correct_prefix) != 0' failed. ==6901== ==6901== Process terminating with default action of signal 6 (SIGABRT) ==6901==at 0x56F5428: raise (raise.c:54) ==6901==by 0x56F7029: abort (abort.c:89) ==6901==by 0x56EDBD6: __assert_fail_base (assert.c:92) ==6901==by 0x56EDC81: __assert_fail (assert.c:101) ==6901==by 0x47BF64: x86_64_disasm (i386_disasm.c:448) ==6901==by 0x4E4ECE0: disasm_cb (disasm_cb.c:178) ==6901==by 0x407017: show_disasm (objdump.c:737) ==6901==by 0x407017: handle_elf (objdump.c:783) ==6901==by 0x4029BD: process_file (objdump.c:251) ==6901==by 0x4029BD: main (objdump.c:164) Thanks, Manh Dung -- You are receiving this mail because: You are on the CC list for the bug.
[Bug general/25838] New: eu-readelf crashes due to a general protection fault
https://sourceware.org/bugzilla/show_bug.cgi?id=25838 Bug ID: 25838 Summary: eu-readelf crashes due to a general protection fault Product: elfutils Version: unspecified Status: UNCONFIRMED Severity: normal Priority: P2 Component: general Assignee: unassigned at sourceware dot org Reporter: nguyenmanhdung1710 at gmail dot com CC: elfutils-devel at sourceware dot org Target Milestone: --- Created attachment 12470 --> https://sourceware.org/bugzilla/attachment.cgi?id=12470&action=edit PoC Hi, A general protection fault was discovered in the latest commit 1a9fe4b of elfutils 0.179, as demonstrated by eu-readelf, that can cause a denial of service via a crafted file. To reproduce: eu-readelf -a PoC Valgrind says: ==3222== Process terminating with default action of signal 11 (SIGSEGV) ==3222== General Protection Fault ==3222==at 0x4124AB: handle_gnu_hash (readelf.c:3430) ==3222==by 0x4124AB: handle_hash (readelf.c:3501) ==3222==by 0x45EA8B: process_elf_file (readelf.c:1012) ==3222==by 0x465129: process_dwflmod (readelf.c:790) ==3222==by 0x4FCC888: dwfl_getmodules (dwfl_getmodules.c:86) ==3222==by 0x4094D5: process_file (readelf.c:898) ==3222==by 0x404D1E: main (readelf.c:372) Thanks, Manh Dung -- You are receiving this mail because: You are on the CC list for the bug.
[Bug general/25838] eu-readelf crashes due to a general protection fault
https://sourceware.org/bugzilla/show_bug.cgi?id=25838 --- Comment #2 from Manh-Dung Nguyen --- Created attachment 12479 --> https://sourceware.org/bugzilla/attachment.cgi?id=12479&action=edit Valgrind's output -- You are receiving this mail because: You are on the CC list for the bug.
[Bug general/25838] eu-readelf crashes due to a general protection fault
https://sourceware.org/bugzilla/show_bug.cgi?id=25838 --- Comment #3 from Manh-Dung Nguyen --- Hi Mark, I use Ubuntu 16.04 64 bit. I recompile elf-utils using gcc 5.5.0 and I cannot reproduce the bug. However, compiling elf-utils using afl-gcc of AFL version 2.52b can trigger the bug (please see the attached log of Valgrind). Thus, I think this bug is probably triggered due to a different compiler that I've tested. Best, Manh Dung -- You are receiving this mail because: You are on the CC list for the bug.
[Bug general/25838] eu-readelf crashes due to a general protection fault
https://sourceware.org/bugzilla/show_bug.cgi?id=25838 --- Comment #5 from Manh-Dung Nguyen --- So I think you can savely close this issue if you cannot reproduce the bug on your side. The root cause is probably due to my hardware specifics. Thanks, MD -- You are receiving this mail because: You are on the CC list for the bug.
