[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Bug binutils/18831] readelf "Build ID" overflow
From: |
address@hidden |
Subject: |
[Bug binutils/18831] readelf "Build ID" overflow |
Date: |
Sat, 15 Aug 2015 16:41:46 +0000 |
https://sourceware.org/bugzilla/show_bug.cgi?id=18831
--- Comment #2 from Nafiez <address@hidden> ---
Output from GDB:
Starting program: /usr/bin/readelf -a /home/fuzz/fuzzy/readelf/out/crashes/test
...snippet...
Displaying notes found at file offset 0x00000188 with length 0x00000024:
Owner Data size Description
GNU 0xffffffff NT_GNU_BUILD_ID (unique build ID
bitstring)
Build ID: <random_number_here> <---- Integer overflow
Program received signal SIGSEGV, Segmentation fault.
[----------------------------------registers-----------------------------------]
EAX: 0x2
EBX: 0x80b347f --> 0xbbff6500
ECX: 0xb7fa8898 --> 0x0
EDX: 0x2
ESI: 0x80d2000
EDI: 0x8084b32 --> 0x494e5500 ('')
EBP: 0x80b347c --> 0x554e47 ('GNU')
ESP: 0xbfffed90 --> 0x1
EIP: 0x8061ab0 (movzx eax,BYTE PTR [esi])
EFLAGS: 0x10216 (carry PARITY ADJUST zero sign trap INTERRUPT direction
overflow)
[-------------------------------------code-------------------------------------]
0x8061aa4: lea ebx,[esi+eax*1]
0x8061aa7: je 0x806192e
0x8061aad: lea esi,[esi+0x0]
=> 0x8061ab0: movzx eax,BYTE PTR [esi]
0x8061ab3: add esi,0x1
0x8061ab6: mov DWORD PTR [esp+0x4],0x80a30ba
0x8061abe: mov DWORD PTR [esp],0x1
0x8061ac5: mov DWORD PTR [esp+0x8],eax
[------------------------------------stack-------------------------------------]
0000| 0xbfffed90 --> 0x1
0004| 0xbfffed94 --> 0x80a30ba ("%02x")
0008| 0xbfffed98 --> 0x0
0012| 0xbfffed9c --> 0xffffffff <--- integer overflow
0016| 0xbfffeda0 --> 0x809e480 ("NT_GNU_BUILD_ID (unique build ID bitstring)")
0020| 0xbfffeda4 --> 0x18
0024| 0xbfffeda8 --> 0x1
0028| 0xbfffedac --> 0x1
[------------------------------------------------------------------------------]
Legend: code, data, rodata, value
Stopped reason: SIGSEGV
0x08061ab0 in ?? ()
--
You are receiving this mail because:
You are on the CC list for the bug.