bug-binutils
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Bug binutils/30312] New: readelf: heap overflow (end_cu_tu_entry dwarf.

From: youngseok.main at gmail dot com
Subject: [Bug binutils/30312] New: readelf: heap overflow (end_cu_tu_entry dwarf.c:10760)
Date: Tue, 04 Apr 2023 08:26:25 +0000 
https://sourceware.org/bugzilla/show_bug.cgi?id=30312

            Bug ID: 30312
           Summary: readelf: heap overflow (end_cu_tu_entry dwarf.c:10760)
           Product: binutils
           Version: 2.40
            Status: UNCONFIRMED
          Severity: normal
          Priority: P2
         Component: binutils
          Assignee: unassigned at sourceware dot org
          Reporter: youngseok.main at gmail dot com
  Target Milestone: ---

Created attachment 14803
  --> https://sourceware.org/bugzilla/attachment.cgi?id=14803&action=edit
poc_file used in command input

Our fuzzer found a heap overflow bug in the latest readelf executable.

**Command Input**
readelf poc_file -w

poc_file is attached.

**Command Output**
readelf: Warning: Section 13 has an out of range sh_link value of 402653184
readelf: Warning: Section 24 has an out of range sh_link value of 92168
readelf: Error: no .dynamic section in the dynamic segment
readelf: Warning: could not find separate debug file ''
readelf: Warning: tried: /lib/debug/
readelf: Warning: tried: /usr/lib/debug/usr/
readelf: Warning: tried:
/usr/lib/debug//home/youngseok/data/230327/asan_inter_30_30_shrink5_1_230308/readelf/5_id:026647//
readelf: Warning: tried: /usr/lib/debug/
readelf: Warning: tried:
/home/youngseok/data/230327/asan_inter_30_30_shrink5_1_230308/readelf/5_id:026647/.debug/
readelf: Warning: tried:
/home/youngseok/data/230327/asan_inter_30_30_shrink5_1_230308/readelf/5_id:026647/
readelf: Warning: tried: .debug/
readelf: Warning: tried:
readelf: Warning: could not find separate debug file ''
readelf: Warning: tried: /lib/debug/
readelf: Warning: tried: /usr/lib/debug/usr/
readelf: Warning: tried:
/usr/lib/debug//home/youngseok/data/230327/asan_inter_30_30_shrink5_1_230308/readelf/5_id:026647//
readelf: Warning: tried: /usr/lib/debug/
readelf: Warning: tried:
/home/youngseok/data/230327/asan_inter_30_30_shrink5_1_230308/readelf/5_id:026647/.debug/
readelf: Warning: tried:
/home/youngseok/data/230327/asan_inter_30_30_shrink5_1_230308/readelf/5_id:026647/
readelf: Warning: tried: .debug/
readelf: Warning: tried:
readelf: Warning: unable to open file
'/home/youngseok/data/230327/asan_inter_30_30_shrink5_1_230308/readelf/5_id:026647/'
referenced from .debug_sup section
readelf: Warning: .note.gnu.build-id data size is too big

**Sanitizer Dump**
==32229==ERROR: AddressSanitizer: heap-buffer-overflow on address
0x6020000000b0 at pc 0x5555556eb4e1 bp 0x7fffffffda20 sp 0x7fffffffda10
WRITE of size 4 at 0x6020000000b0 thread T0
    #0 0x5555556eb4e0 in end_cu_tu_entry dwarf.c:10760
    #1 0x5555556ebfc2 in process_cu_tu_index dwarf.c:10876
    #2 0x5555556edbdf in load_cu_tu_indexes dwarf.c:11128
    #3 0x5555556edc49 in find_cu_tu_set dwarf.c:11146
    #4 0x555555675de1 in display_debug_section readelf.c:16373
    #5 0x555555676321 in process_section_contents readelf.c:16471
    #6 0x555555693871 in process_object readelf.c:22574
    #7 0x555555695b03 in process_file readelf.c:22997
    #8 0x555555695f62 in main readelf.c:23068
    #9 0x7ffff6a48c86 in __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x21c86)
    #10 0x55555561d749 in _start
(/home/youngseok/subjects/latest_asan_install/binutils/bin/readelf+0xc9749)

**Environment**
- OS: Ubuntu 18.04
- gcc: 7.5.0
- binutils: 2.40.50.20230404

binutils is built it address sanitizer. Here is the build script:
CFLAGS="-fsanitize=address -g -O0" CXXFLAGS="-fsanitize=address -g -O0" \
./configure --enable-targets=all

-- 
You are receiving this mail because:
You are on the CC list for the bug.
reply via email to
[Prev in Thread] Current Thread [Next in Thread]