readelf.c:8028(function slurp_hppa_unwind_table) that could cause crash in binutils 2.31.

ganshuitao at gmail dot com Fri, 30 Nov 2018 20:17:07 -0800

https://sourceware.org/bugzilla/show_bug.cgi?id=23945


            Bug ID: 23945
           Summary: There is an illegal READ memory access at
                    binutils/readelf.c:8028(function
                    slurp_hppa_unwind_table) that could cause crash in
                    binutils 2.31.
           Product: binutils
           Version: 2.31
            Status: UNCONFIRMED
          Severity: critical
          Priority: P2
         Component: binutils
          Assignee: unassigned at sourceware dot org
          Reporter: ganshuitao at gmail dot com
  Target Milestone: ---

Created attachment 11425
  --> https://sourceware.org/bugzilla/attachment.cgi?id=11425&action=edit
Triggered by “./readelf -aW poc0”

version: binutils 2.31
Summary: 

There is an illegal READ memory access at binutils/readelf.c:8028(function
slurp_hppa_unwind_table) that could cause crash in binutils 2.31. 

Description:

The asan debug is as follows:

$./readelf -aW POC0

ASAN:DEADLYSIGNAL
=================================================================
==112614==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc
0x7f41689057d9 bp 0x7fffc6885440 sp 0x7fffc6884ba0 T0)
==112614==The signal is caused by a READ memory access.
==112614==Hint: address points to the zero page.
    #0 0x7f41689057d8  (/usr/lib/x86_64-linux-gnu/libasan.so.4+0x5a7d8)
    #1 0x55eb6edc3485 in slurp_hppa_unwind_table
/home/company/real/binutils-2.31/binutils/readelf.c:8028
    #2 0x55eb6edc3485 in hppa_process_unwind
/home/company/real/binutils-2.31/binutils/readelf.c:8115
    #3 0x55eb6ede985c in process_unwind
/home/company/real/binutils-2.31/binutils/readelf.c:9253
    #4 0x55eb6ede985c in process_object
/home/company/real/binutils-2.31/binutils/readelf.c:18822
    #5 0x55eb6ed9daa9 in process_file
/home/company/real/binutils-2.31/binutils/readelf.c:19259
    #6 0x55eb6ed9daa9 in main
/home/company/real/binutils-2.31/binutils/readelf.c:19318
    #7 0x7f41684ec1c0 in __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x211c0)
    #8 0x55eb6ed9e319 in _start
(/home/company/real/binutils-2.31/install_asan/bin/readelf+0x98319)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV
(/usr/lib/x86_64-linux-gnu/libasan.so.4+0x5a7d8) 
==112614==ABORTING

-- 
You are receiving this mail because:
You are on the CC list for the bug.
_______________________________________________
bug-binutils mailing list
[email protected]
https://lists.gnu.org/mailman/listinfo/bug-binutils

[Bug binutils/23945] New: There is an illegal READ memory access at binutils/readelf.c:8028(function slurp_hppa_unwind_table) that could cause crash in binutils 2.31.

Reply via email to