[Bug binutils/33738] New: readelf aborts with SIGABRT on crafted input when run with “-w pubnames --dwarf-depth 2” (binutils 2.46(HEAD))

Sun, 21 Dec 2025 14:02:06 -0800 

https://sourceware.org/bugzilla/show_bug.cgi?id=33738

            Bug ID: 33738
           Summary: readelf aborts with SIGABRT on crafted input when run
                    with “-w pubnames --dwarf-depth 2” (binutils
                    2.46(HEAD))
           Product: binutils
           Version: 2.46 (HEAD)
            Status: UNCONFIRMED
          Severity: normal
          Priority: P2
         Component: binutils
          Assignee: unassigned at sourceware dot org
          Reporter: 970429025 at qq dot com
  Target Milestone: ---

Created attachment 16532
  --> https://sourceware.org/bugzilla/attachment.cgi?id=16532&action=edit
The PoC attachment contains the input file that triggers the crash

Overview:
Running readelf -w pubnames --dwarf-depth 2 on a malformed ELF file leads to a
SIGABRT termination.

Steps to Reproduce:
./readelf -w pubnames --dwarf-depth 2 SIGABRT_2

Actual Results:
readelf emits multiple DWARF-related warnings, reports Unhandled data length:
0, and then terminates by calling abort(), resulting in a SIGABRT.

GDB output excerpt:
readelf: Warning: Unrecognized form: 0
readelf: Warning: Unrecognized form: 0
readelf: Error: Unhandled data length: 0

Program received signal SIGABRT, Aborted.
__GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
51      ../sysdeps/unix/sysv/linux/raise.c: No such file or directory.
(gdb) bt
#0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
#1  0x00007ffff6bbb7f1 in __GI_abort () at abort.c:79
#2  0x000000000054adf4 in byte_get_little_endian ()
#3  0x000000000051cfb7 in fetch_indexed_addr ()
#4  0x0000000000517e1b in read_and_display_attr_value ()
#5  0x000000000053a17b in display_formatted_table ()
#6  0x000000000052f414 in display_debug_lines_raw ()
#7  0x00000000004f2ef5 in display_debug_lines ()
#8  0x00000000004bdced in display_debug_section ()
#9  0x000000000045d514 in process_section_contents ()
#10 0x0000000000448b6e in process_object ()
#11 0x00000000004391be in process_file ()
#12 0x0000000000437119 in main ()
(gdb)


Expected Results:
readelf should report DWARF parsing errors for malformed debug information and
terminate gracefully without aborting.

Build & Platform:
binutils version: 2.46(HEAD)
component: readelf
OS: Ubuntu 18.04.6 LTS
arch: x86_64

Additional Information: 
The PoC attachment contains the input file that triggers the crash(SIGABRT_2). 
Crash type: SIGABRT. 
Fully reproducible.

-- 
You are receiving this mail because:
You are on the CC list for the bug.

Reply via email to