https://sourceware.org/bugzilla/show_bug.cgi?id=34326
Bug ID: 34326
Summary: readelf: SIGSEGV in update_all_relocations when
processing ELF relocation table
Product: binutils
Version: 2.47 (HEAD)
Status: UNCONFIRMED
Severity: normal
Priority: P2
Component: binutils
Assignee: unassigned at sourceware dot org
Reporter: 970429025 at qq dot com
Target Milestone: ---
Created attachment 16800
--> https://sourceware.org/bugzilla/attachment.cgi?id=16800&action=edit
The PoC attachment contains the input file (Heap_Corruption) that triggers this
behavior.
Overview:
Running readelf on a ELF input file causes the program to crash with SIGSEGV.
The crash occurs in update_all_relocations() while processing relocation
information.
Steps to Reproduce:
./readelf -a Heap_Corruption
Actual Results:
readelf terminates with SIGSEGV.
GDB output excerpt:
Program received signal SIGSEGV, Segmentation fault.
#0 0x0000775b7724310a in ?? () from /lib/x86_64-linux-gnu/libc.so.6
#1 0x00000000004763fe in update_all_relocations ()
#2 0x0000000000479f5b in display_relocations ()
#3 0x0000000000450c31 in process_relocs ()
#4 0x0000000000441a83 in process_object ()
#5 0x000000000043260b in process_file ()
#6 0x00000000004305b6 in main ()
Expected Results:
readelf should exit gracefully after reporting an error or warning, rather than
crashing with SIGSEGV.
Build & Platform:
binutils version: GNU Binutils 2.46.50.20260601
component: readelf
OS: Ubuntu 22.04.5 LTS
arch: x86_64
Additional Information:
The PoC attachment contains the input file that triggers the crash:
Heap_Corruption.
Crash type: SIGSEGV
Crash location: update_all_relocations()
Fully reproducible.
--
You are receiving this mail because:
You are on the CC list for the bug.