https://sourceware.org/bugzilla/show_bug.cgi?id=24075
Bug ID: 24075 Summary: Program Crash due to Wild pointer Deference in ebl_object_note function in eblobjnote.c in libebl. Product: elfutils Version: unspecified Status: UNCONFIRMED Severity: normal Priority: P2 Component: backends Assignee: unassigned at sourceware dot org Reporter: wcventure at 126 dot com CC: elfutils-devel at sourceware dot org Target Milestone: --- Created attachment 11523 --> https://sourceware.org/bugzilla/attachment.cgi?id=11523&action=edit POC1 Hi there, Our fuzzer caught Pointer Deference problem in eu-readelf of the latest elfutils-0.174 code base, this inputs will cause the segment faults and I have confirmed them with address sanitizer too. Please use the "./eu-readelf -a $POC"to reproduce the bug. If you have any questions, please let me know. This problem is in the code as fllow, it seem like a use-after-fee problem. > size_t i; > for (i = 0; i < prop.pr_datasz - 1; i++) > printf ("%02" PRIx8 " ", (uint8_t) desc[i]); git log > commit 1dabad36ee28aa76b8cf14b6426b379cabee6def > Author: Jim Wilson <j...@sifive.com> > Date: Thu Dec 27 15:25:49 2018 -0800 > > RISC-V: Improve riscv64 core file support. > > This fixes two problems. The offset for x1 is changed from 1 to 8 because > this is a byte offset not a register skip count. Support for reading the > PC value is added. This requires changing the testsuite to match the new > readelf output for coredumps. > > Signed-off-by: Jim Wilson <j...@sifive.com> -- You are receiving this mail because: You are on the CC list for the bug.