https://sourceware.org/bugzilla/show_bug.cgi?id=24089
Mark Wielaard <mark at klomp dot org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|UNCONFIRMED |ASSIGNED
Last reconfirmed| |2019-01-16
CC| |mark at klomp dot org
Component|libelf |tools
Summary|A Heap-buffer-overflow |NT_PLATFORM core file note
|problem was discovered in |should be a zero terminated
|the function elf32_xlatetom |string
|in elf32_xlatetom.c in |
|libelf |
Ever confirmed|0 |1
--- Comment #2 from Mark Wielaard <mark at klomp dot org> ---
(In reply to wcventure from comment #0)
> A Heap-buffer-overflow problem was discovered in the function elf32_xlatetom
> in elf32_xlatetom.c in libelf, as distributed in ELFutils 0.147. A crafted
> ELF input can cause segment faults and I have confirmed them with address
> sanitizer too.
Interesting. The same can be found running the reproducer under valgrind.
The issue is that when eu-readelf -n tries to print the values of a core file
ELF note and sees a NT_PLATFORM type, it doesn't check that the value is a
properly zero terminated string.
The simplest solution is to just not recognize such corrupt core file notes in
ebl_core_note:
https://sourceware.org/ml/elfutils-devel/2019-q1/msg00049.html
--
You are receiving this mail because:
You are on the CC list for the bug.
