https://sourceware.org/bugzilla/show_bug.cgi?id=24102
Mark Wielaard <mark at klomp dot org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|UNCONFIRMED |ASSIGNED
Last reconfirmed| |2019-01-20
CC| |mark at klomp dot org
Component|backends |libdw
Ever confirmed|0 |1
--- Comment #3 from Mark Wielaard <mark at klomp dot org> ---
Nice find. Replicated using valgrind on the reproducers.
We would assume the dir and file tables were properly terminated by a NUL byte.
But if that wasn't actually there we could read one byte past the end of the
data buffer. A similar issue was in readelf.c (although it is harder to trigger
since readlelf has more sanity checks before it can get to this point).
Proposed fix:
https://sourceware.org/ml/elfutils-devel/2019-q1/msg00068.html
--
You are receiving this mail because:
You are on the CC list for the bug.
