[Bug tools/33003] New: Bus Error Vulnerability in eu-strip due to Invalid Memory Write

[xdcao.cs at gmail dot com]

https://sourceware.org/bugzilla/show_bug.cgi?id=33003

            Bug ID: 33003
           Summary: Bus Error Vulnerability in eu-strip due to Invalid
                    Memory Write
           Product: elfutils
           Version: unspecified
            Status: UNCONFIRMED
          Severity: normal
          Priority: P2
         Component: tools
          Assignee: unassigned at sourceware dot org
          Reporter: xdcao.cs at gmail dot com
                CC: elfutils-devel at sourceware dot org
  Target Milestone: ---

Summary
Bus Error Vulnerability in eu-strip due to Invalid Memory Write


Environment
elfutils version: 0.192
OS: Ubuntu 22.04.5 LTS


Steps to reproduce
# export CFLAGS="-g -O0 -fno-inline -fno-lto -fsanitize=address"
# export CXXFLAGS="-g -O0 -fno-inline -fno-lto -fsanitize=address"
#  ./configure --enable-maintainer-mode --disable-debuginfod
# make -j64 & make install


root@c6c01f72391e:# ./eu-strip --output /var/tmp/stripped.out
--reloc-debug-sections-only POC
AddressSanitizer:DEADLYSIGNAL
=================================================================
==3973325==ERROR: AddressSanitizer: BUS on unknown address (pc 0x7f923a6ca9fb
bp 0x7fffe15f00f0 sp 0x7fffe15ef8a8 T0)
==3973325==The signal is caused by a WRITE memory access.
==3973325==Hint: this fault was caused by a dereference of a high value address
(see register values below).  Disassemble the provided pc to learn which
register was used.
    #0 0x7f923a6ca9fb 
string/../sysdeps/x86_64/multiarch/memmove-vec-unaligned-erms.S:429
    #1 0x49ac51 in __asan_memcpy
(/workspace/new-test/fuzzdir/fz-elfutils/fz-eu-strip/eu-strip+0x49ac51)
    #2 0x7f923ac20993 in memcpy
/usr/include/x86_64-linux-gnu/bits/string_fortified.h:29:10
    #3 0x7f923ac20993 in __elf64_updatemmap
/workspace/new-test/program/elfutils/libelf/./elf32_updatefile.c:451:3
    #4 0x7f923ac0cfdb in write_file
/workspace/new-test/program/elfutils/libelf/elf_update.c:123:7
    #5 0x7f923ac0c73f in elf_update
/workspace/new-test/program/elfutils/libelf/elf_update.c:231:9
    #6 0x4d08b4 in handle_elf
/workspace/new-test/program/elfutils/src/strip.c:2589:7
    #7 0x4cd576 in process_file
/workspace/new-test/program/elfutils/src/strip.c:807:16
    #8 0x4ccddb in main /workspace/new-test/program/elfutils/src/strip.c:270:12
    #9 0x7f923a62fd8f in __libc_start_call_main
csu/../sysdeps/nptl/libc_start_call_main.h:58:16
    #10 0x7f923a62fe3f in __libc_start_main csu/../csu/libc-start.c:392:3
    #11 0x4208f4 in _start
(/workspace/new-test/fuzzdir/fz-elfutils/fz-eu-strip/eu-strip+0x4208f4)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: BUS
string/../sysdeps/x86_64/multiarch/memmove-vec-unaligned-erms.S:429 
==3973325==ABORTING

POC
https://drive.google.com/file/d/1I7Ki0yKrITr_vOaMx4GQvrtLwfMVIOCJ/view?usp=sharing


Credit
Xiaoguo Li (CUPL)
Xudong Cao (UCAS)

-- 
You are receiving this mail because:
You are on the CC list for the bug.