Launchpad has imported 5 comments from the remote bug at http://sourceware.org/bugzilla/show_bug.cgi?id=11889.
If you reply to an imported comment from within Launchpad, your comment will be sent to the remote bug automatically. Read more about Launchpad's inter-bugtracker facilities at https://help.launchpad.net/InterBugTracking. ------------------------------------------------------------------------ On 2010-08-06T05:00:14+00:00 Dan Rosenberg wrote: readelf crashes very easily when parsing malformed binaries. The attached patch fixes three floating point exceptions (divide-by-zero) and approximately 13 out-of-bounds reads (due to null pointer dereference, integer overflows, and bad array indexing). I have test files that trigger each of these crashes, but the patch should be pretty self-explanatory. I've tested the patch, confirmed it breaks no functionality, and that it resolves each of my crash files: (Patch hosted on Ubuntu's Launchpad) http://launchpadlibrarian.net/53144133/readelf-crashes.patch Reply at: https://bugs.launchpad.net/binutils/+bug/614206/comments/3 ------------------------------------------------------------------------ On 2010-08-06T05:01:49+00:00 Dan Rosenberg wrote: Created attachment 4916 Fix for readelf crashes Reply at: https://bugs.launchpad.net/binutils/+bug/614206/comments/4 ------------------------------------------------------------------------ On 2010-08-06T14:18:26+00:00 Dan Rosenberg wrote: Created attachment 4917 Revised patch, fixed casts Fixed to work on 64-bit platforms Reply at: https://bugs.launchpad.net/binutils/+bug/614206/comments/7 ------------------------------------------------------------------------ On 2010-08-13T16:02:45+00:00 Cvs-commit wrote: Subject: Bug 11889 CVSROOT: /cvs/src Module name: src Changes by: ni...@sourceware.org 2010-08-13 16:02:17 Modified files: binutils : ChangeLog readelf.c Log message: PR binutils/11889 * readelf.c (get_32bit_elf_symbols): Check for a corrupt sh_entsize. (get_64bit_elf_symbols): Likewise. (process_symbol_table): Likewise. (process_section_groups): Check for corrupt headers. (process_version_sections): Check for corrupt indicies. (process_corefile_note_segment): Likewise. Patches: http://sourceware.org/cgi-bin/cvsweb.cgi/src/binutils/ChangeLog.diff?cvsroot=src&r1=1.1670&r2=1.1671 http://sourceware.org/cgi-bin/cvsweb.cgi/src/binutils/readelf.c.diff?cvsroot=src&r1=1.512&r2=1.513 Reply at: https://bugs.launchpad.net/binutils/+bug/614206/comments/11 ------------------------------------------------------------------------ On 2010-08-13T16:03:57+00:00 Nickc wrote: Hi Dan, Thanks for the bug report and patch. I have checked it in, modulo a few formatting fixes, along with this changelog entry. Cheers Nick binutils/ChangeLog 2010-08-13 Dan Rosenberg <dan.j.rosenb...@gmail.com> PR binutils/11889 * readelf.c (get_32bit_elf_symbols): Check for a corrupt sh_entsize. (get_64bit_elf_symbols): Likewise. (process_symbol_table): Likewise. (process_section_groups): Check for corrupt headers. (process_version_sections): Check for corrupt indicies. (process_corefile_note_segment): Likewise. Reply at: https://bugs.launchpad.net/binutils/+bug/614206/comments/12 ** Changed in: binutils Importance: Unknown => Medium -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/614206 Title: readelf: fixes for multiple crashes -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs