http://sourceware.org/bugzilla/show_bug.cgi?id=15120
Bug #: 15120 Summary: Readelf coredump on malicous ar archive Product: binutils Version: 2.24 (HEAD) Status: NEW Severity: normal Priority: P2 Component: binutils AssignedTo: unassig...@sourceware.org ReportedBy: binut...@trash-mail.com Classification: Unclassified Created attachment 6857 --> http://sourceware.org/bugzilla/attachment.cgi?id=6857 ar archive 1 readelf gets a segmentation fault on printing headers on malicous ar archives (included in metasploit framework) ./binutils/readelf -h /tmp/metasploit/external/source/byakugan/i386/byakugan.lib [1] 32176 segmentation fault (core dumped) ./binutils/readelf -h gdb: #0 0x000000000042d6c9 in get_archive_member_name (arch=0x7fff41f5dcd0, nested_arch=0x7fff41f5dd70) at elfcomm.c:599 599 j--; (gdb) p j $1 = 1257796941 (gdb) p arch->longnames_size $2 = 0 (gdb) p arch->longnames $3 = 0x0 (gdb) p arch->arhdr.ar_name + 1 $4 = 0x7fff41f5dd29 ' ' <repeats 15 times>, "1257796941", ' ' <repeats 14 times>, "0 964 `\n" -- Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug. _______________________________________________ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils