date:20170213

[Bug ld/21000] hppa-linux does not support -z relro

2017-02-13 Thread amodra at gmail dot com

https://sourceware.org/bugzilla/show_bug.cgi?id=21000

Alan Modra  changed:

   What|Removed |Added

 Status|REOPENED|ASSIGNED

-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils

[Bug ld/21000] hppa-linux does not support -z relro

2017-02-13 Thread amodra at gmail dot com

https://sourceware.org/bugzilla/show_bug.cgi?id=21000

--- Comment #17 from Alan Modra  ---
Created attachment 9820
  --> https://sourceware.org/bugzilla/attachment.cgi?id=9820=edit
Implement no_page_alias

This wastes a page in order to avoid the page aliasing problem

-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils

[Bug ld/21131] * Error in `/usr/bin/ld': corrupted double-linked list: 0x00239b48 *

2017-02-13 Thread amodra at gmail dot com

https://sourceware.org/bugzilla/show_bug.cgi?id=21131

--- Comment #4 from Alan Modra  ---
With that patch, and deleting sysdeps/unix/sysv/linux/hppa/pthread_cond_init.c,
I can at least build glibc.  Thanks!

However, I can't reproduce the failure with cross-tools.  elf/vismain builds
fine using the same options you show.  What's more, valgrind doesn't show any
errors apart from some leaked memory, and setting MALLOC_PERTURB_ doesn't make
any difference.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils

[Bug ld/21132] [hppa-linux] pie support doesn't work

2017-02-13 Thread danglin at gcc dot gnu.org

https://sourceware.org/bugzilla/show_bug.cgi?id=21132

--- Comment #2 from John David Anglin  ---
Actually, it appears $global$ is incorrectly set in scripttempl/elf.sc.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils

[Bug ld/21132] [hppa-linux] pie support doesn't work

2017-02-13 Thread danglin at gcc dot gnu.org

https://sourceware.org/bugzilla/show_bug.cgi?id=21132

--- Comment #1 from John David Anglin  ---
It appears $global$ is set to the wrong value in elf32_hppa_set_gp()
for -pie.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils

[Bug binutils/21151] Heap buffer overflow in drwarf2.c

2017-02-13 Thread nickc at redhat dot com

https://sourceware.org/bugzilla/show_bug.cgi?id=21151

Nick Clifton  changed:

   What|Removed |Added

 Status|UNCONFIRMED |RESOLVED
 CC||nickc at redhat dot com
 Resolution|--- |FIXED

--- Comment #2 from Nick Clifton  ---
Hi Thuan,

  Thanks for the bug report.  I have applied a small patch to fix the problem.

  At issue here was the fact that the BFD library was not checking the
unit_length field in the DWARF header before attempting to read in the DWARF
debug information.

Cheers
  Nick

-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils

[Bug gold/21152] New: Incorrect relocation handling of R_MIPS_HI16 / R_MIPS_LO16

2017-02-13 Thread jan.smets at nokia dot com

https://sourceware.org/bugzilla/show_bug.cgi?id=21152

Bug ID: 21152
   Summary: Incorrect relocation handling of R_MIPS_HI16 /
R_MIPS_LO16
   Product: binutils
   Version: 2.28
Status: UNCONFIRMED
  Severity: normal
  Priority: P2
 Component: gold
  Assignee: ccoutant at gmail dot com
  Reporter: jan.smets at nokia dot com
CC: ian at airs dot com
  Target Milestone: ---

MIPS O32


BFD

(gdb) disas /rm cvmx_l2c_flush_mem_region_line_reuse,+0x40
Dump of assembler code from 0x2875728 to 0x2875768:
   0x02875728 : 27 bd ff d0 addiu  
sp,sp,-48
   0x0287572c : af b3 00 1c sw 
s3,28(sp)
   0x02875730 : 3c 13 07 02 lui
s3,0x702
   0x02875734 :8e 62 30 b8
lw  v0,12472(s3)
   0x02875738 :af b5 00 24
sw  s5,36(sp)
   0x0287573c :af b4 00 20
sw  s4,32(sp)
   0x02875740 :af b2 00 18
sw  s2,24(sp)
   0x02875744 :af b0 00 10
sw  s0,16(sp)
   0x02875748 :af bf 00 2c
sw  ra,44(sp)
   0x0287574c :af b6 00 28
sw  s6,40(sp)
   0x02875750 :af b1 00 14
sw  s1,20(sp)

GOLD

(gdb) disas /rm cvmx_l2c_flush_mem_region_line_reuse,+0x40
Dump of assembler code from 0x2875728 to 0x2875768:
   0x02875728 : 27 bd ff d0 addiu  
sp,sp,-48
   0x0287572c : af b3 00 1c sw 
s3,28(sp)
   0x02875730 : 6c cb 07 00 ldr
t3,1792(a2)   < should be lui
   0x02875734 :bf 1a 00 00
cache   0x1a,0(t8)< should be lw
   0x02875738 :af b5 00 24
sw  s5,36(sp)
   0x0287573c :af b4 00 20
sw  s4,32(sp)
   0x02875740 :af b2 00 18
sw  s2,24(sp)
   0x02875744 :af b0 00 10
sw  s0,16(sp)
   0x02875748 :af bf 00 2c
sw  ra,44(sp)
   0x0287574c :af b6 00 28
sw  s6,40(sp)
   0x02875750 :af b1 00 14
sw  s1,20(sp)

GCC generated assembly 

.setmacro
.setreorder
.endcvmx_l2c_flush_one_set_via_line_reuse
.size   cvmx_l2c_flush_one_set_via_line_reuse,
.-cvmx_l2c_flush_one_set_via_line_reuse
.align  2
.globl  cvmx_l2c_flush_mem_region_line_reuse
.setnomips16
.setnomicromips
.entcvmx_l2c_flush_mem_region_line_reuse
.type   cvmx_l2c_flush_mem_region_line_reuse, @function
cvmx_l2c_flush_mem_region_line_reuse:
.frame  $sp,48,$31  # vars= 0, regs= 8/0, args= 16, gp= 0
.mask   0x807f,-4
.fmask  0x,0
addiu   $sp,$sp,-48
sw  $19,28($sp)
lui $19,%hi(indxalias$97671)
lw  $2,%lo(indxalias$97671)($19)
sw  $21,36($sp)
sw  $20,32($sp)
sw  $18,24($sp)
sw  $16,16($sp)
sw  $31,44($sp)
sw  $22,40($sp)
sw  $17,20($sp)
...
.data
.align  2
.type   indxalias$97671, @object
.size   indxalias$97671, 4
indxalias$97671:
.word   -1
.align  2
...

-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils

[Bug binutils/21151] Heap buffer overflow in drwarf2.c

2017-02-13 Thread cvs-commit at gcc dot gnu.org

https://sourceware.org/bugzilla/show_bug.cgi?id=21151

--- Comment #1 from cvs-commit at gcc dot gnu.org  ---
The master branch has been updated by Nick Clifton :

https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=d11135f55294d75099ad03f81bacbe8ae93a6b28

commit d11135f55294d75099ad03f81bacbe8ae93a6b28
Author: Nick Clifton 
Date:   Mon Feb 13 17:51:27 2017 +

Fix invalid memory access in the BFD library's DWARF parser.

PR binutils/21151
* dwarf2.c (_bfd_dwarf2_find_nearest_line): Check for an invalid
unit length field.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils

[Bug binutils/21150] global buffer overflow in nm.c

2017-02-13 Thread nickc at redhat dot com

https://sourceware.org/bugzilla/show_bug.cgi?id=21150

Nick Clifton  changed:

   What|Removed |Added

 Status|UNCONFIRMED |RESOLVED
 CC||nickc at redhat dot com
 Resolution|--- |FIXED

--- Comment #2 from Nick Clifton  ---
Hi Thuan,

  Thanks for reporting this bug.  I have applied a small patch to fix the
problem.

  The bug was in the symbol sorting code used by nm.  It was testing for known
file extensions (.o and .a) in symbol names without first checking to see if
the symbol name was long enough to actually have one of these extensions.

Cheers
  Nick

-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils

[Bug binutils/21150] global buffer overflow in nm.c

2017-02-13 Thread cvs-commit at gcc dot gnu.org

https://sourceware.org/bugzilla/show_bug.cgi?id=21150

--- Comment #1 from cvs-commit at gcc dot gnu.org  ---
The master branch has been updated by Nick Clifton :

https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=c12214021dedefcc2320827bcc1751f2d94ca2c6

commit c12214021dedefcc2320827bcc1751f2d94ca2c6
Author: Nick Clifton 
Date:   Mon Feb 13 17:23:10 2017 +

Fix illegal memory access bug in nm when run on a corrupt binary.

PR binutils/21150
* nm.c (file_symbol): Add test of string length before testing
string characters.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils

[Bug binutils/21136] readelf segfault - heap buffer overflow

2017-02-13 Thread nickc at redhat dot com

https://sourceware.org/bugzilla/show_bug.cgi?id=21136

--- Comment #5 from Nick Clifton  ---

> Sorry - that was my mistake.  I should have ibndi

[Doh - hit send before I was ready].

What I meant to say was that you were correct.  This bug is essentially a
duplicate of 21139 not 21137.  I have updated the Status accordingly.

Cheers
  Nick

-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils

[Bug binutils/21136] readelf segfault - heap buffer overflow

2017-02-13 Thread nickc at redhat dot com

https://sourceware.org/bugzilla/show_bug.cgi?id=21136

--- Comment #4 from Nick Clifton  ---
Hi Thuan,

> Thank you for quickly fixing the bugs I reported. 21136 looks totally
> different from 21137, both in call-stack and in crashing functions. I do
> see that 21136 shares something in common with 21139; however, the stack
> traces of these two reported bugs are also considerably different.

Sorry - that was my mistake.  I should have ibndi

*** This bug has been marked as a duplicate of bug 21139 ***

-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils

[Bug binutils/21139] readelf crashes - corrupted double-linked list because of use after free

2017-02-13 Thread nickc at redhat dot com

https://sourceware.org/bugzilla/show_bug.cgi?id=21139

--- Comment #7 from Nick Clifton  ---
*** Bug 21136 has been marked as a duplicate of this bug. ***

-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils

[Bug binutils/21151] New: Heap buffer overflow in drwarf2.c

2017-02-13 Thread thuanpv at comp dot nus.edu.sg

https://sourceware.org/bugzilla/show_bug.cgi?id=21151

Bug ID: 21151
   Summary: Heap buffer overflow in drwarf2.c
   Product: binutils
   Version: 2.29 (HEAD)
Status: UNCONFIRMED
  Severity: normal
  Priority: P2
 Component: binutils
  Assignee: unassigned at sourceware dot org
  Reporter: thuanpv at comp dot nus.edu.sg
  Target Milestone: ---

Created attachment 9819
  --> https://sourceware.org/bugzilla/attachment.cgi?id=9819=edit
Bug triggering input

Dear all,

This bug was found with AFLGo, a directed version of AFL/AFLFast. Thanks also
to Marcel Böhme. 

This bug was found on Ubuntu 14.04 64-bit & binutils was checkout from main
repository at git://sourceware.org/git/binutils-gdb.git. Its commit is
53f7e8ea7fad1fcff1b58f4cbd74e192e0bcbc1d (Fri Feb 10 00:00:16 2017) 

binutils was built with ASAN using gcc-6.2 and clang-3.4. The configure command
was:

CC=clang CFLAGS="-DFORTIFY_SOURCE=2 -fstack-protector-all
-fsanitize=undefined,address -fno-omit-frame-pointer -g -Wno-error"
../configure --disable-shared --disable-gdb --disable-libdecnumber
--disable-readline --disable-sim

To reproduce:
Download the attached file - bug_17
objdump -S bug_17


ASAN says:
==107235==ERROR: AddressSanitizer: heap-buffer-overflow on address
0x6080bf72 at pc 0x10b6f9e bp 0x7ffd0f6e24f0 sp 0x7ffd0f6e24e8
READ of size 1 at 0x6080bf72 thread T0
#0 0x10b6f9d in read_1_byte
/home/ubuntu/thesis/subjects/binutils-newest/build-asan/bfd/../../bfd/dwarf2.c:573
#1 0x10accd0 in parse_comp_unit
/home/ubuntu/thesis/subjects/binutils-newest/build-asan/bfd/../../bfd/dwarf2.c:2970
#2 0x10a17df in _bfd_dwarf2_find_nearest_line
/home/ubuntu/thesis/subjects/binutils-newest/build-asan/bfd/../../bfd/dwarf2.c:4297
#3 0xcc0b5a in _bfd_elf_find_nearest_line
/home/ubuntu/thesis/subjects/binutils-newest/build-asan/bfd/../../bfd/elf.c:8554
#4 0x4d306f in show_line
/home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/objdump.c:1472
#5 0x4c8043 in disassemble_bytes
/home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/objdump.c:1766
#6 0x4b80e2 in disassemble_section
/home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/objdump.c:2279
#7 0x999603 in bfd_map_over_sections
/home/ubuntu/thesis/subjects/binutils-newest/build-asan/bfd/../../bfd/section.c:1395
#8 0x4a63eb in disassemble_data
/home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/objdump.c:2413
#9 0x498f1f in dump_bfd
/home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/objdump.c:3507
#10 0x4978fb in display_object_bfd
/home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/objdump.c:3564
#11 0x497698 in display_any_bfd
/home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/objdump.c:3653
#12 0x495ebe in display_file
/home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/objdump.c:3674
#13 0x493edd in main
/home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/objdump.c:3969
#14 0x7f5fdb405f44 (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
#15 0x48c95c in _start
(/home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/objdump+0x48c95c)

-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils

[Bug binutils/21150] New: global buffer overflow in nm.c

2017-02-13 Thread thuanpv at comp dot nus.edu.sg

https://sourceware.org/bugzilla/show_bug.cgi?id=21150

Bug ID: 21150
   Summary: global buffer overflow in nm.c
   Product: binutils
   Version: 2.29 (HEAD)
Status: UNCONFIRMED
  Severity: normal
  Priority: P2
 Component: binutils
  Assignee: unassigned at sourceware dot org
  Reporter: thuanpv at comp dot nus.edu.sg
  Target Milestone: ---

Created attachment 9818
  --> https://sourceware.org/bugzilla/attachment.cgi?id=9818=edit
Bug triggering input

Dear all,

This bug was found with AFLGo, a directed version of AFL/AFLFast. Thanks also
to Marcel Böhme. 

This bug was found on Ubuntu 14.04 64-bit & binutils was checkout from main
repository at git://sourceware.org/git/binutils-gdb.git. Its commit is
53f7e8ea7fad1fcff1b58f4cbd74e192e0bcbc1d (Fri Feb 10 00:00:16 2017) 

binutils was built with ASAN using gcc-6.2 and clang-3.4. The configure command
was:

CC=clang CFLAGS="-DFORTIFY_SOURCE=2 -fstack-protector-all
-fsanitize=undefined,address -fno-omit-frame-pointer -g -Wno-error"
../configure --disable-shared --disable-gdb --disable-libdecnumber
--disable-readline --disable-sim

To reproduce:
Download the attached file - bug_16
nm-new --si bug_16

ASAN says:
==107219==ERROR: AddressSanitizer: global-buffer-overflow on address
0x017a69fe at pc 0x4a65c3 bp 0x7ffcfc8e0c70 sp 0x7ffcfc8e0c68
READ of size 1 at 0x017a69fe thread T0
#0 0x4a65c2 in size_forward1
/home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/nm.c:693
#1 0x7fea99955418 (/lib/x86_64-linux-gnu/libc.so.6+0x3b418)
#2 0x7fea99955171 (/lib/x86_64-linux-gnu/libc.so.6+0x3b171)
#3 0x7fea999556cb (/lib/x86_64-linux-gnu/libc.so.6+0x3b6cb)
#4 0x495d94 in sort_symbols_by_size
/home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/nm.c:735
#5 0x4923dd in display_rel_file
/home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/nm.c:1196
#6 0x48da9c in display_file
/home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/nm.c:1319
#7 0x48bd36 in main
/home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/nm.c:1793
#8 0x7fea9993bf44 (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
#9 0x48a9cc in _start
(/home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/nm-new+0x48a9cc)

-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils

[Bug binutils/21136] readelf segfault - heap buffer overflow

2017-02-13 Thread thuanpv at comp dot nus.edu.sg

https://sourceware.org/bugzilla/show_bug.cgi?id=21136

--- Comment #3 from Thuan Pham  ---
Hi Nick,
Thank you for quickly fixing the bugs I reported. 21136 looks totally
different from 21137, both in call-stack and in crashing functions. I do
see that 21136 shares something in common with 21139; however, the stack
traces of these two reported bugs are also considerably different.
Regards,
Thuan

On Mon, Feb 13, 2017 at 11:21 PM, nickc at redhat dot com <
sourceware-bugzi...@sourceware.org> wrote:

> https://sourceware.org/bugzilla/show_bug.cgi?id=21136
>
> Nick Clifton  changed:
>
>What|Removed |Added
> 
> 
>  Status|UNCONFIRMED |RESOLVED
>  CC||nickc at redhat dot com
>  Resolution|--- |DUPLICATE
>
> --- Comment #2 from Nick Clifton  ---
> Another duplicate bug
>
> *** This bug has been marked as a duplicate of bug 21137 ***
>
> --
> You are receiving this mail because:
> You reported the bug.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils

[Bug binutils/21136] readelf segfault - heap buffer overflow

2017-02-13 Thread nickc at redhat dot com

https://sourceware.org/bugzilla/show_bug.cgi?id=21136

Nick Clifton  changed:

   What|Removed |Added

 Status|UNCONFIRMED |RESOLVED
 CC||nickc at redhat dot com
 Resolution|--- |DUPLICATE

--- Comment #2 from Nick Clifton  ---
Another duplicate bug

*** This bug has been marked as a duplicate of bug 21137 ***

-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils

[Bug binutils/21137] readelf - heap buffer overflow in elfcomm

2017-02-13 Thread nickc at redhat dot com

https://sourceware.org/bugzilla/show_bug.cgi?id=21137

--- Comment #7 from Nick Clifton  ---
*** Bug 21136 has been marked as a duplicate of this bug. ***

-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils

[Bug binutils/21135] readelf segfault - invalid read

2017-02-13 Thread cvs-commit at gcc dot gnu.org

https://sourceware.org/bugzilla/show_bug.cgi?id=21135

--- Comment #4 from cvs-commit at gcc dot gnu.org  ---
The master branch has been updated by Nick Clifton :

https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=1835f746a7c7fff70a2cc03a051b14fdc6b3f73f

commit 1835f746a7c7fff70a2cc03a051b14fdc6b3f73f
Author: Nick Clifton 
Date:   Mon Feb 13 15:19:48 2017 +

Extend previous patch to cover uncompress_section_contents returning FALSE
to other callers.

PR binutils/21135
(dump_section_as_bytes, load_specific_debug_section): Likewise.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils

[Bug binutils/21149] readelf - several invalid read

2017-02-13 Thread cvs-commit at gcc dot gnu.org

https://sourceware.org/bugzilla/show_bug.cgi?id=21149

--- Comment #1 from cvs-commit at gcc dot gnu.org  ---
The master branch has been updated by Nick Clifton :

https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ebdf1ebfa551fd4624c3cd05401aa3c01ea2ebbe

commit ebdf1ebfa551fd4624c3cd05401aa3c01ea2ebbe
Author: Nick Clifton 
Date:   Mon Feb 13 14:52:48 2017 +

Fix invalid memory access attempting to read the compression header of a
too-small compressed section.

PR binutils/21149
* readelf.c (get_compression_header): Add size parameter.  Check
size against sizeof compression header before attempting to
extract the header.
(process_section_headers): Pass size to get_compression_header.
(dump_section_as_strings): Likewise.
(dump_section_as_bytes): Likewise.
(load_specific_debug_section): Likewise.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils

[Bug binutils/21135] readelf segfault - invalid read

2017-02-13 Thread nickc at redhat dot com

https://sourceware.org/bugzilla/show_bug.cgi?id=21135

Nick Clifton  changed:

   What|Removed |Added

 Status|UNCONFIRMED |RESOLVED
 CC||nickc at redhat dot com
 Resolution|--- |FIXED

--- Comment #3 from Nick Clifton  ---
Hi Thuan,

  Thanks for reporting this bug.  I have checked in a patch to fix the problem.

  The bug here was the uncompress_section_contents function was detecting
  a malformed compressed section, but the dump_section_as_bytes function
  was not checking to see if the decompression had actually worked.

Cheers
  Nick

-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils

[Bug binutils/21148] readelf - multiple invalid read

2017-02-13 Thread nickc at redhat dot com

https://sourceware.org/bugzilla/show_bug.cgi?id=21148

Nick Clifton  changed:

   What|Removed |Added

 Status|UNCONFIRMED |RESOLVED
 CC||nickc at redhat dot com
 Resolution|--- |FIXED

--- Comment #1 from Nick Clifton  ---
Hi Thuan,

  Thanks for reporting this bug.  I have checked in a patch to fix the problem.

  At issue was the code in readelf which was checking for a possible buffer
  overflow.  The code worked, but it forgot to allow for a very small overflow
  that just exceeded the buffer size.

Cheers
  Nick

-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils

[Bug binutils/21135] readelf segfault - invalid read

2017-02-13 Thread cvs-commit at gcc dot gnu.org

https://sourceware.org/bugzilla/show_bug.cgi?id=21135

--- Comment #2 from cvs-commit at gcc dot gnu.org  ---
The master branch has been updated by Nick Clifton :

https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=f055032e4e922f1e1a5e11026c7c2669fa2a7d19

commit f055032e4e922f1e1a5e11026c7c2669fa2a7d19
Author: Nick Clifton 
Date:   Mon Feb 13 15:04:37 2017 +

Fix invalid read of section contents whilst processing a corrupt binary.

PR binutils/21135
* readelf.c (dump_section_as_bytes): Handle the case where
uncompress_section_contents returns false.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils

[Bug binutils/21149] readelf - several invalid read

2017-02-13 Thread nickc at redhat dot com

https://sourceware.org/bugzilla/show_bug.cgi?id=21149

Nick Clifton  changed:

   What|Removed |Added

 CC||nickc at redhat dot com

--- Comment #2 from Nick Clifton  ---
Hi Thuan,

  Thanks for reporting this bug.  I have checked in a patch to fix it.

  The problem here was that the code to read the compression header at
  the start of a compressed section was assuming that enough bytes were
  available in the section for the header.  I added code to check this
  assumption before attempting to extract the header.

Cheers
  Nick

-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils

[Bug binutils/21148] readelf - multiple invalid read

2017-02-13 Thread cvs-commit at gcc dot gnu.org

https://sourceware.org/bugzilla/show_bug.cgi?id=21148

--- Comment #2 from cvs-commit at gcc dot gnu.org  ---
The master branch has been updated by Nick Clifton :

https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=4aeb00ad3cc6a29b32f0a4e42c2f64d55e25b76d

commit 4aeb00ad3cc6a29b32f0a4e42c2f64d55e25b76d
Author: Nick Clifton 
Date:   Mon Feb 13 14:35:24 2017 +

Fix check for buffer overflow when processing version information.

PR binutils/21148
* readelf.c (process_version_sections): Include size of auxillary
version information when checking for buffer overflow.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils

[Bug ld/20828] GC-ed DSO symbols make corresponding symbols defined by a linker script local

2017-02-13 Thread cvs-commit at gcc dot gnu.org

https://sourceware.org/bugzilla/show_bug.cgi?id=20828

--- Comment #33 from cvs-commit at gcc dot gnu.org  ---
The binutils-2_28-branch branch has been updated by Maciej W. Rozycki
:

https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=e7ec0c47c5500b572b847cddd5b0868ef3784473

commit e7ec0c47c5500b572b847cddd5b0868ef3784473
Author: Maciej W. Rozycki 
Date:   Thu Feb 2 22:05:46 2017 +

MIPS/BFD: Respect the ELF gABI dynamic symbol table sort requirement

Ensure all local symbols precede external symbols in the dynamic symbol
table.

No local symbols are expected to make it to the dynamic symbol table
except for section symbols already taken care of, so this is really a
safeguard only against a potential BFD bug otherwise not so harmful,
which may become a grave one due to a symbol table sorting requirement
violation (see PR ld/20828 for an example).  This means however that no
test suite coverage is possible for this change as code introduced here
is not normally expected to trigger.

Logically split then the part of the dynamic symbol table which is not
global offset table mapped, into a local area at the beginning and an
external area following.  By the time `mips_elf_sort_hash_table' is
called we have the number of local dynamic symbol table entries (section
and non-section) already counted in `local_dynsymcount', so use it to
offset the external area from the beginning.

bfd/
* elfxx-mips.c (mips_elf_hash_sort_data): Add
`max_local_dynindx'.
(mips_elf_sort_hash_table): Handle it.
(mips_elf_sort_hash_table_f) : For forced local
symbols bump up `max_local_dynindx' rather than
`max_non_got_dynindx'.

(cherry picked from commit e17b0c351f0b22fb42edf34e5a6e486d72e9ee05)

-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils

[Bug binutils/21144] readelf segfault - heap buffer overflow, invalid read of size 8

2017-02-13 Thread nickc at redhat dot com

https://sourceware.org/bugzilla/show_bug.cgi?id=21144

Nick Clifton  changed:

   What|Removed |Added

 Status|UNCONFIRMED |RESOLVED
 CC||nickc at redhat dot com
 Resolution|--- |DUPLICATE

--- Comment #1 from Nick Clifton  ---
Another duplicate bug.

*** This bug has been marked as a duplicate of bug 21139 ***

-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils

[Bug binutils/21147] readelf - heap buffer overflow, invalid read

2017-02-13 Thread nickc at redhat dot com

https://sourceware.org/bugzilla/show_bug.cgi?id=21147

Nick Clifton  changed:

   What|Removed |Added

 Status|UNCONFIRMED |RESOLVED
 CC||nickc at redhat dot com
 Resolution|--- |FIXED

--- Comment #2 from Nick Clifton  ---
Hi Thuan,

  Thanks for reporting this bug.  I have checked in a small patch to fix it.

  The problem was an off-by-one error when reporting sections which could
  not be dumped.

Cheers
  Nick

-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils

[Bug binutils/21139] readelf crashes - corrupted double-linked list because of use after free

2017-02-13 Thread nickc at redhat dot com

https://sourceware.org/bugzilla/show_bug.cgi?id=21139

--- Comment #6 from Nick Clifton  ---
*** Bug 21145 has been marked as a duplicate of this bug. ***

-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils

[Bug binutils/21146] readelf segfault - multiple invalid write in elfcomm.c

2017-02-13 Thread nickc at redhat dot com

https://sourceware.org/bugzilla/show_bug.cgi?id=21146

Nick Clifton  changed:

   What|Removed |Added

 Status|UNCONFIRMED |RESOLVED
 CC||nickc at redhat dot com
 Resolution|--- |DUPLICATE

--- Comment #1 from Nick Clifton  ---
Another duplicate bug.

*** This bug has been marked as a duplicate of bug 21137 ***

-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils

[Bug binutils/21145] readelf segfault - null pointer dereferencing

2017-02-13 Thread nickc at redhat dot com

https://sourceware.org/bugzilla/show_bug.cgi?id=21145

Nick Clifton  changed:

   What|Removed |Added

 Status|UNCONFIRMED |RESOLVED
 CC||nickc at redhat dot com
 Resolution|--- |DUPLICATE

--- Comment #1 from Nick Clifton  ---
Another duplicate bug.

*** This bug has been marked as a duplicate of bug 21139 ***

-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils

[Bug binutils/21139] readelf crashes - corrupted double-linked list because of use after free

2017-02-13 Thread nickc at redhat dot com

https://sourceware.org/bugzilla/show_bug.cgi?id=21139

--- Comment #5 from Nick Clifton  ---
*** Bug 21144 has been marked as a duplicate of this bug. ***

-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils

[Bug binutils/21139] readelf crashes - corrupted double-linked list because of use after free

2017-02-13 Thread nickc at redhat dot com

https://sourceware.org/bugzilla/show_bug.cgi?id=21139

--- Comment #4 from Nick Clifton  ---
*** Bug 21143 has been marked as a duplicate of this bug. ***

-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils

[Bug binutils/21139] readelf crashes - corrupted double-linked list because of use after free

2017-02-13 Thread nickc at redhat dot com

https://sourceware.org/bugzilla/show_bug.cgi?id=21139

--- Comment #3 from Nick Clifton  ---
*** Bug 21142 has been marked as a duplicate of this bug. ***

-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils

[Bug binutils/21139] readelf crashes - corrupted double-linked list because of use after free

2017-02-13 Thread nickc at redhat dot com

https://sourceware.org/bugzilla/show_bug.cgi?id=21139

Nick Clifton  changed:

   What|Removed |Added

 Status|UNCONFIRMED |RESOLVED
 CC||nickc at redhat dot com
 Resolution|--- |FIXED

--- Comment #2 from Nick Clifton  ---
Hi Thuan,

  Thanks for reporting this bug.  I have checked in a patch to fix it.

  There were two problems here.  The first was that the target specific
  relocation processing code in readelf was not checking for an invalid
  symbol index in the relocation.  The second was that the code was 
  maintaining state across multiple invocations, resulting in the use of
  a stale pointer.

Cheers
  Nick

-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils

[Bug binutils/21141] readelf segfault - invalid write in elfcomm.c

2017-02-13 Thread nickc at redhat dot com

https://sourceware.org/bugzilla/show_bug.cgi?id=21141

Nick Clifton  changed:

   What|Removed |Added

 Status|UNCONFIRMED |RESOLVED
 CC||nickc at redhat dot com
 Resolution|--- |DUPLICATE

--- Comment #1 from Nick Clifton  ---
Another duplicate bug.

*** This bug has been marked as a duplicate of bug 21137 ***

-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils

[Bug binutils/21143] readelf segfault - heap buffer overflow, invalid read of size 8

2017-02-13 Thread nickc at redhat dot com

https://sourceware.org/bugzilla/show_bug.cgi?id=21143

Nick Clifton  changed:

   What|Removed |Added

 Status|UNCONFIRMED |RESOLVED
 CC||nickc at redhat dot com
 Resolution|--- |DUPLICATE

--- Comment #1 from Nick Clifton  ---
Another duplicate bug.

*** This bug has been marked as a duplicate of bug 21139 ***

-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils

[Bug binutils/21147] readelf - heap buffer overflow, invalid read

2017-02-13 Thread cvs-commit at gcc dot gnu.org

https://sourceware.org/bugzilla/show_bug.cgi?id=21147

--- Comment #1 from cvs-commit at gcc dot gnu.org  ---
The master branch has been updated by Nick Clifton :

https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=0ee3043f58aae078a1ecc54b7be2810cae39a718

commit 0ee3043f58aae078a1ecc54b7be2810cae39a718
Author: Nick Clifton 
Date:   Mon Feb 13 14:17:07 2017 +

Fix access violation when reporting sections that could not be dumped.

PR binutils/21147
* readelf.c (process_section_contents): Fix off by one error
reporting un-dumped sections.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils

[Bug binutils/21137] readelf - heap buffer overflow in elfcomm

2017-02-13 Thread nickc at redhat dot com

https://sourceware.org/bugzilla/show_bug.cgi?id=21137

--- Comment #6 from Nick Clifton  ---
*** Bug 21146 has been marked as a duplicate of this bug. ***

-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils

[Bug binutils/21137] readelf - heap buffer overflow in elfcomm

2017-02-13 Thread nickc at redhat dot com

https://sourceware.org/bugzilla/show_bug.cgi?id=21137

--- Comment #5 from Nick Clifton  ---
*** Bug 21140 has been marked as a duplicate of this bug. ***

-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils

[Bug binutils/21137] readelf - heap buffer overflow in elfcomm

2017-02-13 Thread nickc at redhat dot com

https://sourceware.org/bugzilla/show_bug.cgi?id=21137

--- Comment #4 from Nick Clifton  ---
*** Bug 21141 has been marked as a duplicate of this bug. ***

-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils

[Bug binutils/21142] readelf segfault - invalid read of size 8

2017-02-13 Thread nickc at redhat dot com

https://sourceware.org/bugzilla/show_bug.cgi?id=21142

Nick Clifton  changed:

   What|Removed |Added

 Status|UNCONFIRMED |RESOLVED
 CC||nickc at redhat dot com
 Resolution|--- |DUPLICATE

--- Comment #1 from Nick Clifton  ---
Another duplicate bug.

*** This bug has been marked as a duplicate of bug 21139 ***

-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils

[Bug binutils/21140] readelf segfault - use after free in elfcomm.c

2017-02-13 Thread nickc at redhat dot com

https://sourceware.org/bugzilla/show_bug.cgi?id=21140

Nick Clifton  changed:

   What|Removed |Added

 Status|UNCONFIRMED |RESOLVED
 CC||nickc at redhat dot com
 Resolution|--- |DUPLICATE

--- Comment #1 from Nick Clifton  ---
Another duplicate bug.

*** This bug has been marked as a duplicate of bug 21137 ***

-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils

[Bug binutils/21139] readelf crashes - corrupted double-linked list because of use after free

2017-02-13 Thread cvs-commit at gcc dot gnu.org

https://sourceware.org/bugzilla/show_bug.cgi?id=21139

--- Comment #1 from cvs-commit at gcc dot gnu.org  ---
The master branch has been updated by Nick Clifton :

https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=f84ce13b6708801ca1d6289b7c4003e2f5a6d7f9

commit f84ce13b6708801ca1d6289b7c4003e2f5a6d7f9
Author: Nick Clifton 
Date:   Mon Feb 13 14:03:22 2017 +

Fix read-after-free error in readelf when processing multiple, relocated
sections in an MSP430 binary.

PR binutils/21139
* readelf.c (target_specific_reloc_handling): Add num_syms
parameter.  Check for symbol table overflow before accessing
symbol value.  If reloc pointer is NULL, discard all saved state.
(apply_relocations): Pass num_syms to target_specific_reloc_handling.
Call target_specific_reloc_handling with a NULL reloc pointer
after processing all of the relocs.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils

[Bug ld/21000] hppa-linux does not support -z relro

2017-02-13 Thread dave.anglin at bell dot net

https://sourceware.org/bugzilla/show_bug.cgi?id=21000

--- Comment #16 from dave.anglin at bell dot net ---
On 2017-02-12, at 8:34 PM, amodra at gmail dot com wrote:

> I obviously didn't understand the alias problem..  If I am grasping it
> correctly now, is the complaint about INEQUIVALENT ALIASES really that in the
> following load map from a trivial -z relro main.c we have file offsets in the
> same page?
> 
>  LOAD   0x00 0x0001 0x0001 0x00898 0x00898 R E 0x1000
>  LOAD   0x000f20 0x00011f20 0x00011f20 0x0014c 0x0015c RWE 0x1000

I think the issue is easiest to understand by looking at the maps file for the
process.
For the trivial -z relro main we have

dave@mx3210:/proc/19876$ cat maps
0001-00011000 r-xp  08:11 11799480  
/home/dave/ffmpeg/main
00011000-00012000 r--p  08:11 11799480  
/home/dave/ffmpeg/main
00012000-00013000 rwxp 1000 08:11 11799480  
/home/dave/ffmpeg/main
f9ffb000-fa167000 r-xp  08:25 33770753  
/lib/hppa-linux-gnu/libc-2.24.so
fa167000-fa16e000 rwxp 0016c000 08:25 33770753  
/lib/hppa-linux-gnu/libc-2.24.so
fa16e000-fa17 rwxp  00:00 0 
fa3f8000-fa41b000 r-xp  08:25 33710119  
/lib/hppa-linux-gnu/ld-2.24.so
fa41b000-fa41f000 rwxp 00023000 08:25 33710119  
/lib/hppa-linux-gnu/ld-2.24.so
fa4fc000-fa501000 rw-p  00:00 0 
fa501000-fa523000 rwxp  00:00 0 
[stack]

Without -z relro, we have

dave@mx3210:/proc/25080$ cat maps
0001-00011000 r-xp  08:11 11799480  
/home/dave/ffmpeg/main
00011000-00012000 rwxp 1000 08:11 11799480  
/home/dave/ffmpeg/main
f9ffb000-fa167000 r-xp  08:25 33770753  
/lib/hppa-linux-gnu/libc-2.24.so
fa167000-fa16e000 rwxp 0016c000 08:25 33770753  
/lib/hppa-linux-gnu/libc-2.24.so
fa16e000-fa17 rwxp  00:00 0 
fa3f8000-fa41b000 r-xp  08:25 33710119  
/lib/hppa-linux-gnu/ld-2.24.so
fa41b000-fa41f000 rwxp 00023000 08:25 33710119  
/lib/hppa-linux-gnu/ld-2.24.so
fa4fc000-fa501000 rw-p  00:00 0 
fa501000-fa523000 rwxp  00:00 0 
[stack]

--
John David Anglin   dave.ang...@bell.net

-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils

[Bug binutils/21137] readelf - heap buffer overflow in elfcomm

2017-02-13 Thread nickc at redhat dot com

https://sourceware.org/bugzilla/show_bug.cgi?id=21137

Nick Clifton  changed:

   What|Removed |Added

 Status|UNCONFIRMED |RESOLVED
 CC||nickc at redhat dot com
 Resolution|--- |FIXED

--- Comment #3 from Nick Clifton  ---
Hi Thuan,

  Thanks for reporting this bug.  I have applied a patch to fix the problem.

  The issue was the code in readelf that processes target specific relocations
  was not checking for possible buffer overflow.  So I have added these checks.

Cheers
  Nick

-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils

[Bug binutils/21137] readelf - heap buffer overflow in elfcomm

2017-02-13 Thread cvs-commit at gcc dot gnu.org

https://sourceware.org/bugzilla/show_bug.cgi?id=21137

--- Comment #1 from cvs-commit at gcc dot gnu.org  ---
The master branch has been updated by Nick Clifton :

https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=03f7786e2f440b9892b1c34a58fb26222ce1b493

commit 03f7786e2f440b9892b1c34a58fb26222ce1b493
Author: Nick Clifton 
Date:   Mon Feb 13 13:08:32 2017 +

Fix readelf writing to illegal addresses whilst processing corrupt input
files containing symbol-difference relocations.

PR binutils/21137
* readelf.c (target_specific_reloc_handling): Add end parameter.
Check for buffer overflow before writing relocated values.
(apply_relocations): Pass end to target_specific_reloc_handling.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils

[Bug binutils/21137] readelf - heap buffer overflow in elfcomm

2017-02-13 Thread nickc at redhat dot com

https://sourceware.org/bugzilla/show_bug.cgi?id=21137

--- Comment #2 from Nick Clifton  ---
*** Bug 21138 has been marked as a duplicate of this bug. ***

-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils

[Bug binutils/21138] readelf segfault - multiple buffer overflow in elfcomm.c

2017-02-13 Thread nickc at redhat dot com

https://sourceware.org/bugzilla/show_bug.cgi?id=21138

Nick Clifton  changed:

   What|Removed |Added

 Status|UNCONFIRMED |RESOLVED
 CC||nickc at redhat dot com
 Resolution|--- |DUPLICATE

--- Comment #1 from Nick Clifton  ---
Hi Thuan,

  Thanks for reporting this problem.  It turns out that this bug is a duplicate
of the one you reported in PR 21137, and it is fixed by the patch that fixes
that PR.

Cheers
  Nick

*** This bug has been marked as a duplicate of bug 21137 ***

-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils

[Bug binutils/21133] Readelf doesn't warn about malformed ELF

2017-02-13 Thread nickc at redhat dot com

https://sourceware.org/bugzilla/show_bug.cgi?id=21133

Nick Clifton  changed:

   What|Removed |Added

 Status|UNCONFIRMED |RESOLVED
 CC||nickc at redhat dot com
 Resolution|--- |WORKSFORME

--- Comment #1 from Nick Clifton  ---
Hi Peter,

> Would it be possible to get a warning added to readelf for this?

We added a warning for this last year. :-)  It will be in the 2.28 release, or
you could download the latest development sources and try for yourself.  You
should see:

  $ readelf --syms basm.o

Symbol table '.symtab' contains 7 entries:
   Num:Value  Size TypeBind   Vis  Ndx Name
 0:  0 NOTYPE  LOCAL  DEFAULT  UND 
 1:  0 FILELOCAL  DEFAULT  ABS file.asm
 2:  0 SECTION LOCAL  DEFAULT1 
 3:  0 SECTION LOCAL  DEFAULT2 
 4:  0 NOTYPE  LOCAL  DEFAULT1 message
 5:  0 NOTYPE  GLOBAL DEFAULT2 _start
 6: 000a 0 NOTYPE  LOCAL  DEFAULT2 bar
readelf: Warning: local symbol 6 found at index >= .symtab's sh_info value of 6

Cheers
  Nick

-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils

[Bug binutils/21135] readelf segfault - invalid read

2017-02-13 Thread thuanpv at comp dot nus.edu.sg

https://sourceware.org/bugzilla/show_bug.cgi?id=21135

--- Comment #1 from Thuan Pham  ---
binutils was built with ASAN using gcc-6.2 and clang-3.4. The configure command
was:

CC=clang CFLAGS="-DFORTIFY_SOURCE=2 -fstack-protector-all
-fsanitize=undefined,address -fno-omit-frame-pointer -g -Wno-error"
../configure --disable-shared --disable-gdb --disable-libdecnumber
--disable-readline --disable-sim

-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils

[Bug binutils/21136] readelf segfault - heap buffer overflow

2017-02-13 Thread thuanpv at comp dot nus.edu.sg

https://sourceware.org/bugzilla/show_bug.cgi?id=21136

--- Comment #1 from Thuan Pham  ---
binutils was built with ASAN using gcc-6.2 and clang-3.4. The configure command
was:

CC=clang CFLAGS="-DFORTIFY_SOURCE=2 -fstack-protector-all
-fsanitize=undefined,address -fno-omit-frame-pointer -g -Wno-error"
../configure --disable-shared --disable-gdb --disable-libdecnumber
--disable-readline --disable-sim

-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils

[Bug binutils/21147] New: readelf - heap buffer overflow, invalid read

2017-02-13 Thread thuanpv at comp dot nus.edu.sg

https://sourceware.org/bugzilla/show_bug.cgi?id=21147

Bug ID: 21147
   Summary: readelf - heap buffer overflow, invalid read
   Product: binutils
   Version: 2.29 (HEAD)
Status: UNCONFIRMED
  Severity: normal
  Priority: P2
 Component: binutils
  Assignee: unassigned at sourceware dot org
  Reporter: thuanpv at comp dot nus.edu.sg
  Target Milestone: ---

Created attachment 9814
  --> https://sourceware.org/bugzilla/attachment.cgi?id=9814=edit
Bug triggering input

Dear all,

This bug was found with AFLGo, a directed version of AFL/AFLFast. Thanks also
to Marcel Böhme. 

This bug was found on Ubuntu 14.04 64-bit & binutils was checkout from main
repository at git://sourceware.org/git/binutils-gdb.git. Its commit is
53f7e8ea7fad1fcff1b58f4cbd74e192e0bcbc1d (Fri Feb 10 00:00:16 2017) 

binutils was built with ASAN using gcc-6.2 and clang-3.4. The configure command
was:

CC=clang CFLAGS="-DFORTIFY_SOURCE=2 -fstack-protector-all
-fsanitize=undefined,address -fno-omit-frame-pointer -g -Wno-error"
../configure --disable-shared --disable-gdb --disable-libdecnumber
--disable-readline --disable-sim

To reproduce:
Download the attached file - bug_13
readelf -p 7 bug_13

Valgrind says:
==12826== Invalid read of size 1
==12826==at 0x423674: process_section_contents (readelf.c:13097)
==12826==by 0x423674: process_object (readelf.c:16780)
==12826==by 0x402111: process_file (readelf.c:17154)
==12826==by 0x402111: main (readelf.c:17225)
==12826==  Address 0x51fd5a8 is 0 bytes after a block of size 8 alloc'd
==12826==at 0x4C2CC70: calloc (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==12826==by 0x406B10: request_dump_bynumber (readelf.c:4298)
==12826==by 0x406BFA: request_dump (readelf.c:4356)
==12826==by 0x401D47: parse_args (readelf.c:4449)
==12826==by 0x401D47: main (readelf.c:17198)


ASAN says:
==3009==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6020ef58
at pc 0x4e1b6d bp 0x7ffca5290210 sp 0x7ffca5290208
READ of size 1 at 0x6020ef58 thread T0
#0 0x4e1b6c in process_section_contents
/home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:13097
#1 0x48d610 in process_object
/home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:16780
#2 0x488365 in process_file
/home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:17154
#3 0x4855c3 in main
/home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:17225
#4 0x7f6ce7ee1f44 (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
#5 0x47ddfc in _start
(/home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/readelf+0x47ddfc)

-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils

[Bug binutils/21146] New: readelf segfault - multiple invalid write in elfcomm.c

2017-02-13 Thread thuanpv at comp dot nus.edu.sg

https://sourceware.org/bugzilla/show_bug.cgi?id=21146

Bug ID: 21146
   Summary: readelf segfault - multiple invalid write in elfcomm.c
   Product: binutils
   Version: 2.29 (HEAD)
Status: UNCONFIRMED
  Severity: normal
  Priority: P2
 Component: binutils
  Assignee: unassigned at sourceware dot org
  Reporter: thuanpv at comp dot nus.edu.sg
  Target Milestone: ---

Created attachment 9813
  --> https://sourceware.org/bugzilla/attachment.cgi?id=9813=edit
Crashing input

Dear all,

This bug was found with AFLGo, a directed version of AFL/AFLFast. Thanks also
to Marcel Böhme. 

This bug was found on Ubuntu 14.04 64-bit & binutils was checkout from main
repository at git://sourceware.org/git/binutils-gdb.git. Its commit is
53f7e8ea7fad1fcff1b58f4cbd74e192e0bcbc1d (Fri Feb 10 00:00:16 2017) 

binutils was built with ASAN using gcc-6.2 and clang-3.4. The configure command
was:

CC=clang CFLAGS="-DFORTIFY_SOURCE=2 -fstack-protector-all
-fsanitize=undefined,address -fno-omit-frame-pointer -g -Wno-error"
../configure --disable-shared --disable-gdb --disable-libdecnumber
--disable-readline --disable-sim

To reproduce:
Download the attached file - bug_12
readelf -R6 bug_12


Valgrinds:
==115836== Invalid write of size 1
==115836==at 0x438C87: byte_put_little_endian (elfcomm.c:75)
==115836==by 0x408B97: target_specific_reloc_handling (readelf.c:11640)
==115836==by 0x408B97: apply_relocations (readelf.c:12343)
==115836==by 0x40EAC6: dump_section_as_bytes (readelf.c:12744)
==115836==by 0x42334D: process_section_contents (readelf.c:13085)
==115836==by 0x42334D: process_object (readelf.c:16780)
==115836==by 0x402111: process_file (readelf.c:17154)
==115836==by 0x402111: main (readelf.c:17225)
==115836==  Address 0x5203a08 is 19 bytes after a block of size 5 alloc'd
==115836==at 0x4C2AB80: malloc (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==115836==by 0x40566E: get_data (readelf.c:393)
==115836==by 0x40E7EB: dump_section_as_bytes (readelf.c:12685)
==115836==by 0x42334D: process_section_contents (readelf.c:13085)
==115836==by 0x42334D: process_object (readelf.c:16780)
==115836==by 0x402111: process_file (readelf.c:17154)
==115836==by 0x402111: main (readelf.c:17225)
==115836== 
==115836== Invalid write of size 1
==115836==at 0x438C91: byte_put_little_endian (elfcomm.c:78)
==115836==by 0x408B97: target_specific_reloc_handling (readelf.c:11640)
==115836==by 0x408B97: apply_relocations (readelf.c:12343)
==115836==by 0x40EAC6: dump_section_as_bytes (readelf.c:12744)
==115836==by 0x42334D: process_section_contents (readelf.c:13085)
==115836==by 0x42334D: process_object (readelf.c:16780)
==115836==by 0x402111: process_file (readelf.c:17154)
==115836==by 0x402111: main (readelf.c:17225)
==115836==  Address 0x5203a07 is 18 bytes after a block of size 5 alloc'd
==115836==at 0x4C2AB80: malloc (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==115836==by 0x40566E: get_data (readelf.c:393)
==115836==by 0x40E7EB: dump_section_as_bytes (readelf.c:12685)
==115836==by 0x42334D: process_section_contents (readelf.c:13085)
==115836==by 0x42334D: process_object (readelf.c:16780)
==115836==by 0x402111: process_file (readelf.c:17154)
==115836==by 0x402111: main (readelf.c:17225)
==115836== 
==115836== Invalid write of size 1
==115836==at 0x438C9B: byte_put_little_endian (elfcomm.c:81)
==115836==by 0x408B97: target_specific_reloc_handling (readelf.c:11640)
==115836==by 0x408B97: apply_relocations (readelf.c:12343)
==115836==by 0x40EAC6: dump_section_as_bytes (readelf.c:12744)
==115836==by 0x42334D: process_section_contents (readelf.c:13085)
==115836==by 0x42334D: process_object (readelf.c:16780)
==115836==by 0x402111: process_file (readelf.c:17154)
==115836==by 0x402111: main (readelf.c:17225)
==115836==  Address 0x5203a06 is 17 bytes after a block of size 5 alloc'd
==115836==at 0x4C2AB80: malloc (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==115836==by 0x40566E: get_data (readelf.c:393)
==115836==by 0x40E7EB: dump_section_as_bytes (readelf.c:12685)
==115836==by 0x42334D: process_section_contents (readelf.c:13085)
==115836==by 0x42334D: process_object (readelf.c:16780)
==115836==by 0x402111: process_file (readelf.c:17154)
==115836==by 0x402111: main (readelf.c:17225)
==115836== 
==115836== Invalid write of size 1
==115836==at 0x438C9E: byte_put_little_endian (elfcomm.c:84)
==115836==by 0x408B97: target_specific_reloc_handling (readelf.c:11640)
==115836==by 0x408B97: apply_relocations (readelf.c:12343)
==115836==by 0x40EAC6: dump_section_as_bytes (readelf.c:12744)
==115836==by 0x42334D: process_section_contents (readelf.c:13085)
==115836==by 0x42334D: process_object (readelf.c:16780)
==115836==by 0x402111: process_file

[Bug binutils/21149] New: readelf - several invalid read

2017-02-13 Thread thuanpv at comp dot nus.edu.sg

https://sourceware.org/bugzilla/show_bug.cgi?id=21149

Bug ID: 21149
   Summary: readelf - several invalid read
   Product: binutils
   Version: 2.29 (HEAD)
Status: UNCONFIRMED
  Severity: normal
  Priority: P2
 Component: binutils
  Assignee: unassigned at sourceware dot org
  Reporter: thuanpv at comp dot nus.edu.sg
  Target Milestone: ---

Created attachment 9816
  --> https://sourceware.org/bugzilla/attachment.cgi?id=9816=edit
Bug triggering input

Dear all,

This bug was found with AFLGo, a directed version of AFL/AFLFast. Thanks also
to Marcel Böhme. 

This bug was found on Ubuntu 14.04 64-bit & binutils was checkout from main
repository at git://sourceware.org/git/binutils-gdb.git. Its commit is
53f7e8ea7fad1fcff1b58f4cbd74e192e0bcbc1d (Fri Feb 10 00:00:16 2017) 

binutils was built with ASAN using gcc-6.2 and clang-3.4. The configure command
was:

CC=clang CFLAGS="-DFORTIFY_SOURCE=2 -fstack-protector-all
-fsanitize=undefined,address -fno-omit-frame-pointer -g -Wno-error"
../configure --disable-shared --disable-gdb --disable-libdecnumber
--disable-readline --disable-sim

To reproduce:
Download the attached file - bug_15
readelf -zxt bug_15


Valgrind says:
==81060== Invalid read of size 1
==81060==at 0x438D7C: byte_get_little_endian (elfcomm.c:211)
==81060==by 0x408707: get_compression_header (readelf.c:5735)
==81060==by 0x40EADA: dump_section_as_bytes (readelf.c:12700)
==81060==by 0x42332E: process_section_contents (readelf.c:13082)
==81060==by 0x42332E: process_object (readelf.c:16780)
==81060==by 0x402111: process_file (readelf.c:17154)
==81060==by 0x402111: main (readelf.c:17225)
==81060==  Address 0x5203c62 is 0 bytes after a block of size 18 alloc'd
==81060==at 0x4C2AB80: malloc (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==81060==by 0x40566E: get_data (readelf.c:393)
==81060==by 0x40E7EB: dump_section_as_bytes (readelf.c:12685)
==81060==by 0x42332E: process_section_contents (readelf.c:13082)
==81060==by 0x42332E: process_object (readelf.c:16780)
==81060==by 0x402111: process_file (readelf.c:17154)
==81060==by 0x402111: main (readelf.c:17225)
==81060== 
==81060== Invalid read of size 1
==81060==at 0x438D92: byte_get_little_endian (elfcomm.c:212)
==81060==by 0x408707: get_compression_header (readelf.c:5735)
==81060==by 0x40EADA: dump_section_as_bytes (readelf.c:12700)
==81060==by 0x42332E: process_section_contents (readelf.c:13082)
==81060==by 0x42332E: process_object (readelf.c:16780)
==81060==by 0x402111: process_file (readelf.c:17154)
==81060==by 0x402111: main (readelf.c:17225)
==81060==  Address 0x5203c63 is 1 bytes after a block of size 18 alloc'd
==81060==at 0x4C2AB80: malloc (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==81060==by 0x40566E: get_data (readelf.c:393)
==81060==by 0x40E7EB: dump_section_as_bytes (readelf.c:12685)
==81060==by 0x42332E: process_section_contents (readelf.c:13082)
==81060==by 0x42332E: process_object (readelf.c:16780)
==81060==by 0x402111: process_file (readelf.c:17154)
==81060==by 0x402111: main (readelf.c:17225)
==81060== 
==81060== Invalid read of size 1
==81060==at 0x438D9D: byte_get_little_endian (elfcomm.c:213)
==81060==by 0x408707: get_compression_header (readelf.c:5735)
==81060==by 0x40EADA: dump_section_as_bytes (readelf.c:12700)
==81060==by 0x42332E: process_section_contents (readelf.c:13082)
==81060==by 0x42332E: process_object (readelf.c:16780)
==81060==by 0x402111: process_file (readelf.c:17154)
==81060==by 0x402111: main (readelf.c:17225)
==81060==  Address 0x5203c64 is 2 bytes after a block of size 18 alloc'd
==81060==at 0x4C2AB80: malloc (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==81060==by 0x40566E: get_data (readelf.c:393)
==81060==by 0x40E7EB: dump_section_as_bytes (readelf.c:12685)
==81060==by 0x42332E: process_section_contents (readelf.c:13082)
==81060==by 0x42332E: process_object (readelf.c:16780)
==81060==by 0x402111: process_file (readelf.c:17154)
==81060==by 0x402111: main (readelf.c:17225)
==81060== 
==81060== Invalid read of size 1
==81060==at 0x438DA8: byte_get_little_endian (elfcomm.c:214)
==81060==by 0x408707: get_compression_header (readelf.c:5735)
==81060==by 0x40EADA: dump_section_as_bytes (readelf.c:12700)
==81060==by 0x42332E: process_section_contents (readelf.c:13082)
==81060==by 0x42332E: process_object (readelf.c:16780)
==81060==by 0x402111: process_file (readelf.c:17154)
==81060==by 0x402111: main (readelf.c:17225)
==81060==  Address 0x5203c65 is 3 bytes after a block of size 18 alloc'd
==81060==at 0x4C2AB80: malloc (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==81060==by 0x40566E: get_data (readelf.c:393)
==81060==by 0x40E7EB: dump_section_as_bytes (readelf.c:12685)
==81060==

[Bug binutils/21148] New: readelf - multiple invalid read

2017-02-13 Thread thuanpv at comp dot nus.edu.sg

https://sourceware.org/bugzilla/show_bug.cgi?id=21148

Bug ID: 21148
   Summary: readelf - multiple invalid read
   Product: binutils
   Version: 2.29 (HEAD)
Status: UNCONFIRMED
  Severity: normal
  Priority: P2
 Component: binutils
  Assignee: unassigned at sourceware dot org
  Reporter: thuanpv at comp dot nus.edu.sg
  Target Milestone: ---

Created attachment 9815
  --> https://sourceware.org/bugzilla/attachment.cgi?id=9815=edit
Bug triggering input

Dear all,

This bug was found with AFLGo, a directed version of AFL/AFLFast. Thanks also
to Marcel Böhme. 

This bug was found on Ubuntu 14.04 64-bit & binutils was checkout from main
repository at git://sourceware.org/git/binutils-gdb.git. Its commit is
53f7e8ea7fad1fcff1b58f4cbd74e192e0bcbc1d (Fri Feb 10 00:00:16 2017) 

binutils was built with ASAN using gcc-6.2 and clang-3.4. The configure command
was:

CC=clang CFLAGS="-DFORTIFY_SOURCE=2 -fstack-protector-all
-fsanitize=undefined,address -fno-omit-frame-pointer -g -Wno-error"
../configure --disable-shared --disable-gdb --disable-libdecnumber
--disable-readline --disable-sim

To reproduce:
Download the attached file - bug_14
readelf -a bug_14


Valgrind says:
==46771== Invalid read of size 1
==46771==at 0x438E2A: byte_get_little_endian (elfcomm.c:151)
==46771==by 0x41127E: process_version_sections (readelf.c:10029)
==46771==by 0x422E63: process_object (readelf.c:16778)
==46771==by 0x402111: process_file (readelf.c:17154)
==46771==by 0x402111: main (readelf.c:17225)
==46771==  Address 0x52086b8 is 0 bytes after a block of size 248 alloc'd
==46771==at 0x4C2AB80: malloc (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==46771==by 0x40566E: get_data (readelf.c:393)
==46771==by 0x42: process_version_sections (readelf.c:9980)
==46771==by 0x422E63: process_object (readelf.c:16778)
==46771==by 0x402111: process_file (readelf.c:17154)
==46771==by 0x402111: main (readelf.c:17225)
==46771== 
==46771== Invalid read of size 1
==46771==at 0x438E10: byte_get_little_endian (elfcomm.c:149)
==46771==by 0x411291: process_version_sections (readelf.c:10030)
==46771==by 0x422E63: process_object (readelf.c:16778)
==46771==by 0x402111: process_file (readelf.c:17154)
==46771==by 0x402111: main (readelf.c:17225)
==46771==  Address 0x52086ba is 2 bytes after a block of size 248 alloc'd
==46771==at 0x4C2AB80: malloc (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==46771==by 0x40566E: get_data (readelf.c:393)
==46771==by 0x42: process_version_sections (readelf.c:9980)
==46771==by 0x422E63: process_object (readelf.c:16778)
==46771==by 0x402111: process_file (readelf.c:17154)
==46771==by 0x402111: main (readelf.c:17225)
==46771== 
==46771== Invalid read of size 1
==46771==at 0x438E14: byte_get_little_endian (elfcomm.c:150)
==46771==by 0x411291: process_version_sections (readelf.c:10030)
==46771==by 0x422E63: process_object (readelf.c:16778)
==46771==by 0x402111: process_file (readelf.c:17154)
==46771==by 0x402111: main (readelf.c:17225)
==46771==  Address 0x52086bb is 3 bytes after a block of size 248 alloc'd
==46771==at 0x4C2AB80: malloc (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==46771==by 0x40566E: get_data (readelf.c:393)
==46771==by 0x42: process_version_sections (readelf.c:9980)
==46771==by 0x422E63: process_object (readelf.c:16778)
==46771==by 0x402111: process_file (readelf.c:17154)
==46771==by 0x402111: main (readelf.c:17225)
==46771== 
==46771== Invalid read of size 1
==46771==at 0x438E24: byte_get_little_endian (elfcomm.c:148)
==46771==by 0x411291: process_version_sections (readelf.c:10030)
==46771==by 0x422E63: process_object (readelf.c:16778)
==46771==by 0x402111: process_file (readelf.c:17154)
==46771==by 0x402111: main (readelf.c:17225)
==46771==  Address 0x52086b9 is 1 bytes after a block of size 248 alloc'd
==46771==at 0x4C2AB80: malloc (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==46771==by 0x40566E: get_data (readelf.c:393)
==46771==by 0x42: process_version_sections (readelf.c:9980)
==46771==by 0x422E63: process_object (readelf.c:16778)
==46771==by 0x402111: process_file (readelf.c:17154)
==46771==by 0x402111: main (readelf.c:17225)
==46771== 
==46771== Invalid read of size 1
==46771==at 0x438E2A: byte_get_little_endian (elfcomm.c:151)
==46771==by 0x411291: process_version_sections (readelf.c:10030)
==46771==by 0x422E63: process_object (readelf.c:16778)
==46771==by 0x402111: process_file (readelf.c:17154)
==46771==by 0x402111: main (readelf.c:17225)
==46771==  Address 0x52086bc is 4 bytes after a block of size 248 alloc'd
==46771==at 0x4C2AB80: malloc (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==46771==by 0x40566E: get_data (readelf.c:393)
==46771==

[Bug binutils/21145] New: readelf segfault - null pointer dereferencing

2017-02-13 Thread thuanpv at comp dot nus.edu.sg

https://sourceware.org/bugzilla/show_bug.cgi?id=21145

Bug ID: 21145
   Summary: readelf segfault - null pointer dereferencing
   Product: binutils
   Version: 2.29 (HEAD)
Status: UNCONFIRMED
  Severity: normal
  Priority: P2
 Component: binutils
  Assignee: unassigned at sourceware dot org
  Reporter: thuanpv at comp dot nus.edu.sg
  Target Milestone: ---

Created attachment 9812
  --> https://sourceware.org/bugzilla/attachment.cgi?id=9812=edit
Crashing input

Dear all,

This bug was found with AFLGo, a directed version of AFL/AFLFast. Thanks also
to Marcel Böhme. 

This bug was found on Ubuntu 14.04 64-bit & binutils was checkout from main
repository at git://sourceware.org/git/binutils-gdb.git. Its commit is
53f7e8ea7fad1fcff1b58f4cbd74e192e0bcbc1d (Fri Feb 10 00:00:16 2017) 

binutils was built with ASAN using gcc-6.2 and clang-3.4. The configure command
was:

CC=clang CFLAGS="-DFORTIFY_SOURCE=2 -fstack-protector-all
-fsanitize=undefined,address -fno-omit-frame-pointer -g -Wno-error"
../configure --disable-shared --disable-gdb --disable-libdecnumber
--disable-readline --disable-sim

To reproduce:
Download the attached file - bug_11
readelf -w bug_11


Valgrind says:
==59939== Invalid read of size 8
==59939==at 0x408F15: target_specific_reloc_handling (readelf.c:11675)
==59939==by 0x408F15: apply_relocations (readelf.c:12343)
==59939==by 0x40B133: load_specific_debug_section (readelf.c:12905)
==59939==by 0x42384B: display_debug_section (readelf.c:13009)
==59939==by 0x42384B: process_section_contents (readelf.c:13091)
==59939==by 0x42384B: process_object (readelf.c:16780)
==59939==by 0x402111: process_file (readelf.c:17154)
==59939==by 0x402111: main (readelf.c:17225)
==59939==  Address 0x0 is not stack'd, malloc'd or (recently) free'd
==59939== 
==59939== 
==59939== Process terminating with default action of signal 11 (SIGSEGV)
==59939==  Access not within mapped region at address 0x0
==59939==at 0x408F15: target_specific_reloc_handling (readelf.c:11675)
==59939==by 0x408F15: apply_relocations (readelf.c:12343)
==59939==by 0x40B133: load_specific_debug_section (readelf.c:12905)
==59939==by 0x42384B: display_debug_section (readelf.c:13009)
==59939==by 0x42384B: process_section_contents (readelf.c:13091)
==59939==by 0x42384B: process_object (readelf.c:16780)
==59939==by 0x402111: process_file (readelf.c:17154)
==59939==by 0x402111: main (readelf.c:17225)


ASAN says:
==44698==ERROR: AddressSanitizer: SEGV on unknown address 0x (pc
0x0054b47b sp 0x7ffebb728f20 bp 0x7ffebb7293f0 T0)
#0 0x54b47a in target_specific_reloc_handling
/home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:11674
#1 0x52e6dc in apply_relocations
/home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:12343
#2 0x4846b5 in load_specific_debug_section
/home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:12905
#3 0x564b4c in display_debug_section
/home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:13009
#4 0x4e194f in process_section_contents
/home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:13091
#5 0x48d610 in process_object
/home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:16780
#6 0x488365 in process_file
/home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:17154
#7 0x4855c3 in main
/home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:17225
#8 0x7ff9ef5a4f44 (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
#9 0x47ddfc in _start
(/home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/readelf+0x47ddfc)

-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils

[Bug binutils/21144] New: readelf segfault - heap buffer overflow, invalid read of size 8

2017-02-13 Thread thuanpv at comp dot nus.edu.sg

https://sourceware.org/bugzilla/show_bug.cgi?id=21144

Bug ID: 21144
   Summary: readelf segfault - heap buffer overflow, invalid read
of size 8
   Product: binutils
   Version: 2.29 (HEAD)
Status: UNCONFIRMED
  Severity: normal
  Priority: P2
 Component: binutils
  Assignee: unassigned at sourceware dot org
  Reporter: thuanpv at comp dot nus.edu.sg
  Target Milestone: ---

Created attachment 9811
  --> https://sourceware.org/bugzilla/attachment.cgi?id=9811=edit
Crashing input

Dear all,

This bug was found with AFLGo, a directed version of AFL/AFLFast. Thanks also
to Marcel Böhme. 

This bug was found on Ubuntu 14.04 64-bit & binutils was checkout from main
repository at git://sourceware.org/git/binutils-gdb.git. Its commit is
53f7e8ea7fad1fcff1b58f4cbd74e192e0bcbc1d (Fri Feb 10 00:00:16 2017) 

binutils was built with ASAN using gcc-6.2 and clang-3.4. The configure command
was:

CC=clang CFLAGS="-DFORTIFY_SOURCE=2 -fstack-protector-all
-fsanitize=undefined,address -fno-omit-frame-pointer -g -Wno-error"
../configure --disable-shared --disable-gdb --disable-libdecnumber
--disable-readline --disable-sim

To reproduce:
Download the attached file - bug_10
readelf -w bug_10


Valgrind says:
==25482== Invalid read of size 8
==25482==at 0x408B77: target_specific_reloc_handling (readelf.c:11638)
==25482==by 0x408B77: apply_relocations (readelf.c:12343)
==25482==by 0x40B133: load_specific_debug_section (readelf.c:12905)
==25482==by 0x42384B: display_debug_section (readelf.c:13009)
==25482==by 0x42384B: process_section_contents (readelf.c:13091)
==25482==by 0x42384B: process_object (readelf.c:16780)
==25482==by 0x402111: process_file (readelf.c:17154)
==25482==by 0x402111: main (readelf.c:17225)
==25482==  Address 0x2005204870 is not stack'd, malloc'd or (recently) free'd
==25482== 
==25482== 
==25482== Process terminating with default action of signal 11 (SIGSEGV)
==25482==  Access not within mapped region at address 0x2005204870
==25482==at 0x408B77: target_specific_reloc_handling (readelf.c:11638)
==25482==by 0x408B77: apply_relocations (readelf.c:12343)
==25482==by 0x40B133: load_specific_debug_section (readelf.c:12905)
==25482==by 0x42384B: display_debug_section (readelf.c:13009)
==25482==by 0x42384B: process_section_contents (readelf.c:13091)
==25482==by 0x42384B: process_object (readelf.c:16780)
==25482==by 0x402111: process_file (readelf.c:17154)
==25482==by 0x402111: main (readelf.c:17225)

ASAN says:
==22833==ERROR: AddressSanitizer: heap-buffer-overflow on address
0x6190fc00 at pc 0x54aa2e bp 0x7fff12c68350 sp 0x7fff12c68348
READ of size 8 at 0x6190fc00 thread T0
#0 0x54aa2d in target_specific_reloc_handling
/home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:11637
#1 0x52e6dc in apply_relocations
/home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:12343
#2 0x4846b5 in load_specific_debug_section
/home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:12905
#3 0x564b4c in display_debug_section
/home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:13009
#4 0x4e194f in process_section_contents
/home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:13091
#5 0x48d610 in process_object
/home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:16780
#6 0x488365 in process_file
/home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:17154
#7 0x4855c3 in main
/home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:17225
#8 0x7f4423038f44 (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
#9 0x47ddfc in _start
(/home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/readelf+0x47ddfc)

-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils

[Bug binutils/21143] New: readelf segfault - heap buffer overflow, invalid read of size 8

2017-02-13 Thread thuanpv at comp dot nus.edu.sg

https://sourceware.org/bugzilla/show_bug.cgi?id=21143

Bug ID: 21143
   Summary: readelf segfault - heap buffer overflow, invalid read
of size 8
   Product: binutils
   Version: 2.29 (HEAD)
Status: UNCONFIRMED
  Severity: normal
  Priority: P2
 Component: binutils
  Assignee: unassigned at sourceware dot org
  Reporter: thuanpv at comp dot nus.edu.sg
  Target Milestone: ---

Created attachment 9810
  --> https://sourceware.org/bugzilla/attachment.cgi?id=9810=edit
Crashing input

Dear all,

This bug was found with AFLGo, a directed version of AFL/AFLFast. Thanks also
to Marcel Böhme. 

This bug was found on Ubuntu 14.04 64-bit & binutils was checkout from main
repository at git://sourceware.org/git/binutils-gdb.git. Its commit is
53f7e8ea7fad1fcff1b58f4cbd74e192e0bcbc1d (Fri Feb 10 00:00:16 2017) 

binutils was built with ASAN using gcc-6.2 and clang-3.4. The configure command
was:

CC=clang CFLAGS="-DFORTIFY_SOURCE=2 -fstack-protector-all
-fsanitize=undefined,address -fno-omit-frame-pointer -g -Wno-error"
../configure --disable-shared --disable-gdb --disable-libdecnumber
--disable-readline --disable-sim

To reproduce:
Download the attached file - bug_9
readelf -R6 bug_9


Valgrind says:
Hex dump of section '.debug_info':
readelf: Error: Unhandled MSP430 reloc type found after SYM_DIFF reloc
readelf: Warning: unable to apply unsupported reloc type 7 to section
.debug_info
==6435== Invalid read of size 8
==6435==at 0x408B77: target_specific_reloc_handling (readelf.c:11638)
==6435==by 0x408B77: apply_relocations (readelf.c:12343)
==6435==by 0x40EAC6: dump_section_as_bytes (readelf.c:12744)
==6435==by 0x42334D: process_section_contents (readelf.c:13085)
==6435==by 0x42334D: process_object (readelf.c:16780)
==6435==by 0x402111: process_file (readelf.c:17154)
==6435==by 0x402111: main (readelf.c:17225)
==6435==  Address 0x20052040e0 is not stack'd, malloc'd or (recently) free'd
==6435== 
==6435== 
==6435== Process terminating with default action of signal 11 (SIGSEGV)
==6435==  Access not within mapped region at address 0x20052040E0
==6435==at 0x408B77: target_specific_reloc_handling (readelf.c:11638)
==6435==by 0x408B77: apply_relocations (readelf.c:12343)
==6435==by 0x40EAC6: dump_section_as_bytes (readelf.c:12744)
==6435==by 0x42334D: process_section_contents (readelf.c:13085)
==6435==by 0x42334D: process_object (readelf.c:16780)
==6435==by 0x402111: process_file (readelf.c:17154)
==6435==by 0x402111: main (readelf.c:17225)

ASAN says:
==4286==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6190fc00
at pc 0x54aa2e bp 0x7ffd5d8f73b0 sp 0x7ffd5d8f73a8
READ of size 8 at 0x6190fc00 thread T0
#0 0x54aa2d in target_specific_reloc_handling
/home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:11637
#1 0x52e6dc in apply_relocations
/home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:12343
#2 0x55de03 in dump_section_as_bytes
/home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:12744
#3 0x4e1531 in process_section_contents
/home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:13085
#4 0x48d610 in process_object
/home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:16780
#5 0x488365 in process_file
/home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:17154
#6 0x4855c3 in main
/home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:17225
#7 0x7f7b0b7baf44 (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
#8 0x47ddfc in _start
(/home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/readelf+0x47ddfc)

-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils

[Bug binutils/21142] New: readelf segfault - invalid read of size 8

2017-02-13 Thread thuanpv at comp dot nus.edu.sg

https://sourceware.org/bugzilla/show_bug.cgi?id=21142

Bug ID: 21142
   Summary: readelf segfault - invalid read of size 8
   Product: binutils
   Version: 2.29 (HEAD)
Status: UNCONFIRMED
  Severity: normal
  Priority: P2
 Component: binutils
  Assignee: unassigned at sourceware dot org
  Reporter: thuanpv at comp dot nus.edu.sg
  Target Milestone: ---

Created attachment 9809
  --> https://sourceware.org/bugzilla/attachment.cgi?id=9809=edit
Crashing input

Dear all,

This bug was found with AFLGo, a directed version of AFL/AFLFast. Thanks also
to Marcel Böhme. 

This bug was found on Ubuntu 14.04 64-bit & binutils was checkout from main
repository at git://sourceware.org/git/binutils-gdb.git. Its commit is
53f7e8ea7fad1fcff1b58f4cbd74e192e0bcbc1d (Fri Feb 10 00:00:16 2017) 

binutils was built with ASAN using gcc-6.2 and clang-3.4. The configure command
was:

CC=clang CFLAGS="-DFORTIFY_SOURCE=2 -fstack-protector-all
-fsanitize=undefined,address -fno-omit-frame-pointer -g -Wno-error"
../configure --disable-shared --disable-gdb --disable-libdecnumber
--disable-readline --disable-sim

To reproduce:
Download the attached file - bug_8 
readelf -R6 bug_8


Valgrind says:
Hex dump of section '.debug_info':
readelf: Error: Section .symtab has an invalid sh_size of 0xe3000210
readelf: Warning: unable to apply unsupported reloc type 2 to section
.debug_info
==142143== Invalid read of size 8
==142143==at 0x408B73: target_specific_reloc_handling (readelf.c:11638)
==142143==by 0x408B73: apply_relocations (readelf.c:12343)
==142143==by 0x40EAC6: dump_section_as_bytes (readelf.c:12744)
==142143==by 0x42334D: process_section_contents (readelf.c:13085)
==142143==by 0x42334D: process_object (readelf.c:16780)
==142143==by 0x402111: process_file (readelf.c:17154)
==142143==by 0x402111: main (readelf.c:17225)
==142143==  Address 0x40 is not stack'd, malloc'd or (recently) free'd
==142143== 
==142143== 
==142143== Process terminating with default action of signal 11 (SIGSEGV)
==142143==  Access not within mapped region at address 0x40
==142143==at 0x408B73: target_specific_reloc_handling (readelf.c:11638)
==142143==by 0x408B73: apply_relocations (readelf.c:12343)
==142143==by 0x40EAC6: dump_section_as_bytes (readelf.c:12744)
==142143==by 0x42334D: process_section_contents (readelf.c:13085)
==142143==by 0x42334D: process_object (readelf.c:16780)
==142143==by 0x402111: process_file (readelf.c:17154)
==142143==by 0x402111: main (readelf.c:17225)
==142143==  If you believe this happened as a result of a stack
==142143==  overflow in your program's main thread (unlikely but
==142143==  possible), you can try to increase the size of the
==142143==  main thread stack using the --main-stacksize= flag.
==142143==  The main thread stack size used in this run was 8388608.

ASAN says:
==136663==ERROR: AddressSanitizer: SEGV on unknown address 0x0040 (pc
0x0054a93e sp 0x7ffc654cd420 bp 0x7ffc654cd8f0 T0)
#0 0x54a93d in target_specific_reloc_handling
/home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:11637
#1 0x52e6dc in apply_relocations
/home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:12343
#2 0x55de03 in dump_section_as_bytes
/home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:12744
#3 0x4e1531 in process_section_contents
/home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:13085
#4 0x48d610 in process_object
/home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:16780
#5 0x488365 in process_file
/home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:17154
#6 0x4855c3 in main
/home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:17225
#7 0x7fca89589f44 (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
#8 0x47ddfc in _start
(/home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/readelf+0x47ddfc)

-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils

[Bug binutils/21141] New: readelf segfault - invalid write in elfcomm.c

2017-02-13 Thread thuanpv at comp dot nus.edu.sg

https://sourceware.org/bugzilla/show_bug.cgi?id=21141

Bug ID: 21141
   Summary: readelf segfault - invalid write in elfcomm.c
   Product: binutils
   Version: 2.29 (HEAD)
Status: UNCONFIRMED
  Severity: normal
  Priority: P2
 Component: binutils
  Assignee: unassigned at sourceware dot org
  Reporter: thuanpv at comp dot nus.edu.sg
  Target Milestone: ---

Created attachment 9808
  --> https://sourceware.org/bugzilla/attachment.cgi?id=9808=edit
Crashing input

Dear all,

This bug was found with AFLGo, a directed version of AFL/AFLFast. Thanks also
to Marcel Böhme. 

This bug was found on Ubuntu 14.04 64-bit & binutils was checkout from main
repository at git://sourceware.org/git/binutils-gdb.git. Its commit is
53f7e8ea7fad1fcff1b58f4cbd74e192e0bcbc1d (Fri Feb 10 00:00:16 2017) 

binutils was built with ASAN using gcc-6.2 and clang-3.4. The configure command
was:

CC=clang CFLAGS="-DFORTIFY_SOURCE=2 -fstack-protector-all
-fsanitize=undefined,address -fno-omit-frame-pointer -g -Wno-error"
../configure --disable-shared --disable-gdb --disable-libdecnumber
--disable-readline --disable-sim

To reproduce:
Download the attached file - bug_7
readelf -w bug_7


Valgrind says:
==128187== Invalid write of size 1
==128187==at 0x438C87: byte_put_little_endian (elfcomm.c:75)
==128187==by 0x408B97: target_specific_reloc_handling (readelf.c:11640)
==128187==by 0x408B97: apply_relocations (readelf.c:12343)
==128187==by 0x40B133: load_specific_debug_section (readelf.c:12905)
==128187==by 0x42384B: display_debug_section (readelf.c:13009)
==128187==by 0x42384B: process_section_contents (readelf.c:13091)
==128187==by 0x42384B: process_object (readelf.c:16780)
==128187==by 0x402111: process_file (readelf.c:17154)
==128187==by 0x402111: main (readelf.c:17225)
==128187==  Address 0x6203611 is not stack'd, malloc'd or (recently) free'd
==128187== 
==128187== 
==128187== Process terminating with default action of signal 11 (SIGSEGV)
==128187==  Access not within mapped region at address 0x6203611
==128187==at 0x438C87: byte_put_little_endian (elfcomm.c:75)
==128187==by 0x408B97: target_specific_reloc_handling (readelf.c:11640)
==128187==by 0x408B97: apply_relocations (readelf.c:12343)
==128187==by 0x40B133: load_specific_debug_section (readelf.c:12905)
==128187==by 0x42384B: display_debug_section (readelf.c:13009)
==128187==by 0x42384B: process_section_contents (readelf.c:13091)
==128187==by 0x42384B: process_object (readelf.c:16780)
==128187==by 0x402111: process_file (readelf.c:17154)
==128187==by 0x402111: main (readelf.c:17225)


ASAN says:
==126476==ERROR: AddressSanitizer: SEGV on unknown address 0x611001009481 (pc
0x00722aa9 sp 0x7fff64ffa960 bp 0x7fff64ffac10 T0)
#0 0x722aa8 in byte_put_little_endian
/home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/elfcomm.c:75
#1 0x54acfa in target_specific_reloc_handling
/home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:11640
#2 0x52e6dc in apply_relocations
/home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:12343
#3 0x4846b5 in load_specific_debug_section
/home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:12905
#4 0x564b4c in display_debug_section
/home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:13009
#5 0x4e194f in process_section_contents
/home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:13091
#6 0x48d610 in process_object
/home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:16780
#7 0x488365 in process_file
/home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:17154
#8 0x4855c3 in main
/home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:17225
#9 0x7f7ae9a5df44 (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
#10 0x47ddfc in _start
(/home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/readelf+0x47ddfc)

-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils

[Bug binutils/21140] New: readelf segfault - use after free in elfcomm.c

2017-02-13 Thread thuanpv at comp dot nus.edu.sg

https://sourceware.org/bugzilla/show_bug.cgi?id=21140

Bug ID: 21140
   Summary: readelf segfault - use after free in elfcomm.c
   Product: binutils
   Version: 2.29 (HEAD)
Status: UNCONFIRMED
  Severity: normal
  Priority: P2
 Component: binutils
  Assignee: unassigned at sourceware dot org
  Reporter: thuanpv at comp dot nus.edu.sg
  Target Milestone: ---

Created attachment 9807
  --> https://sourceware.org/bugzilla/attachment.cgi?id=9807=edit
Crashing input

Dear all,

This bug was found with AFLGo, a directed version of AFL/AFLFast. Thanks also
to Marcel Böhme. 

This bug was found on Ubuntu 14.04 64-bit & binutils was checkout from main
repository at git://sourceware.org/git/binutils-gdb.git. Its commit is
53f7e8ea7fad1fcff1b58f4cbd74e192e0bcbc1d (Fri Feb 10 00:00:16 2017) 

binutils was built with ASAN using gcc-6.2 and clang-3.4. The configure command
was:

CC=clang CFLAGS="-DFORTIFY_SOURCE=2 -fstack-protector-all
-fsanitize=undefined,address -fno-omit-frame-pointer -g -Wno-error"
../configure --disable-shared --disable-gdb --disable-libdecnumber
--disable-readline --disable-sim

To reproduce:
Download the attached file - bug_6
readelf -w bug_6


ASAN says:
==121366==ERROR: AddressSanitizer: heap-use-after-free on address
0x6060acb9 at pc 0x722a9d bp 0x7ffdb6d1d350 sp 0x7ffdb6d1d348
WRITE of size 1 at 0x6060acb9 thread T0
#0 0x722a9c in byte_put_little_endian
/home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/elfcomm.c:75
#1 0x54acfa in target_specific_reloc_handling
/home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:11640
#2 0x52e6dc in apply_relocations
/home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:12343
#3 0x4846b5 in load_specific_debug_section
/home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:12905
#4 0x564b4c in display_debug_section
/home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:13009
#5 0x4e194f in process_section_contents
/home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:13091
#6 0x48d610 in process_object
/home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:16780
#7 0x488365 in process_file
/home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:17154
#8 0x4855c3 in main
/home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:17225
#9 0x7f97b92dcf44 (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
#10 0x47ddfc in _start
(/home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/readelf+0x47ddfc)

-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils

[Bug binutils/21139] New: readelf crashes - corrupted double-linked list because of use after free

2017-02-13 Thread thuanpv at comp dot nus.edu.sg

https://sourceware.org/bugzilla/show_bug.cgi?id=21139

Bug ID: 21139
   Summary: readelf crashes - corrupted double-linked list because
of use after free
   Product: binutils
   Version: 2.29 (HEAD)
Status: UNCONFIRMED
  Severity: normal
  Priority: P2
 Component: binutils
  Assignee: unassigned at sourceware dot org
  Reporter: thuanpv at comp dot nus.edu.sg
  Target Milestone: ---

Created attachment 9806
  --> https://sourceware.org/bugzilla/attachment.cgi?id=9806=edit
Crashing input

Dear all,

This bug was found with AFLGo, a directed version of AFL/AFLFast. Thanks also
to Marcel Böhme. 

This bug was found on Ubuntu 14.04 64-bit & binutils was checkout from main
repository at git://sourceware.org/git/binutils-gdb.git. Its commit is
53f7e8ea7fad1fcff1b58f4cbd74e192e0bcbc1d (Fri Feb 10 00:00:16 2017) 

binutils was built with ASAN using gcc-6.2 and clang-3.4. The configure command
was:

CC=clang CFLAGS="-DFORTIFY_SOURCE=2 -fstack-protector-all
-fsanitize=undefined,address -fno-omit-frame-pointer -g -Wno-error"
../configure --disable-shared --disable-gdb --disable-libdecnumber
--disable-readline --disable-sim

To reproduce:
Download the attached file - bug_5
readelf -w bug_5
ASAN says:
==20954==ERROR: AddressSanitizer: heap-use-after-free on address 0x6170fe00
at pc 0x54aa2e bp 0x7ffe965bcb50 sp 0x7ffe965bcb48
READ of size 8 at 0x6170fe00 thread T0
#0 0x54aa2d in target_specific_reloc_handling
/home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:11637
#1 0x52e6dc in apply_relocations
/home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:12343
#2 0x4846b5 in load_specific_debug_section
/home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:12905
#3 0x564b4c in display_debug_section
/home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:13009
#4 0x4e194f in process_section_contents
/home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:13091
#5 0x48d610 in process_object
/home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:16780
#6 0x488365 in process_file
/home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:17154
#7 0x4855c3 in main
/home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:17225
#8 0x7f019152bf44 (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
#9 0x47ddfc in _start
(/home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/readelf+0x47ddfc)

-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils

[Bug binutils/21138] New: readelf segfault - multiple buffer overflow in elfcomm.c

2017-02-13 Thread thuanpv at comp dot nus.edu.sg

https://sourceware.org/bugzilla/show_bug.cgi?id=21138

Bug ID: 21138
   Summary: readelf segfault - multiple buffer overflow in
elfcomm.c
   Product: binutils
   Version: 2.29 (HEAD)
Status: UNCONFIRMED
  Severity: normal
  Priority: P2
 Component: binutils
  Assignee: unassigned at sourceware dot org
  Reporter: thuanpv at comp dot nus.edu.sg
  Target Milestone: ---

Created attachment 9805
  --> https://sourceware.org/bugzilla/attachment.cgi?id=9805=edit
Crashing input

Dear all,

This bug was found with AFLGo, a directed version of AFL/AFLFast. Thanks also
to Marcel Böhme. 

This bug was found on Ubuntu 14.04 64-bit & binutils was checkout from main
repository at git://sourceware.org/git/binutils-gdb.git. Its commit is
53f7e8ea7fad1fcff1b58f4cbd74e192e0bcbc1d (Fri Feb 10 00:00:16 2017) 

binutils was built with ASAN using gcc-6.2 and clang-3.4. The configure command
was:

CC=clang CFLAGS="-DFORTIFY_SOURCE=2 -fstack-protector-all
-fsanitize=undefined,address -fno-omit-frame-pointer -g -Wno-error"
../configure --disable-shared --disable-gdb --disable-libdecnumber
--disable-readline --disable-sim

To reproduce:
Download the attached file - bug_4
readelf -R6 bug_4
Valgrind says:
Hex dump of section '.debug_info':
==34395== Invalid write of size 1
==34395==at 0x438C87: byte_put_little_endian (elfcomm.c:75)
==34395==by 0x408B97: target_specific_reloc_handling (readelf.c:11640)
==34395==by 0x408B97: apply_relocations (readelf.c:12343)
==34395==by 0x40EAC6: dump_section_as_bytes (readelf.c:12744)
==34395==by 0x42334D: process_section_contents (readelf.c:13085)
==34395==by 0x42334D: process_object (readelf.c:16780)
==34395==by 0x402111: process_file (readelf.c:17154)
==34395==by 0x402111: main (readelf.c:17225)
==34395==  Address 0x53e3926 is 1,963,078 bytes inside an unallocated block of
size 4,160,256 in arena "client"
==34395== 
==34395== Invalid write of size 1
==34395==at 0x438C91: byte_put_little_endian (elfcomm.c:78)
==34395==by 0x408B97: target_specific_reloc_handling (readelf.c:11640)
==34395==by 0x408B97: apply_relocations (readelf.c:12343)
==34395==by 0x40EAC6: dump_section_as_bytes (readelf.c:12744)
==34395==by 0x42334D: process_section_contents (readelf.c:13085)
==34395==by 0x42334D: process_object (readelf.c:16780)
==34395==by 0x402111: process_file (readelf.c:17154)
==34395==by 0x402111: main (readelf.c:17225)
==34395==  Address 0x53e3925 is 1,963,077 bytes inside an unallocated block of
size 4,160,256 in arena "client"
==34395== 
==34395== Invalid write of size 1
==34395==at 0x438C9B: byte_put_little_endian (elfcomm.c:81)
==34395==by 0x408B97: target_specific_reloc_handling (readelf.c:11640)
==34395==by 0x408B97: apply_relocations (readelf.c:12343)
==34395==by 0x40EAC6: dump_section_as_bytes (readelf.c:12744)
==34395==by 0x42334D: process_section_contents (readelf.c:13085)
==34395==by 0x42334D: process_object (readelf.c:16780)
==34395==by 0x402111: process_file (readelf.c:17154)
==34395==by 0x402111: main (readelf.c:17225)
==34395==  Address 0x53e3924 is 1,963,076 bytes inside an unallocated block of
size 4,160,256 in arena "client"

ASAN says:
==20311==ERROR: AddressSanitizer: SEGV on unknown address 0x6110001e9df6 (pc
0x00722aa9 sp 0x7ffc5c7d84a0 bp 0x7ffc5c7d8750 T0)
#0 0x722aa8 in byte_put_little_endian
/home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/elfcomm.c:75
#1 0x54acfa in target_specific_reloc_handling
/home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:11640
#2 0x52e6dc in apply_relocations
/home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:12343
#3 0x55de03 in dump_section_as_bytes
/home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:12744
#4 0x4e1531 in process_section_contents
/home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:13085
#5 0x48d610 in process_object
/home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:16780
#6 0x488365 in process_file
/home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:17154
#7 0x4855c3 in main
/home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:17225
#8 0x7fa9b0d4ef44 (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
#9 0x47ddfc in _start
(/home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/readelf+0x47ddfc)

-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils

[Bug binutils/21137] New: readelf - heap buffer overflow in elfcomm

2017-02-13 Thread thuanpv at comp dot nus.edu.sg

https://sourceware.org/bugzilla/show_bug.cgi?id=21137

Bug ID: 21137
   Summary: readelf - heap buffer overflow in elfcomm
   Product: binutils
   Version: 2.29 (HEAD)
Status: UNCONFIRMED
  Severity: normal
  Priority: P2
 Component: binutils
  Assignee: unassigned at sourceware dot org
  Reporter: thuanpv at comp dot nus.edu.sg
  Target Milestone: ---

Created attachment 9804
  --> https://sourceware.org/bugzilla/attachment.cgi?id=9804=edit
Bug triggering input

Dear all,

This bug was found with AFLGo, a directed version of AFL/AFLFast. Thanks also
to Marcel Böhme. 

This bug was found on Ubuntu 14.04 64-bit & binutils was checkout from main
repository at git://sourceware.org/git/binutils-gdb.git. Its commit is
53f7e8ea7fad1fcff1b58f4cbd74e192e0bcbc1d (Fri Feb 10 00:00:16 2017) 

To reproduce:
Download the attached file - bug_3
readelf -w bug_3

binutils was built with ASAN using gcc-6.2 and clang-3.4. The configure command
was:

CC=clang CFLAGS="-DFORTIFY_SOURCE=2 -fstack-protector-all
-fsanitize=undefined,address -fno-omit-frame-pointer -g -Wno-error"
../configure --disable-shared --disable-gdb --disable-libdecnumber
--disable-readline --disable-sim

==81550==ERROR: AddressSanitizer: heap-buffer-overflow on address
0x60e0e00c at pc 0x722a9d bp 0x7ffd132dc8b0 sp 0x7ffd132dc8a8
WRITE of size 1 at 0x60e0e00c thread T0
#0 0x722a9c in byte_put_little_endian
/home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/elfcomm.c:75
#1 0x54acfa in target_specific_reloc_handling
/home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:11640
#2 0x52e6dc in apply_relocations
/home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:12343
#3 0x4846b5 in load_specific_debug_section
/home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:12905
#4 0x564b4c in display_debug_section
/home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:13009
#5 0x4e194f in process_section_contents
/home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:13091
#6 0x48d610 in process_object
/home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:16780
#7 0x488365 in process_file
/home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:17154
#8 0x4855c3 in main
/home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:17225
#9 0x7efe28957f44 (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
#10 0x47ddfc in _start
(/home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/readelf+0x47ddfc)

0x60e0e00c is located 15 bytes to the right of 157-byte region
[0x60e0df60,0x60e0dffd)
allocated by thread T0 here:
#0 0x467d19 in __interceptor_malloc
(/home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/readelf+0x467d19)
#1 0x503114 in get_data
/home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:393
#2 0x48180a in load_specific_debug_section
/home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:12829
#3 0x564b4c in display_debug_section
/home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:13009
#4 0x4e194f in process_section_contents
/home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:13091
#5 0x48d610 in process_object
/home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:16780
#6 0x488365 in process_file
/home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:17154
#7 0x4855c3 in main
/home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:17225

-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils

[Bug binutils/21136] New: readelf segfault - heap buffer overflow

2017-02-13 Thread thuanpv at comp dot nus.edu.sg

https://sourceware.org/bugzilla/show_bug.cgi?id=21136

Bug ID: 21136
   Summary: readelf segfault - heap buffer overflow
   Product: binutils
   Version: 2.29 (HEAD)
Status: UNCONFIRMED
  Severity: normal
  Priority: P2
 Component: binutils
  Assignee: unassigned at sourceware dot org
  Reporter: thuanpv at comp dot nus.edu.sg
  Target Milestone: ---

Created attachment 9803
  --> https://sourceware.org/bugzilla/attachment.cgi?id=9803=edit
Crashing input

Dear all,

This bug was found with AFLGo, a directed version of AFL/AFLFast. Thanks also
to Marcel Böhme. 

This bug was found on Ubuntu 14.04 64-bit & binutils was checkout from main
repository at git://sourceware.org/git/binutils-gdb.git. Its commit is
53f7e8ea7fad1fcff1b58f4cbd74e192e0bcbc1d (Fri Feb 10 00:00:16 2017) 

To reproduce:
Download the attached file - bug_2
readelf -da bug_2

Valgrind says:
==29176== Invalid read of size 8
==29176==at 0x408B77: target_specific_reloc_handling (readelf.c:11638)
==29176==by 0x408B77: apply_relocations (readelf.c:12343)
==29176==by 0x4178B4: process_notes_at.part.19 (readelf.c:16279)
==29176==by 0x423D91: process_notes_at (readelf.c:16415)
==29176==by 0x423D91: process_note_sections (readelf.c:16526)
==29176==by 0x423D91: process_notes (readelf.c:16559)
==29176==by 0x423D91: process_object (readelf.c:16782)
==29176==by 0x402111: process_file (readelf.c:17154)
==29176==by 0x402111: main (readelf.c:17225)
==29176==  Address 0x20052093a0 is not stack'd, malloc'd or (recently) free'd
==29176== 
==29176== 
==29176== Process terminating with default action of signal 11 (SIGSEGV)
==29176==  Access not within mapped region at address 0x20052093A0
==29176==at 0x408B77: target_specific_reloc_handling (readelf.c:11638)
==29176==by 0x408B77: apply_relocations (readelf.c:12343)
==29176==by 0x4178B4: process_notes_at.part.19 (readelf.c:16279)
==29176==by 0x423D91: process_notes_at (readelf.c:16415)
==29176==by 0x423D91: process_note_sections (readelf.c:16526)
==29176==by 0x423D91: process_notes (readelf.c:16559)
==29176==by 0x423D91: process_object (readelf.c:16782)
==29176==by 0x402111: process_file (readelf.c:17154)
==29176==by 0x402111: main (readelf.c:17225)

ASAN says
==30126==ERROR: AddressSanitizer: heap-buffer-overflow on address
0x6190ee00 at pc 0x54aa2e bp 0x7ffcee43fc30 sp 0x7ffcee43fc28
READ of size 8 at 0x6190ee00 thread T0
#0 0x54aa2d in target_specific_reloc_handling
/home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:11637
#1 0x52e6dc in apply_relocations
/home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:12343
#2 0x527e5f in process_notes_at
/home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:16279
#3 0x52616c in process_note_sections
/home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:16526
#4 0x4e1ec2 in process_notes
/home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:16559
#5 0x48d646 in process_object
/home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:16782
#6 0x488365 in process_file
/home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:17154
#7 0x4855c3 in main
/home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:17225
#8 0x7fef50e75f44 (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
#9 0x47ddfc in _start
(/home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/readelf+0x47ddfc)

-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils

[Bug binutils/21135] New: readelf segfault - invalid read

2017-02-13 Thread thuanpv at comp dot nus.edu.sg

https://sourceware.org/bugzilla/show_bug.cgi?id=21135

Bug ID: 21135
   Summary: readelf segfault - invalid read
   Product: binutils
   Version: 2.29 (HEAD)
Status: UNCONFIRMED
  Severity: normal
  Priority: P2
 Component: binutils
  Assignee: unassigned at sourceware dot org
  Reporter: thuanpv at comp dot nus.edu.sg
  Target Milestone: ---

Created attachment 9802
  --> https://sourceware.org/bugzilla/attachment.cgi?id=9802=edit
Crashing input

Dear all,

This bug was found with AFLGo, a directed version of AFL/AFLFast. Thanks also
to Marcel Böhme. We found several inputs causing readelf to crash. we will
report all of them one by one.

This bug was found on Ubuntu 14.04 64-bit & binutils was checkout from main
repository at git://sourceware.org/git/binutils-gdb.git. Its commit is
53f7e8ea7fad1fcff1b58f4cbd74e192e0bcbc1d (Fri Feb 10 00:00:16 2017) 

To reproduce:
Download the attached file - bug_1
readelf -zR3 bug_1

Valgrind says:
==54145== Command:
/home/ubuntu/thesis/subjects/binutils-newest/build-normal/binutils/readelf -zR3
bug_1
==54145== 
readelf: Warning: Section 1 has an out of range sh_info value of 61440
readelf: Warning: Section 3 has an out of range sh_link value of 1179648
readelf: Warning: Section 4 has an out of range sh_link value of 4278190955
readelf: Warning: Section 5 has an out of range sh_link value of 1310720
readelf: Warning: Section 6 has an out of range sh_link value of 1953068403
readelf: Warning: Section 7 has an out of range sh_link value of 117442048
readelf: Error: Reading 0x180064 bytes extends past end of file for string
table
readelf: Error: Section 3 has invalid sh_entsize of 0600
readelf: Error: (Using the expected size of 24 for the rest of this dump)

Hex dump of section '':
==54145== Invalid read of size 1
==54145==at 0x40E9A0: dump_section_as_bytes (readelf.c:12786)
==54145==by 0x42334D: process_section_contents (readelf.c:13085)
==54145==by 0x42334D: process_object (readelf.c:16780)
==54145==by 0x402111: process_file (readelf.c:17154)
==54145==by 0x402111: main (readelf.c:17225)
==54145==  Address 0x0 is not stack'd, malloc'd or (recently) free'd
==54145== 
==54145== 
==54145== Process terminating with default action of signal 11 (SIGSEGV)
==54145==  Access not within mapped region at address 0x0
==54145==at 0x40E9A0: dump_section_as_bytes (readelf.c:12786)
==54145==by 0x42334D: process_section_contents (readelf.c:13085)
==54145==by 0x42334D: process_object (readelf.c:16780)
==54145==by 0x402111: process_file (readelf.c:17154)
==54145==by 0x402111: main (readelf.c:17225)

ASAN says:
==57956==ERROR: AddressSanitizer: SEGV on unknown address 0x (pc
0x0055efcf sp 0x7fff2de971a0 bp 0x7fff2de97af0 T0)
#0 0x55efce in dump_section_as_bytes
/home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:12786
#1 0x4e1531 in process_section_contents
/home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:13085
#2 0x48d610 in process_object
/home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:16780
#3 0x488365 in process_file
/home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:17154
#4 0x4855c3 in main
/home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:17225
#5 0x7f62892d3f44 (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
#6 0x47ddfc in _start
(/home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/readelf+0x47ddfc)

-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils

67 matches

Mail list logo