[Bug ld/21000] hppa-linux does not support -z relro
https://sourceware.org/bugzilla/show_bug.cgi?id=21000 Alan Modra changed: What|Removed |Added Status|REOPENED|ASSIGNED -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug ld/21000] hppa-linux does not support -z relro
https://sourceware.org/bugzilla/show_bug.cgi?id=21000 --- Comment #17 from Alan Modra --- Created attachment 9820 --> https://sourceware.org/bugzilla/attachment.cgi?id=9820=edit Implement no_page_alias This wastes a page in order to avoid the page aliasing problem -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug ld/21131] *** Error in `/usr/bin/ld': corrupted double-linked list: 0x00239b48 ***
https://sourceware.org/bugzilla/show_bug.cgi?id=21131 --- Comment #4 from Alan Modra --- With that patch, and deleting sysdeps/unix/sysv/linux/hppa/pthread_cond_init.c, I can at least build glibc. Thanks! However, I can't reproduce the failure with cross-tools. elf/vismain builds fine using the same options you show. What's more, valgrind doesn't show any errors apart from some leaked memory, and setting MALLOC_PERTURB_ doesn't make any difference. -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug ld/21132] [hppa-linux] pie support doesn't work
https://sourceware.org/bugzilla/show_bug.cgi?id=21132 --- Comment #2 from John David Anglin --- Actually, it appears $global$ is incorrectly set in scripttempl/elf.sc. -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug ld/21132] [hppa-linux] pie support doesn't work
https://sourceware.org/bugzilla/show_bug.cgi?id=21132 --- Comment #1 from John David Anglin --- It appears $global$ is set to the wrong value in elf32_hppa_set_gp() for -pie. -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/21151] Heap buffer overflow in drwarf2.c
https://sourceware.org/bugzilla/show_bug.cgi?id=21151 Nick Clifton changed: What|Removed |Added Status|UNCONFIRMED |RESOLVED CC||nickc at redhat dot com Resolution|--- |FIXED --- Comment #2 from Nick Clifton --- Hi Thuan, Thanks for the bug report. I have applied a small patch to fix the problem. At issue here was the fact that the BFD library was not checking the unit_length field in the DWARF header before attempting to read in the DWARF debug information. Cheers Nick -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug gold/21152] New: Incorrect relocation handling of R_MIPS_HI16 / R_MIPS_LO16
https://sourceware.org/bugzilla/show_bug.cgi?id=21152 Bug ID: 21152 Summary: Incorrect relocation handling of R_MIPS_HI16 / R_MIPS_LO16 Product: binutils Version: 2.28 Status: UNCONFIRMED Severity: normal Priority: P2 Component: gold Assignee: ccoutant at gmail dot com Reporter: jan.smets at nokia dot com CC: ian at airs dot com Target Milestone: --- MIPS O32 BFD (gdb) disas /rm cvmx_l2c_flush_mem_region_line_reuse,+0x40 Dump of assembler code from 0x2875728 to 0x2875768: 0x02875728: 27 bd ff d0 addiu sp,sp,-48 0x0287572c : af b3 00 1c sw s3,28(sp) 0x02875730 : 3c 13 07 02 lui s3,0x702 0x02875734 :8e 62 30 b8 lw v0,12472(s3) 0x02875738 :af b5 00 24 sw s5,36(sp) 0x0287573c :af b4 00 20 sw s4,32(sp) 0x02875740 :af b2 00 18 sw s2,24(sp) 0x02875744 :af b0 00 10 sw s0,16(sp) 0x02875748 :af bf 00 2c sw ra,44(sp) 0x0287574c :af b6 00 28 sw s6,40(sp) 0x02875750 :af b1 00 14 sw s1,20(sp) GOLD (gdb) disas /rm cvmx_l2c_flush_mem_region_line_reuse,+0x40 Dump of assembler code from 0x2875728 to 0x2875768: 0x02875728 : 27 bd ff d0 addiu sp,sp,-48 0x0287572c : af b3 00 1c sw s3,28(sp) 0x02875730 : 6c cb 07 00 ldr t3,1792(a2) < should be lui 0x02875734 :bf 1a 00 00 cache 0x1a,0(t8)< should be lw 0x02875738 :af b5 00 24 sw s5,36(sp) 0x0287573c :af b4 00 20 sw s4,32(sp) 0x02875740 :af b2 00 18 sw s2,24(sp) 0x02875744 :af b0 00 10 sw s0,16(sp) 0x02875748 :af bf 00 2c sw ra,44(sp) 0x0287574c :af b6 00 28 sw s6,40(sp) 0x02875750 :af b1 00 14 sw s1,20(sp) GCC generated assembly .setmacro .setreorder .endcvmx_l2c_flush_one_set_via_line_reuse .size cvmx_l2c_flush_one_set_via_line_reuse, .-cvmx_l2c_flush_one_set_via_line_reuse .align 2 .globl cvmx_l2c_flush_mem_region_line_reuse .setnomips16 .setnomicromips .entcvmx_l2c_flush_mem_region_line_reuse .type cvmx_l2c_flush_mem_region_line_reuse, @function cvmx_l2c_flush_mem_region_line_reuse: .frame $sp,48,$31 # vars= 0, regs= 8/0, args= 16, gp= 0 .mask 0x807f,-4 .fmask 0x,0 addiu $sp,$sp,-48 sw $19,28($sp) lui $19,%hi(indxalias$97671) lw $2,%lo(indxalias$97671)($19) sw $21,36($sp) sw $20,32($sp) sw $18,24($sp) sw $16,16($sp) sw $31,44($sp) sw $22,40($sp) sw $17,20($sp) ... .data .align 2 .type indxalias$97671, @object .size indxalias$97671, 4 indxalias$97671: .word -1 .align 2 ... -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/21151] Heap buffer overflow in drwarf2.c
https://sourceware.org/bugzilla/show_bug.cgi?id=21151 --- Comment #1 from cvs-commit at gcc dot gnu.org --- The master branch has been updated by Nick Clifton: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=d11135f55294d75099ad03f81bacbe8ae93a6b28 commit d11135f55294d75099ad03f81bacbe8ae93a6b28 Author: Nick Clifton Date: Mon Feb 13 17:51:27 2017 + Fix invalid memory access in the BFD library's DWARF parser. PR binutils/21151 * dwarf2.c (_bfd_dwarf2_find_nearest_line): Check for an invalid unit length field. -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/21150] global buffer overflow in nm.c
https://sourceware.org/bugzilla/show_bug.cgi?id=21150 Nick Clifton changed: What|Removed |Added Status|UNCONFIRMED |RESOLVED CC||nickc at redhat dot com Resolution|--- |FIXED --- Comment #2 from Nick Clifton --- Hi Thuan, Thanks for reporting this bug. I have applied a small patch to fix the problem. The bug was in the symbol sorting code used by nm. It was testing for known file extensions (.o and .a) in symbol names without first checking to see if the symbol name was long enough to actually have one of these extensions. Cheers Nick -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/21150] global buffer overflow in nm.c
https://sourceware.org/bugzilla/show_bug.cgi?id=21150 --- Comment #1 from cvs-commit at gcc dot gnu.org --- The master branch has been updated by Nick Clifton: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=c12214021dedefcc2320827bcc1751f2d94ca2c6 commit c12214021dedefcc2320827bcc1751f2d94ca2c6 Author: Nick Clifton Date: Mon Feb 13 17:23:10 2017 + Fix illegal memory access bug in nm when run on a corrupt binary. PR binutils/21150 * nm.c (file_symbol): Add test of string length before testing string characters. -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/21136] readelf segfault - heap buffer overflow
https://sourceware.org/bugzilla/show_bug.cgi?id=21136 --- Comment #5 from Nick Clifton --- > Sorry - that was my mistake. I should have ibndi [Doh - hit send before I was ready]. What I meant to say was that you were correct. This bug is essentially a duplicate of 21139 not 21137. I have updated the Status accordingly. Cheers Nick -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/21136] readelf segfault - heap buffer overflow
https://sourceware.org/bugzilla/show_bug.cgi?id=21136 --- Comment #4 from Nick Clifton --- Hi Thuan, > Thank you for quickly fixing the bugs I reported. 21136 looks totally > different from 21137, both in call-stack and in crashing functions. I do > see that 21136 shares something in common with 21139; however, the stack > traces of these two reported bugs are also considerably different. Sorry - that was my mistake. I should have ibndi *** This bug has been marked as a duplicate of bug 21139 *** -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/21139] readelf crashes - corrupted double-linked list because of use after free
https://sourceware.org/bugzilla/show_bug.cgi?id=21139 --- Comment #7 from Nick Clifton --- *** Bug 21136 has been marked as a duplicate of this bug. *** -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/21151] New: Heap buffer overflow in drwarf2.c
https://sourceware.org/bugzilla/show_bug.cgi?id=21151 Bug ID: 21151 Summary: Heap buffer overflow in drwarf2.c Product: binutils Version: 2.29 (HEAD) Status: UNCONFIRMED Severity: normal Priority: P2 Component: binutils Assignee: unassigned at sourceware dot org Reporter: thuanpv at comp dot nus.edu.sg Target Milestone: --- Created attachment 9819 --> https://sourceware.org/bugzilla/attachment.cgi?id=9819=edit Bug triggering input Dear all, This bug was found with AFLGo, a directed version of AFL/AFLFast. Thanks also to Marcel Böhme. This bug was found on Ubuntu 14.04 64-bit & binutils was checkout from main repository at git://sourceware.org/git/binutils-gdb.git. Its commit is 53f7e8ea7fad1fcff1b58f4cbd74e192e0bcbc1d (Fri Feb 10 00:00:16 2017) binutils was built with ASAN using gcc-6.2 and clang-3.4. The configure command was: CC=clang CFLAGS="-DFORTIFY_SOURCE=2 -fstack-protector-all -fsanitize=undefined,address -fno-omit-frame-pointer -g -Wno-error" ../configure --disable-shared --disable-gdb --disable-libdecnumber --disable-readline --disable-sim To reproduce: Download the attached file - bug_17 objdump -S bug_17 ASAN says: ==107235==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6080bf72 at pc 0x10b6f9e bp 0x7ffd0f6e24f0 sp 0x7ffd0f6e24e8 READ of size 1 at 0x6080bf72 thread T0 #0 0x10b6f9d in read_1_byte /home/ubuntu/thesis/subjects/binutils-newest/build-asan/bfd/../../bfd/dwarf2.c:573 #1 0x10accd0 in parse_comp_unit /home/ubuntu/thesis/subjects/binutils-newest/build-asan/bfd/../../bfd/dwarf2.c:2970 #2 0x10a17df in _bfd_dwarf2_find_nearest_line /home/ubuntu/thesis/subjects/binutils-newest/build-asan/bfd/../../bfd/dwarf2.c:4297 #3 0xcc0b5a in _bfd_elf_find_nearest_line /home/ubuntu/thesis/subjects/binutils-newest/build-asan/bfd/../../bfd/elf.c:8554 #4 0x4d306f in show_line /home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/objdump.c:1472 #5 0x4c8043 in disassemble_bytes /home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/objdump.c:1766 #6 0x4b80e2 in disassemble_section /home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/objdump.c:2279 #7 0x999603 in bfd_map_over_sections /home/ubuntu/thesis/subjects/binutils-newest/build-asan/bfd/../../bfd/section.c:1395 #8 0x4a63eb in disassemble_data /home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/objdump.c:2413 #9 0x498f1f in dump_bfd /home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/objdump.c:3507 #10 0x4978fb in display_object_bfd /home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/objdump.c:3564 #11 0x497698 in display_any_bfd /home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/objdump.c:3653 #12 0x495ebe in display_file /home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/objdump.c:3674 #13 0x493edd in main /home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/objdump.c:3969 #14 0x7f5fdb405f44 (/lib/x86_64-linux-gnu/libc.so.6+0x21f44) #15 0x48c95c in _start (/home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/objdump+0x48c95c) -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/21150] New: global buffer overflow in nm.c
https://sourceware.org/bugzilla/show_bug.cgi?id=21150 Bug ID: 21150 Summary: global buffer overflow in nm.c Product: binutils Version: 2.29 (HEAD) Status: UNCONFIRMED Severity: normal Priority: P2 Component: binutils Assignee: unassigned at sourceware dot org Reporter: thuanpv at comp dot nus.edu.sg Target Milestone: --- Created attachment 9818 --> https://sourceware.org/bugzilla/attachment.cgi?id=9818=edit Bug triggering input Dear all, This bug was found with AFLGo, a directed version of AFL/AFLFast. Thanks also to Marcel Böhme. This bug was found on Ubuntu 14.04 64-bit & binutils was checkout from main repository at git://sourceware.org/git/binutils-gdb.git. Its commit is 53f7e8ea7fad1fcff1b58f4cbd74e192e0bcbc1d (Fri Feb 10 00:00:16 2017) binutils was built with ASAN using gcc-6.2 and clang-3.4. The configure command was: CC=clang CFLAGS="-DFORTIFY_SOURCE=2 -fstack-protector-all -fsanitize=undefined,address -fno-omit-frame-pointer -g -Wno-error" ../configure --disable-shared --disable-gdb --disable-libdecnumber --disable-readline --disable-sim To reproduce: Download the attached file - bug_16 nm-new --si bug_16 ASAN says: ==107219==ERROR: AddressSanitizer: global-buffer-overflow on address 0x017a69fe at pc 0x4a65c3 bp 0x7ffcfc8e0c70 sp 0x7ffcfc8e0c68 READ of size 1 at 0x017a69fe thread T0 #0 0x4a65c2 in size_forward1 /home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/nm.c:693 #1 0x7fea99955418 (/lib/x86_64-linux-gnu/libc.so.6+0x3b418) #2 0x7fea99955171 (/lib/x86_64-linux-gnu/libc.so.6+0x3b171) #3 0x7fea999556cb (/lib/x86_64-linux-gnu/libc.so.6+0x3b6cb) #4 0x495d94 in sort_symbols_by_size /home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/nm.c:735 #5 0x4923dd in display_rel_file /home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/nm.c:1196 #6 0x48da9c in display_file /home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/nm.c:1319 #7 0x48bd36 in main /home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/nm.c:1793 #8 0x7fea9993bf44 (/lib/x86_64-linux-gnu/libc.so.6+0x21f44) #9 0x48a9cc in _start (/home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/nm-new+0x48a9cc) -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/21136] readelf segfault - heap buffer overflow
https://sourceware.org/bugzilla/show_bug.cgi?id=21136 --- Comment #3 from Thuan Pham --- Hi Nick, Thank you for quickly fixing the bugs I reported. 21136 looks totally different from 21137, both in call-stack and in crashing functions. I do see that 21136 shares something in common with 21139; however, the stack traces of these two reported bugs are also considerably different. Regards, Thuan On Mon, Feb 13, 2017 at 11:21 PM, nickc at redhat dot com < sourceware-bugzi...@sourceware.org> wrote: > https://sourceware.org/bugzilla/show_bug.cgi?id=21136 > > Nick Clifton changed: > >What|Removed |Added > > > Status|UNCONFIRMED |RESOLVED > CC||nickc at redhat dot com > Resolution|--- |DUPLICATE > > --- Comment #2 from Nick Clifton --- > Another duplicate bug > > *** This bug has been marked as a duplicate of bug 21137 *** > > -- > You are receiving this mail because: > You reported the bug. -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/21136] readelf segfault - heap buffer overflow
https://sourceware.org/bugzilla/show_bug.cgi?id=21136 Nick Clifton changed: What|Removed |Added Status|UNCONFIRMED |RESOLVED CC||nickc at redhat dot com Resolution|--- |DUPLICATE --- Comment #2 from Nick Clifton --- Another duplicate bug *** This bug has been marked as a duplicate of bug 21137 *** -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/21137] readelf - heap buffer overflow in elfcomm
https://sourceware.org/bugzilla/show_bug.cgi?id=21137 --- Comment #7 from Nick Clifton --- *** Bug 21136 has been marked as a duplicate of this bug. *** -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/21135] readelf segfault - invalid read
https://sourceware.org/bugzilla/show_bug.cgi?id=21135 --- Comment #4 from cvs-commit at gcc dot gnu.org --- The master branch has been updated by Nick Clifton: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=1835f746a7c7fff70a2cc03a051b14fdc6b3f73f commit 1835f746a7c7fff70a2cc03a051b14fdc6b3f73f Author: Nick Clifton Date: Mon Feb 13 15:19:48 2017 + Extend previous patch to cover uncompress_section_contents returning FALSE to other callers. PR binutils/21135 (dump_section_as_bytes, load_specific_debug_section): Likewise. -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/21149] readelf - several invalid read
https://sourceware.org/bugzilla/show_bug.cgi?id=21149 --- Comment #1 from cvs-commit at gcc dot gnu.org --- The master branch has been updated by Nick Clifton: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ebdf1ebfa551fd4624c3cd05401aa3c01ea2ebbe commit ebdf1ebfa551fd4624c3cd05401aa3c01ea2ebbe Author: Nick Clifton Date: Mon Feb 13 14:52:48 2017 + Fix invalid memory access attempting to read the compression header of a too-small compressed section. PR binutils/21149 * readelf.c (get_compression_header): Add size parameter. Check size against sizeof compression header before attempting to extract the header. (process_section_headers): Pass size to get_compression_header. (dump_section_as_strings): Likewise. (dump_section_as_bytes): Likewise. (load_specific_debug_section): Likewise. -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/21135] readelf segfault - invalid read
https://sourceware.org/bugzilla/show_bug.cgi?id=21135 Nick Clifton changed: What|Removed |Added Status|UNCONFIRMED |RESOLVED CC||nickc at redhat dot com Resolution|--- |FIXED --- Comment #3 from Nick Clifton --- Hi Thuan, Thanks for reporting this bug. I have checked in a patch to fix the problem. The bug here was the uncompress_section_contents function was detecting a malformed compressed section, but the dump_section_as_bytes function was not checking to see if the decompression had actually worked. Cheers Nick -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/21148] readelf - multiple invalid read
https://sourceware.org/bugzilla/show_bug.cgi?id=21148 Nick Clifton changed: What|Removed |Added Status|UNCONFIRMED |RESOLVED CC||nickc at redhat dot com Resolution|--- |FIXED --- Comment #1 from Nick Clifton --- Hi Thuan, Thanks for reporting this bug. I have checked in a patch to fix the problem. At issue was the code in readelf which was checking for a possible buffer overflow. The code worked, but it forgot to allow for a very small overflow that just exceeded the buffer size. Cheers Nick -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/21135] readelf segfault - invalid read
https://sourceware.org/bugzilla/show_bug.cgi?id=21135 --- Comment #2 from cvs-commit at gcc dot gnu.org --- The master branch has been updated by Nick Clifton: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=f055032e4e922f1e1a5e11026c7c2669fa2a7d19 commit f055032e4e922f1e1a5e11026c7c2669fa2a7d19 Author: Nick Clifton Date: Mon Feb 13 15:04:37 2017 + Fix invalid read of section contents whilst processing a corrupt binary. PR binutils/21135 * readelf.c (dump_section_as_bytes): Handle the case where uncompress_section_contents returns false. -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/21149] readelf - several invalid read
https://sourceware.org/bugzilla/show_bug.cgi?id=21149 Nick Clifton changed: What|Removed |Added CC||nickc at redhat dot com --- Comment #2 from Nick Clifton --- Hi Thuan, Thanks for reporting this bug. I have checked in a patch to fix it. The problem here was that the code to read the compression header at the start of a compressed section was assuming that enough bytes were available in the section for the header. I added code to check this assumption before attempting to extract the header. Cheers Nick -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/21148] readelf - multiple invalid read
https://sourceware.org/bugzilla/show_bug.cgi?id=21148 --- Comment #2 from cvs-commit at gcc dot gnu.org --- The master branch has been updated by Nick Clifton: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=4aeb00ad3cc6a29b32f0a4e42c2f64d55e25b76d commit 4aeb00ad3cc6a29b32f0a4e42c2f64d55e25b76d Author: Nick Clifton Date: Mon Feb 13 14:35:24 2017 + Fix check for buffer overflow when processing version information. PR binutils/21148 * readelf.c (process_version_sections): Include size of auxillary version information when checking for buffer overflow. -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug ld/20828] GC-ed DSO symbols make corresponding symbols defined by a linker script local
https://sourceware.org/bugzilla/show_bug.cgi?id=20828 --- Comment #33 from cvs-commit at gcc dot gnu.org --- The binutils-2_28-branch branch has been updated by Maciej W. Rozycki: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=e7ec0c47c5500b572b847cddd5b0868ef3784473 commit e7ec0c47c5500b572b847cddd5b0868ef3784473 Author: Maciej W. Rozycki Date: Thu Feb 2 22:05:46 2017 + MIPS/BFD: Respect the ELF gABI dynamic symbol table sort requirement Ensure all local symbols precede external symbols in the dynamic symbol table. No local symbols are expected to make it to the dynamic symbol table except for section symbols already taken care of, so this is really a safeguard only against a potential BFD bug otherwise not so harmful, which may become a grave one due to a symbol table sorting requirement violation (see PR ld/20828 for an example). This means however that no test suite coverage is possible for this change as code introduced here is not normally expected to trigger. Logically split then the part of the dynamic symbol table which is not global offset table mapped, into a local area at the beginning and an external area following. By the time `mips_elf_sort_hash_table' is called we have the number of local dynamic symbol table entries (section and non-section) already counted in `local_dynsymcount', so use it to offset the external area from the beginning. bfd/ * elfxx-mips.c (mips_elf_hash_sort_data): Add `max_local_dynindx'. (mips_elf_sort_hash_table): Handle it. (mips_elf_sort_hash_table_f) : For forced local symbols bump up `max_local_dynindx' rather than `max_non_got_dynindx'. (cherry picked from commit e17b0c351f0b22fb42edf34e5a6e486d72e9ee05) -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/21144] readelf segfault - heap buffer overflow, invalid read of size 8
https://sourceware.org/bugzilla/show_bug.cgi?id=21144 Nick Clifton changed: What|Removed |Added Status|UNCONFIRMED |RESOLVED CC||nickc at redhat dot com Resolution|--- |DUPLICATE --- Comment #1 from Nick Clifton --- Another duplicate bug. *** This bug has been marked as a duplicate of bug 21139 *** -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/21147] readelf - heap buffer overflow, invalid read
https://sourceware.org/bugzilla/show_bug.cgi?id=21147 Nick Clifton changed: What|Removed |Added Status|UNCONFIRMED |RESOLVED CC||nickc at redhat dot com Resolution|--- |FIXED --- Comment #2 from Nick Clifton --- Hi Thuan, Thanks for reporting this bug. I have checked in a small patch to fix it. The problem was an off-by-one error when reporting sections which could not be dumped. Cheers Nick -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/21139] readelf crashes - corrupted double-linked list because of use after free
https://sourceware.org/bugzilla/show_bug.cgi?id=21139 --- Comment #6 from Nick Clifton --- *** Bug 21145 has been marked as a duplicate of this bug. *** -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/21146] readelf segfault - multiple invalid write in elfcomm.c
https://sourceware.org/bugzilla/show_bug.cgi?id=21146 Nick Clifton changed: What|Removed |Added Status|UNCONFIRMED |RESOLVED CC||nickc at redhat dot com Resolution|--- |DUPLICATE --- Comment #1 from Nick Clifton --- Another duplicate bug. *** This bug has been marked as a duplicate of bug 21137 *** -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/21145] readelf segfault - null pointer dereferencing
https://sourceware.org/bugzilla/show_bug.cgi?id=21145 Nick Clifton changed: What|Removed |Added Status|UNCONFIRMED |RESOLVED CC||nickc at redhat dot com Resolution|--- |DUPLICATE --- Comment #1 from Nick Clifton --- Another duplicate bug. *** This bug has been marked as a duplicate of bug 21139 *** -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/21139] readelf crashes - corrupted double-linked list because of use after free
https://sourceware.org/bugzilla/show_bug.cgi?id=21139 --- Comment #5 from Nick Clifton --- *** Bug 21144 has been marked as a duplicate of this bug. *** -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/21139] readelf crashes - corrupted double-linked list because of use after free
https://sourceware.org/bugzilla/show_bug.cgi?id=21139 --- Comment #4 from Nick Clifton --- *** Bug 21143 has been marked as a duplicate of this bug. *** -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/21139] readelf crashes - corrupted double-linked list because of use after free
https://sourceware.org/bugzilla/show_bug.cgi?id=21139 --- Comment #3 from Nick Clifton --- *** Bug 21142 has been marked as a duplicate of this bug. *** -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/21139] readelf crashes - corrupted double-linked list because of use after free
https://sourceware.org/bugzilla/show_bug.cgi?id=21139 Nick Clifton changed: What|Removed |Added Status|UNCONFIRMED |RESOLVED CC||nickc at redhat dot com Resolution|--- |FIXED --- Comment #2 from Nick Clifton --- Hi Thuan, Thanks for reporting this bug. I have checked in a patch to fix it. There were two problems here. The first was that the target specific relocation processing code in readelf was not checking for an invalid symbol index in the relocation. The second was that the code was maintaining state across multiple invocations, resulting in the use of a stale pointer. Cheers Nick -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/21141] readelf segfault - invalid write in elfcomm.c
https://sourceware.org/bugzilla/show_bug.cgi?id=21141 Nick Clifton changed: What|Removed |Added Status|UNCONFIRMED |RESOLVED CC||nickc at redhat dot com Resolution|--- |DUPLICATE --- Comment #1 from Nick Clifton --- Another duplicate bug. *** This bug has been marked as a duplicate of bug 21137 *** -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/21143] readelf segfault - heap buffer overflow, invalid read of size 8
https://sourceware.org/bugzilla/show_bug.cgi?id=21143 Nick Clifton changed: What|Removed |Added Status|UNCONFIRMED |RESOLVED CC||nickc at redhat dot com Resolution|--- |DUPLICATE --- Comment #1 from Nick Clifton --- Another duplicate bug. *** This bug has been marked as a duplicate of bug 21139 *** -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/21147] readelf - heap buffer overflow, invalid read
https://sourceware.org/bugzilla/show_bug.cgi?id=21147 --- Comment #1 from cvs-commit at gcc dot gnu.org --- The master branch has been updated by Nick Clifton: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=0ee3043f58aae078a1ecc54b7be2810cae39a718 commit 0ee3043f58aae078a1ecc54b7be2810cae39a718 Author: Nick Clifton Date: Mon Feb 13 14:17:07 2017 + Fix access violation when reporting sections that could not be dumped. PR binutils/21147 * readelf.c (process_section_contents): Fix off by one error reporting un-dumped sections. -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/21137] readelf - heap buffer overflow in elfcomm
https://sourceware.org/bugzilla/show_bug.cgi?id=21137 --- Comment #6 from Nick Clifton --- *** Bug 21146 has been marked as a duplicate of this bug. *** -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/21137] readelf - heap buffer overflow in elfcomm
https://sourceware.org/bugzilla/show_bug.cgi?id=21137 --- Comment #5 from Nick Clifton --- *** Bug 21140 has been marked as a duplicate of this bug. *** -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/21137] readelf - heap buffer overflow in elfcomm
https://sourceware.org/bugzilla/show_bug.cgi?id=21137 --- Comment #4 from Nick Clifton --- *** Bug 21141 has been marked as a duplicate of this bug. *** -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/21142] readelf segfault - invalid read of size 8
https://sourceware.org/bugzilla/show_bug.cgi?id=21142 Nick Clifton changed: What|Removed |Added Status|UNCONFIRMED |RESOLVED CC||nickc at redhat dot com Resolution|--- |DUPLICATE --- Comment #1 from Nick Clifton --- Another duplicate bug. *** This bug has been marked as a duplicate of bug 21139 *** -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/21140] readelf segfault - use after free in elfcomm.c
https://sourceware.org/bugzilla/show_bug.cgi?id=21140 Nick Clifton changed: What|Removed |Added Status|UNCONFIRMED |RESOLVED CC||nickc at redhat dot com Resolution|--- |DUPLICATE --- Comment #1 from Nick Clifton --- Another duplicate bug. *** This bug has been marked as a duplicate of bug 21137 *** -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/21139] readelf crashes - corrupted double-linked list because of use after free
https://sourceware.org/bugzilla/show_bug.cgi?id=21139 --- Comment #1 from cvs-commit at gcc dot gnu.org --- The master branch has been updated by Nick Clifton: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=f84ce13b6708801ca1d6289b7c4003e2f5a6d7f9 commit f84ce13b6708801ca1d6289b7c4003e2f5a6d7f9 Author: Nick Clifton Date: Mon Feb 13 14:03:22 2017 + Fix read-after-free error in readelf when processing multiple, relocated sections in an MSP430 binary. PR binutils/21139 * readelf.c (target_specific_reloc_handling): Add num_syms parameter. Check for symbol table overflow before accessing symbol value. If reloc pointer is NULL, discard all saved state. (apply_relocations): Pass num_syms to target_specific_reloc_handling. Call target_specific_reloc_handling with a NULL reloc pointer after processing all of the relocs. -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug ld/21000] hppa-linux does not support -z relro
https://sourceware.org/bugzilla/show_bug.cgi?id=21000 --- Comment #16 from dave.anglin at bell dot net --- On 2017-02-12, at 8:34 PM, amodra at gmail dot com wrote: > I obviously didn't understand the alias problem.. If I am grasping it > correctly now, is the complaint about INEQUIVALENT ALIASES really that in the > following load map from a trivial -z relro main.c we have file offsets in the > same page? > > LOAD 0x00 0x0001 0x0001 0x00898 0x00898 R E 0x1000 > LOAD 0x000f20 0x00011f20 0x00011f20 0x0014c 0x0015c RWE 0x1000 I think the issue is easiest to understand by looking at the maps file for the process. For the trivial -z relro main we have dave@mx3210:/proc/19876$ cat maps 0001-00011000 r-xp 08:11 11799480 /home/dave/ffmpeg/main 00011000-00012000 r--p 08:11 11799480 /home/dave/ffmpeg/main 00012000-00013000 rwxp 1000 08:11 11799480 /home/dave/ffmpeg/main f9ffb000-fa167000 r-xp 08:25 33770753 /lib/hppa-linux-gnu/libc-2.24.so fa167000-fa16e000 rwxp 0016c000 08:25 33770753 /lib/hppa-linux-gnu/libc-2.24.so fa16e000-fa17 rwxp 00:00 0 fa3f8000-fa41b000 r-xp 08:25 33710119 /lib/hppa-linux-gnu/ld-2.24.so fa41b000-fa41f000 rwxp 00023000 08:25 33710119 /lib/hppa-linux-gnu/ld-2.24.so fa4fc000-fa501000 rw-p 00:00 0 fa501000-fa523000 rwxp 00:00 0 [stack] Without -z relro, we have dave@mx3210:/proc/25080$ cat maps 0001-00011000 r-xp 08:11 11799480 /home/dave/ffmpeg/main 00011000-00012000 rwxp 1000 08:11 11799480 /home/dave/ffmpeg/main f9ffb000-fa167000 r-xp 08:25 33770753 /lib/hppa-linux-gnu/libc-2.24.so fa167000-fa16e000 rwxp 0016c000 08:25 33770753 /lib/hppa-linux-gnu/libc-2.24.so fa16e000-fa17 rwxp 00:00 0 fa3f8000-fa41b000 r-xp 08:25 33710119 /lib/hppa-linux-gnu/ld-2.24.so fa41b000-fa41f000 rwxp 00023000 08:25 33710119 /lib/hppa-linux-gnu/ld-2.24.so fa4fc000-fa501000 rw-p 00:00 0 fa501000-fa523000 rwxp 00:00 0 [stack] -- John David Anglin dave.ang...@bell.net -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/21137] readelf - heap buffer overflow in elfcomm
https://sourceware.org/bugzilla/show_bug.cgi?id=21137 Nick Clifton changed: What|Removed |Added Status|UNCONFIRMED |RESOLVED CC||nickc at redhat dot com Resolution|--- |FIXED --- Comment #3 from Nick Clifton --- Hi Thuan, Thanks for reporting this bug. I have applied a patch to fix the problem. The issue was the code in readelf that processes target specific relocations was not checking for possible buffer overflow. So I have added these checks. Cheers Nick -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/21137] readelf - heap buffer overflow in elfcomm
https://sourceware.org/bugzilla/show_bug.cgi?id=21137 --- Comment #1 from cvs-commit at gcc dot gnu.org --- The master branch has been updated by Nick Clifton: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=03f7786e2f440b9892b1c34a58fb26222ce1b493 commit 03f7786e2f440b9892b1c34a58fb26222ce1b493 Author: Nick Clifton Date: Mon Feb 13 13:08:32 2017 + Fix readelf writing to illegal addresses whilst processing corrupt input files containing symbol-difference relocations. PR binutils/21137 * readelf.c (target_specific_reloc_handling): Add end parameter. Check for buffer overflow before writing relocated values. (apply_relocations): Pass end to target_specific_reloc_handling. -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/21137] readelf - heap buffer overflow in elfcomm
https://sourceware.org/bugzilla/show_bug.cgi?id=21137 --- Comment #2 from Nick Clifton --- *** Bug 21138 has been marked as a duplicate of this bug. *** -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/21138] readelf segfault - multiple buffer overflow in elfcomm.c
https://sourceware.org/bugzilla/show_bug.cgi?id=21138 Nick Clifton changed: What|Removed |Added Status|UNCONFIRMED |RESOLVED CC||nickc at redhat dot com Resolution|--- |DUPLICATE --- Comment #1 from Nick Clifton --- Hi Thuan, Thanks for reporting this problem. It turns out that this bug is a duplicate of the one you reported in PR 21137, and it is fixed by the patch that fixes that PR. Cheers Nick *** This bug has been marked as a duplicate of bug 21137 *** -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/21133] Readelf doesn't warn about malformed ELF
https://sourceware.org/bugzilla/show_bug.cgi?id=21133 Nick Clifton changed: What|Removed |Added Status|UNCONFIRMED |RESOLVED CC||nickc at redhat dot com Resolution|--- |WORKSFORME --- Comment #1 from Nick Clifton --- Hi Peter, > Would it be possible to get a warning added to readelf for this? We added a warning for this last year. :-) It will be in the 2.28 release, or you could download the latest development sources and try for yourself. You should see: $ readelf --syms basm.o Symbol table '.symtab' contains 7 entries: Num:Value Size TypeBind Vis Ndx Name 0: 0 NOTYPE LOCAL DEFAULT UND 1: 0 FILELOCAL DEFAULT ABS file.asm 2: 0 SECTION LOCAL DEFAULT1 3: 0 SECTION LOCAL DEFAULT2 4: 0 NOTYPE LOCAL DEFAULT1 message 5: 0 NOTYPE GLOBAL DEFAULT2 _start 6: 000a 0 NOTYPE LOCAL DEFAULT2 bar readelf: Warning: local symbol 6 found at index >= .symtab's sh_info value of 6 Cheers Nick -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/21135] readelf segfault - invalid read
https://sourceware.org/bugzilla/show_bug.cgi?id=21135 --- Comment #1 from Thuan Pham --- binutils was built with ASAN using gcc-6.2 and clang-3.4. The configure command was: CC=clang CFLAGS="-DFORTIFY_SOURCE=2 -fstack-protector-all -fsanitize=undefined,address -fno-omit-frame-pointer -g -Wno-error" ../configure --disable-shared --disable-gdb --disable-libdecnumber --disable-readline --disable-sim -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/21136] readelf segfault - heap buffer overflow
https://sourceware.org/bugzilla/show_bug.cgi?id=21136 --- Comment #1 from Thuan Pham --- binutils was built with ASAN using gcc-6.2 and clang-3.4. The configure command was: CC=clang CFLAGS="-DFORTIFY_SOURCE=2 -fstack-protector-all -fsanitize=undefined,address -fno-omit-frame-pointer -g -Wno-error" ../configure --disable-shared --disable-gdb --disable-libdecnumber --disable-readline --disable-sim -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/21147] New: readelf - heap buffer overflow, invalid read
https://sourceware.org/bugzilla/show_bug.cgi?id=21147 Bug ID: 21147 Summary: readelf - heap buffer overflow, invalid read Product: binutils Version: 2.29 (HEAD) Status: UNCONFIRMED Severity: normal Priority: P2 Component: binutils Assignee: unassigned at sourceware dot org Reporter: thuanpv at comp dot nus.edu.sg Target Milestone: --- Created attachment 9814 --> https://sourceware.org/bugzilla/attachment.cgi?id=9814=edit Bug triggering input Dear all, This bug was found with AFLGo, a directed version of AFL/AFLFast. Thanks also to Marcel Böhme. This bug was found on Ubuntu 14.04 64-bit & binutils was checkout from main repository at git://sourceware.org/git/binutils-gdb.git. Its commit is 53f7e8ea7fad1fcff1b58f4cbd74e192e0bcbc1d (Fri Feb 10 00:00:16 2017) binutils was built with ASAN using gcc-6.2 and clang-3.4. The configure command was: CC=clang CFLAGS="-DFORTIFY_SOURCE=2 -fstack-protector-all -fsanitize=undefined,address -fno-omit-frame-pointer -g -Wno-error" ../configure --disable-shared --disable-gdb --disable-libdecnumber --disable-readline --disable-sim To reproduce: Download the attached file - bug_13 readelf -p 7 bug_13 Valgrind says: ==12826== Invalid read of size 1 ==12826==at 0x423674: process_section_contents (readelf.c:13097) ==12826==by 0x423674: process_object (readelf.c:16780) ==12826==by 0x402111: process_file (readelf.c:17154) ==12826==by 0x402111: main (readelf.c:17225) ==12826== Address 0x51fd5a8 is 0 bytes after a block of size 8 alloc'd ==12826==at 0x4C2CC70: calloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==12826==by 0x406B10: request_dump_bynumber (readelf.c:4298) ==12826==by 0x406BFA: request_dump (readelf.c:4356) ==12826==by 0x401D47: parse_args (readelf.c:4449) ==12826==by 0x401D47: main (readelf.c:17198) ASAN says: ==3009==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6020ef58 at pc 0x4e1b6d bp 0x7ffca5290210 sp 0x7ffca5290208 READ of size 1 at 0x6020ef58 thread T0 #0 0x4e1b6c in process_section_contents /home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:13097 #1 0x48d610 in process_object /home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:16780 #2 0x488365 in process_file /home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:17154 #3 0x4855c3 in main /home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:17225 #4 0x7f6ce7ee1f44 (/lib/x86_64-linux-gnu/libc.so.6+0x21f44) #5 0x47ddfc in _start (/home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/readelf+0x47ddfc) -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/21146] New: readelf segfault - multiple invalid write in elfcomm.c
https://sourceware.org/bugzilla/show_bug.cgi?id=21146 Bug ID: 21146 Summary: readelf segfault - multiple invalid write in elfcomm.c Product: binutils Version: 2.29 (HEAD) Status: UNCONFIRMED Severity: normal Priority: P2 Component: binutils Assignee: unassigned at sourceware dot org Reporter: thuanpv at comp dot nus.edu.sg Target Milestone: --- Created attachment 9813 --> https://sourceware.org/bugzilla/attachment.cgi?id=9813=edit Crashing input Dear all, This bug was found with AFLGo, a directed version of AFL/AFLFast. Thanks also to Marcel Böhme. This bug was found on Ubuntu 14.04 64-bit & binutils was checkout from main repository at git://sourceware.org/git/binutils-gdb.git. Its commit is 53f7e8ea7fad1fcff1b58f4cbd74e192e0bcbc1d (Fri Feb 10 00:00:16 2017) binutils was built with ASAN using gcc-6.2 and clang-3.4. The configure command was: CC=clang CFLAGS="-DFORTIFY_SOURCE=2 -fstack-protector-all -fsanitize=undefined,address -fno-omit-frame-pointer -g -Wno-error" ../configure --disable-shared --disable-gdb --disable-libdecnumber --disable-readline --disable-sim To reproduce: Download the attached file - bug_12 readelf -R6 bug_12 Valgrinds: ==115836== Invalid write of size 1 ==115836==at 0x438C87: byte_put_little_endian (elfcomm.c:75) ==115836==by 0x408B97: target_specific_reloc_handling (readelf.c:11640) ==115836==by 0x408B97: apply_relocations (readelf.c:12343) ==115836==by 0x40EAC6: dump_section_as_bytes (readelf.c:12744) ==115836==by 0x42334D: process_section_contents (readelf.c:13085) ==115836==by 0x42334D: process_object (readelf.c:16780) ==115836==by 0x402111: process_file (readelf.c:17154) ==115836==by 0x402111: main (readelf.c:17225) ==115836== Address 0x5203a08 is 19 bytes after a block of size 5 alloc'd ==115836==at 0x4C2AB80: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==115836==by 0x40566E: get_data (readelf.c:393) ==115836==by 0x40E7EB: dump_section_as_bytes (readelf.c:12685) ==115836==by 0x42334D: process_section_contents (readelf.c:13085) ==115836==by 0x42334D: process_object (readelf.c:16780) ==115836==by 0x402111: process_file (readelf.c:17154) ==115836==by 0x402111: main (readelf.c:17225) ==115836== ==115836== Invalid write of size 1 ==115836==at 0x438C91: byte_put_little_endian (elfcomm.c:78) ==115836==by 0x408B97: target_specific_reloc_handling (readelf.c:11640) ==115836==by 0x408B97: apply_relocations (readelf.c:12343) ==115836==by 0x40EAC6: dump_section_as_bytes (readelf.c:12744) ==115836==by 0x42334D: process_section_contents (readelf.c:13085) ==115836==by 0x42334D: process_object (readelf.c:16780) ==115836==by 0x402111: process_file (readelf.c:17154) ==115836==by 0x402111: main (readelf.c:17225) ==115836== Address 0x5203a07 is 18 bytes after a block of size 5 alloc'd ==115836==at 0x4C2AB80: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==115836==by 0x40566E: get_data (readelf.c:393) ==115836==by 0x40E7EB: dump_section_as_bytes (readelf.c:12685) ==115836==by 0x42334D: process_section_contents (readelf.c:13085) ==115836==by 0x42334D: process_object (readelf.c:16780) ==115836==by 0x402111: process_file (readelf.c:17154) ==115836==by 0x402111: main (readelf.c:17225) ==115836== ==115836== Invalid write of size 1 ==115836==at 0x438C9B: byte_put_little_endian (elfcomm.c:81) ==115836==by 0x408B97: target_specific_reloc_handling (readelf.c:11640) ==115836==by 0x408B97: apply_relocations (readelf.c:12343) ==115836==by 0x40EAC6: dump_section_as_bytes (readelf.c:12744) ==115836==by 0x42334D: process_section_contents (readelf.c:13085) ==115836==by 0x42334D: process_object (readelf.c:16780) ==115836==by 0x402111: process_file (readelf.c:17154) ==115836==by 0x402111: main (readelf.c:17225) ==115836== Address 0x5203a06 is 17 bytes after a block of size 5 alloc'd ==115836==at 0x4C2AB80: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==115836==by 0x40566E: get_data (readelf.c:393) ==115836==by 0x40E7EB: dump_section_as_bytes (readelf.c:12685) ==115836==by 0x42334D: process_section_contents (readelf.c:13085) ==115836==by 0x42334D: process_object (readelf.c:16780) ==115836==by 0x402111: process_file (readelf.c:17154) ==115836==by 0x402111: main (readelf.c:17225) ==115836== ==115836== Invalid write of size 1 ==115836==at 0x438C9E: byte_put_little_endian (elfcomm.c:84) ==115836==by 0x408B97: target_specific_reloc_handling (readelf.c:11640) ==115836==by 0x408B97: apply_relocations (readelf.c:12343) ==115836==by 0x40EAC6: dump_section_as_bytes (readelf.c:12744) ==115836==by 0x42334D: process_section_contents (readelf.c:13085) ==115836==by 0x42334D: process_object (readelf.c:16780) ==115836==by 0x402111: process_file
[Bug binutils/21149] New: readelf - several invalid read
https://sourceware.org/bugzilla/show_bug.cgi?id=21149 Bug ID: 21149 Summary: readelf - several invalid read Product: binutils Version: 2.29 (HEAD) Status: UNCONFIRMED Severity: normal Priority: P2 Component: binutils Assignee: unassigned at sourceware dot org Reporter: thuanpv at comp dot nus.edu.sg Target Milestone: --- Created attachment 9816 --> https://sourceware.org/bugzilla/attachment.cgi?id=9816=edit Bug triggering input Dear all, This bug was found with AFLGo, a directed version of AFL/AFLFast. Thanks also to Marcel Böhme. This bug was found on Ubuntu 14.04 64-bit & binutils was checkout from main repository at git://sourceware.org/git/binutils-gdb.git. Its commit is 53f7e8ea7fad1fcff1b58f4cbd74e192e0bcbc1d (Fri Feb 10 00:00:16 2017) binutils was built with ASAN using gcc-6.2 and clang-3.4. The configure command was: CC=clang CFLAGS="-DFORTIFY_SOURCE=2 -fstack-protector-all -fsanitize=undefined,address -fno-omit-frame-pointer -g -Wno-error" ../configure --disable-shared --disable-gdb --disable-libdecnumber --disable-readline --disable-sim To reproduce: Download the attached file - bug_15 readelf -zxt bug_15 Valgrind says: ==81060== Invalid read of size 1 ==81060==at 0x438D7C: byte_get_little_endian (elfcomm.c:211) ==81060==by 0x408707: get_compression_header (readelf.c:5735) ==81060==by 0x40EADA: dump_section_as_bytes (readelf.c:12700) ==81060==by 0x42332E: process_section_contents (readelf.c:13082) ==81060==by 0x42332E: process_object (readelf.c:16780) ==81060==by 0x402111: process_file (readelf.c:17154) ==81060==by 0x402111: main (readelf.c:17225) ==81060== Address 0x5203c62 is 0 bytes after a block of size 18 alloc'd ==81060==at 0x4C2AB80: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==81060==by 0x40566E: get_data (readelf.c:393) ==81060==by 0x40E7EB: dump_section_as_bytes (readelf.c:12685) ==81060==by 0x42332E: process_section_contents (readelf.c:13082) ==81060==by 0x42332E: process_object (readelf.c:16780) ==81060==by 0x402111: process_file (readelf.c:17154) ==81060==by 0x402111: main (readelf.c:17225) ==81060== ==81060== Invalid read of size 1 ==81060==at 0x438D92: byte_get_little_endian (elfcomm.c:212) ==81060==by 0x408707: get_compression_header (readelf.c:5735) ==81060==by 0x40EADA: dump_section_as_bytes (readelf.c:12700) ==81060==by 0x42332E: process_section_contents (readelf.c:13082) ==81060==by 0x42332E: process_object (readelf.c:16780) ==81060==by 0x402111: process_file (readelf.c:17154) ==81060==by 0x402111: main (readelf.c:17225) ==81060== Address 0x5203c63 is 1 bytes after a block of size 18 alloc'd ==81060==at 0x4C2AB80: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==81060==by 0x40566E: get_data (readelf.c:393) ==81060==by 0x40E7EB: dump_section_as_bytes (readelf.c:12685) ==81060==by 0x42332E: process_section_contents (readelf.c:13082) ==81060==by 0x42332E: process_object (readelf.c:16780) ==81060==by 0x402111: process_file (readelf.c:17154) ==81060==by 0x402111: main (readelf.c:17225) ==81060== ==81060== Invalid read of size 1 ==81060==at 0x438D9D: byte_get_little_endian (elfcomm.c:213) ==81060==by 0x408707: get_compression_header (readelf.c:5735) ==81060==by 0x40EADA: dump_section_as_bytes (readelf.c:12700) ==81060==by 0x42332E: process_section_contents (readelf.c:13082) ==81060==by 0x42332E: process_object (readelf.c:16780) ==81060==by 0x402111: process_file (readelf.c:17154) ==81060==by 0x402111: main (readelf.c:17225) ==81060== Address 0x5203c64 is 2 bytes after a block of size 18 alloc'd ==81060==at 0x4C2AB80: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==81060==by 0x40566E: get_data (readelf.c:393) ==81060==by 0x40E7EB: dump_section_as_bytes (readelf.c:12685) ==81060==by 0x42332E: process_section_contents (readelf.c:13082) ==81060==by 0x42332E: process_object (readelf.c:16780) ==81060==by 0x402111: process_file (readelf.c:17154) ==81060==by 0x402111: main (readelf.c:17225) ==81060== ==81060== Invalid read of size 1 ==81060==at 0x438DA8: byte_get_little_endian (elfcomm.c:214) ==81060==by 0x408707: get_compression_header (readelf.c:5735) ==81060==by 0x40EADA: dump_section_as_bytes (readelf.c:12700) ==81060==by 0x42332E: process_section_contents (readelf.c:13082) ==81060==by 0x42332E: process_object (readelf.c:16780) ==81060==by 0x402111: process_file (readelf.c:17154) ==81060==by 0x402111: main (readelf.c:17225) ==81060== Address 0x5203c65 is 3 bytes after a block of size 18 alloc'd ==81060==at 0x4C2AB80: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==81060==by 0x40566E: get_data (readelf.c:393) ==81060==by 0x40E7EB: dump_section_as_bytes (readelf.c:12685) ==81060==
[Bug binutils/21148] New: readelf - multiple invalid read
https://sourceware.org/bugzilla/show_bug.cgi?id=21148 Bug ID: 21148 Summary: readelf - multiple invalid read Product: binutils Version: 2.29 (HEAD) Status: UNCONFIRMED Severity: normal Priority: P2 Component: binutils Assignee: unassigned at sourceware dot org Reporter: thuanpv at comp dot nus.edu.sg Target Milestone: --- Created attachment 9815 --> https://sourceware.org/bugzilla/attachment.cgi?id=9815=edit Bug triggering input Dear all, This bug was found with AFLGo, a directed version of AFL/AFLFast. Thanks also to Marcel Böhme. This bug was found on Ubuntu 14.04 64-bit & binutils was checkout from main repository at git://sourceware.org/git/binutils-gdb.git. Its commit is 53f7e8ea7fad1fcff1b58f4cbd74e192e0bcbc1d (Fri Feb 10 00:00:16 2017) binutils was built with ASAN using gcc-6.2 and clang-3.4. The configure command was: CC=clang CFLAGS="-DFORTIFY_SOURCE=2 -fstack-protector-all -fsanitize=undefined,address -fno-omit-frame-pointer -g -Wno-error" ../configure --disable-shared --disable-gdb --disable-libdecnumber --disable-readline --disable-sim To reproduce: Download the attached file - bug_14 readelf -a bug_14 Valgrind says: ==46771== Invalid read of size 1 ==46771==at 0x438E2A: byte_get_little_endian (elfcomm.c:151) ==46771==by 0x41127E: process_version_sections (readelf.c:10029) ==46771==by 0x422E63: process_object (readelf.c:16778) ==46771==by 0x402111: process_file (readelf.c:17154) ==46771==by 0x402111: main (readelf.c:17225) ==46771== Address 0x52086b8 is 0 bytes after a block of size 248 alloc'd ==46771==at 0x4C2AB80: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==46771==by 0x40566E: get_data (readelf.c:393) ==46771==by 0x42: process_version_sections (readelf.c:9980) ==46771==by 0x422E63: process_object (readelf.c:16778) ==46771==by 0x402111: process_file (readelf.c:17154) ==46771==by 0x402111: main (readelf.c:17225) ==46771== ==46771== Invalid read of size 1 ==46771==at 0x438E10: byte_get_little_endian (elfcomm.c:149) ==46771==by 0x411291: process_version_sections (readelf.c:10030) ==46771==by 0x422E63: process_object (readelf.c:16778) ==46771==by 0x402111: process_file (readelf.c:17154) ==46771==by 0x402111: main (readelf.c:17225) ==46771== Address 0x52086ba is 2 bytes after a block of size 248 alloc'd ==46771==at 0x4C2AB80: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==46771==by 0x40566E: get_data (readelf.c:393) ==46771==by 0x42: process_version_sections (readelf.c:9980) ==46771==by 0x422E63: process_object (readelf.c:16778) ==46771==by 0x402111: process_file (readelf.c:17154) ==46771==by 0x402111: main (readelf.c:17225) ==46771== ==46771== Invalid read of size 1 ==46771==at 0x438E14: byte_get_little_endian (elfcomm.c:150) ==46771==by 0x411291: process_version_sections (readelf.c:10030) ==46771==by 0x422E63: process_object (readelf.c:16778) ==46771==by 0x402111: process_file (readelf.c:17154) ==46771==by 0x402111: main (readelf.c:17225) ==46771== Address 0x52086bb is 3 bytes after a block of size 248 alloc'd ==46771==at 0x4C2AB80: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==46771==by 0x40566E: get_data (readelf.c:393) ==46771==by 0x42: process_version_sections (readelf.c:9980) ==46771==by 0x422E63: process_object (readelf.c:16778) ==46771==by 0x402111: process_file (readelf.c:17154) ==46771==by 0x402111: main (readelf.c:17225) ==46771== ==46771== Invalid read of size 1 ==46771==at 0x438E24: byte_get_little_endian (elfcomm.c:148) ==46771==by 0x411291: process_version_sections (readelf.c:10030) ==46771==by 0x422E63: process_object (readelf.c:16778) ==46771==by 0x402111: process_file (readelf.c:17154) ==46771==by 0x402111: main (readelf.c:17225) ==46771== Address 0x52086b9 is 1 bytes after a block of size 248 alloc'd ==46771==at 0x4C2AB80: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==46771==by 0x40566E: get_data (readelf.c:393) ==46771==by 0x42: process_version_sections (readelf.c:9980) ==46771==by 0x422E63: process_object (readelf.c:16778) ==46771==by 0x402111: process_file (readelf.c:17154) ==46771==by 0x402111: main (readelf.c:17225) ==46771== ==46771== Invalid read of size 1 ==46771==at 0x438E2A: byte_get_little_endian (elfcomm.c:151) ==46771==by 0x411291: process_version_sections (readelf.c:10030) ==46771==by 0x422E63: process_object (readelf.c:16778) ==46771==by 0x402111: process_file (readelf.c:17154) ==46771==by 0x402111: main (readelf.c:17225) ==46771== Address 0x52086bc is 4 bytes after a block of size 248 alloc'd ==46771==at 0x4C2AB80: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==46771==by 0x40566E: get_data (readelf.c:393) ==46771==
[Bug binutils/21145] New: readelf segfault - null pointer dereferencing
https://sourceware.org/bugzilla/show_bug.cgi?id=21145 Bug ID: 21145 Summary: readelf segfault - null pointer dereferencing Product: binutils Version: 2.29 (HEAD) Status: UNCONFIRMED Severity: normal Priority: P2 Component: binutils Assignee: unassigned at sourceware dot org Reporter: thuanpv at comp dot nus.edu.sg Target Milestone: --- Created attachment 9812 --> https://sourceware.org/bugzilla/attachment.cgi?id=9812=edit Crashing input Dear all, This bug was found with AFLGo, a directed version of AFL/AFLFast. Thanks also to Marcel Böhme. This bug was found on Ubuntu 14.04 64-bit & binutils was checkout from main repository at git://sourceware.org/git/binutils-gdb.git. Its commit is 53f7e8ea7fad1fcff1b58f4cbd74e192e0bcbc1d (Fri Feb 10 00:00:16 2017) binutils was built with ASAN using gcc-6.2 and clang-3.4. The configure command was: CC=clang CFLAGS="-DFORTIFY_SOURCE=2 -fstack-protector-all -fsanitize=undefined,address -fno-omit-frame-pointer -g -Wno-error" ../configure --disable-shared --disable-gdb --disable-libdecnumber --disable-readline --disable-sim To reproduce: Download the attached file - bug_11 readelf -w bug_11 Valgrind says: ==59939== Invalid read of size 8 ==59939==at 0x408F15: target_specific_reloc_handling (readelf.c:11675) ==59939==by 0x408F15: apply_relocations (readelf.c:12343) ==59939==by 0x40B133: load_specific_debug_section (readelf.c:12905) ==59939==by 0x42384B: display_debug_section (readelf.c:13009) ==59939==by 0x42384B: process_section_contents (readelf.c:13091) ==59939==by 0x42384B: process_object (readelf.c:16780) ==59939==by 0x402111: process_file (readelf.c:17154) ==59939==by 0x402111: main (readelf.c:17225) ==59939== Address 0x0 is not stack'd, malloc'd or (recently) free'd ==59939== ==59939== ==59939== Process terminating with default action of signal 11 (SIGSEGV) ==59939== Access not within mapped region at address 0x0 ==59939==at 0x408F15: target_specific_reloc_handling (readelf.c:11675) ==59939==by 0x408F15: apply_relocations (readelf.c:12343) ==59939==by 0x40B133: load_specific_debug_section (readelf.c:12905) ==59939==by 0x42384B: display_debug_section (readelf.c:13009) ==59939==by 0x42384B: process_section_contents (readelf.c:13091) ==59939==by 0x42384B: process_object (readelf.c:16780) ==59939==by 0x402111: process_file (readelf.c:17154) ==59939==by 0x402111: main (readelf.c:17225) ASAN says: ==44698==ERROR: AddressSanitizer: SEGV on unknown address 0x (pc 0x0054b47b sp 0x7ffebb728f20 bp 0x7ffebb7293f0 T0) #0 0x54b47a in target_specific_reloc_handling /home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:11674 #1 0x52e6dc in apply_relocations /home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:12343 #2 0x4846b5 in load_specific_debug_section /home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:12905 #3 0x564b4c in display_debug_section /home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:13009 #4 0x4e194f in process_section_contents /home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:13091 #5 0x48d610 in process_object /home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:16780 #6 0x488365 in process_file /home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:17154 #7 0x4855c3 in main /home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:17225 #8 0x7ff9ef5a4f44 (/lib/x86_64-linux-gnu/libc.so.6+0x21f44) #9 0x47ddfc in _start (/home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/readelf+0x47ddfc) -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/21144] New: readelf segfault - heap buffer overflow, invalid read of size 8
https://sourceware.org/bugzilla/show_bug.cgi?id=21144 Bug ID: 21144 Summary: readelf segfault - heap buffer overflow, invalid read of size 8 Product: binutils Version: 2.29 (HEAD) Status: UNCONFIRMED Severity: normal Priority: P2 Component: binutils Assignee: unassigned at sourceware dot org Reporter: thuanpv at comp dot nus.edu.sg Target Milestone: --- Created attachment 9811 --> https://sourceware.org/bugzilla/attachment.cgi?id=9811=edit Crashing input Dear all, This bug was found with AFLGo, a directed version of AFL/AFLFast. Thanks also to Marcel Böhme. This bug was found on Ubuntu 14.04 64-bit & binutils was checkout from main repository at git://sourceware.org/git/binutils-gdb.git. Its commit is 53f7e8ea7fad1fcff1b58f4cbd74e192e0bcbc1d (Fri Feb 10 00:00:16 2017) binutils was built with ASAN using gcc-6.2 and clang-3.4. The configure command was: CC=clang CFLAGS="-DFORTIFY_SOURCE=2 -fstack-protector-all -fsanitize=undefined,address -fno-omit-frame-pointer -g -Wno-error" ../configure --disable-shared --disable-gdb --disable-libdecnumber --disable-readline --disable-sim To reproduce: Download the attached file - bug_10 readelf -w bug_10 Valgrind says: ==25482== Invalid read of size 8 ==25482==at 0x408B77: target_specific_reloc_handling (readelf.c:11638) ==25482==by 0x408B77: apply_relocations (readelf.c:12343) ==25482==by 0x40B133: load_specific_debug_section (readelf.c:12905) ==25482==by 0x42384B: display_debug_section (readelf.c:13009) ==25482==by 0x42384B: process_section_contents (readelf.c:13091) ==25482==by 0x42384B: process_object (readelf.c:16780) ==25482==by 0x402111: process_file (readelf.c:17154) ==25482==by 0x402111: main (readelf.c:17225) ==25482== Address 0x2005204870 is not stack'd, malloc'd or (recently) free'd ==25482== ==25482== ==25482== Process terminating with default action of signal 11 (SIGSEGV) ==25482== Access not within mapped region at address 0x2005204870 ==25482==at 0x408B77: target_specific_reloc_handling (readelf.c:11638) ==25482==by 0x408B77: apply_relocations (readelf.c:12343) ==25482==by 0x40B133: load_specific_debug_section (readelf.c:12905) ==25482==by 0x42384B: display_debug_section (readelf.c:13009) ==25482==by 0x42384B: process_section_contents (readelf.c:13091) ==25482==by 0x42384B: process_object (readelf.c:16780) ==25482==by 0x402111: process_file (readelf.c:17154) ==25482==by 0x402111: main (readelf.c:17225) ASAN says: ==22833==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6190fc00 at pc 0x54aa2e bp 0x7fff12c68350 sp 0x7fff12c68348 READ of size 8 at 0x6190fc00 thread T0 #0 0x54aa2d in target_specific_reloc_handling /home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:11637 #1 0x52e6dc in apply_relocations /home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:12343 #2 0x4846b5 in load_specific_debug_section /home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:12905 #3 0x564b4c in display_debug_section /home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:13009 #4 0x4e194f in process_section_contents /home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:13091 #5 0x48d610 in process_object /home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:16780 #6 0x488365 in process_file /home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:17154 #7 0x4855c3 in main /home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:17225 #8 0x7f4423038f44 (/lib/x86_64-linux-gnu/libc.so.6+0x21f44) #9 0x47ddfc in _start (/home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/readelf+0x47ddfc) -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/21143] New: readelf segfault - heap buffer overflow, invalid read of size 8
https://sourceware.org/bugzilla/show_bug.cgi?id=21143 Bug ID: 21143 Summary: readelf segfault - heap buffer overflow, invalid read of size 8 Product: binutils Version: 2.29 (HEAD) Status: UNCONFIRMED Severity: normal Priority: P2 Component: binutils Assignee: unassigned at sourceware dot org Reporter: thuanpv at comp dot nus.edu.sg Target Milestone: --- Created attachment 9810 --> https://sourceware.org/bugzilla/attachment.cgi?id=9810=edit Crashing input Dear all, This bug was found with AFLGo, a directed version of AFL/AFLFast. Thanks also to Marcel Böhme. This bug was found on Ubuntu 14.04 64-bit & binutils was checkout from main repository at git://sourceware.org/git/binutils-gdb.git. Its commit is 53f7e8ea7fad1fcff1b58f4cbd74e192e0bcbc1d (Fri Feb 10 00:00:16 2017) binutils was built with ASAN using gcc-6.2 and clang-3.4. The configure command was: CC=clang CFLAGS="-DFORTIFY_SOURCE=2 -fstack-protector-all -fsanitize=undefined,address -fno-omit-frame-pointer -g -Wno-error" ../configure --disable-shared --disable-gdb --disable-libdecnumber --disable-readline --disable-sim To reproduce: Download the attached file - bug_9 readelf -R6 bug_9 Valgrind says: Hex dump of section '.debug_info': readelf: Error: Unhandled MSP430 reloc type found after SYM_DIFF reloc readelf: Warning: unable to apply unsupported reloc type 7 to section .debug_info ==6435== Invalid read of size 8 ==6435==at 0x408B77: target_specific_reloc_handling (readelf.c:11638) ==6435==by 0x408B77: apply_relocations (readelf.c:12343) ==6435==by 0x40EAC6: dump_section_as_bytes (readelf.c:12744) ==6435==by 0x42334D: process_section_contents (readelf.c:13085) ==6435==by 0x42334D: process_object (readelf.c:16780) ==6435==by 0x402111: process_file (readelf.c:17154) ==6435==by 0x402111: main (readelf.c:17225) ==6435== Address 0x20052040e0 is not stack'd, malloc'd or (recently) free'd ==6435== ==6435== ==6435== Process terminating with default action of signal 11 (SIGSEGV) ==6435== Access not within mapped region at address 0x20052040E0 ==6435==at 0x408B77: target_specific_reloc_handling (readelf.c:11638) ==6435==by 0x408B77: apply_relocations (readelf.c:12343) ==6435==by 0x40EAC6: dump_section_as_bytes (readelf.c:12744) ==6435==by 0x42334D: process_section_contents (readelf.c:13085) ==6435==by 0x42334D: process_object (readelf.c:16780) ==6435==by 0x402111: process_file (readelf.c:17154) ==6435==by 0x402111: main (readelf.c:17225) ASAN says: ==4286==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6190fc00 at pc 0x54aa2e bp 0x7ffd5d8f73b0 sp 0x7ffd5d8f73a8 READ of size 8 at 0x6190fc00 thread T0 #0 0x54aa2d in target_specific_reloc_handling /home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:11637 #1 0x52e6dc in apply_relocations /home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:12343 #2 0x55de03 in dump_section_as_bytes /home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:12744 #3 0x4e1531 in process_section_contents /home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:13085 #4 0x48d610 in process_object /home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:16780 #5 0x488365 in process_file /home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:17154 #6 0x4855c3 in main /home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:17225 #7 0x7f7b0b7baf44 (/lib/x86_64-linux-gnu/libc.so.6+0x21f44) #8 0x47ddfc in _start (/home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/readelf+0x47ddfc) -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/21142] New: readelf segfault - invalid read of size 8
https://sourceware.org/bugzilla/show_bug.cgi?id=21142 Bug ID: 21142 Summary: readelf segfault - invalid read of size 8 Product: binutils Version: 2.29 (HEAD) Status: UNCONFIRMED Severity: normal Priority: P2 Component: binutils Assignee: unassigned at sourceware dot org Reporter: thuanpv at comp dot nus.edu.sg Target Milestone: --- Created attachment 9809 --> https://sourceware.org/bugzilla/attachment.cgi?id=9809=edit Crashing input Dear all, This bug was found with AFLGo, a directed version of AFL/AFLFast. Thanks also to Marcel Böhme. This bug was found on Ubuntu 14.04 64-bit & binutils was checkout from main repository at git://sourceware.org/git/binutils-gdb.git. Its commit is 53f7e8ea7fad1fcff1b58f4cbd74e192e0bcbc1d (Fri Feb 10 00:00:16 2017) binutils was built with ASAN using gcc-6.2 and clang-3.4. The configure command was: CC=clang CFLAGS="-DFORTIFY_SOURCE=2 -fstack-protector-all -fsanitize=undefined,address -fno-omit-frame-pointer -g -Wno-error" ../configure --disable-shared --disable-gdb --disable-libdecnumber --disable-readline --disable-sim To reproduce: Download the attached file - bug_8 readelf -R6 bug_8 Valgrind says: Hex dump of section '.debug_info': readelf: Error: Section .symtab has an invalid sh_size of 0xe3000210 readelf: Warning: unable to apply unsupported reloc type 2 to section .debug_info ==142143== Invalid read of size 8 ==142143==at 0x408B73: target_specific_reloc_handling (readelf.c:11638) ==142143==by 0x408B73: apply_relocations (readelf.c:12343) ==142143==by 0x40EAC6: dump_section_as_bytes (readelf.c:12744) ==142143==by 0x42334D: process_section_contents (readelf.c:13085) ==142143==by 0x42334D: process_object (readelf.c:16780) ==142143==by 0x402111: process_file (readelf.c:17154) ==142143==by 0x402111: main (readelf.c:17225) ==142143== Address 0x40 is not stack'd, malloc'd or (recently) free'd ==142143== ==142143== ==142143== Process terminating with default action of signal 11 (SIGSEGV) ==142143== Access not within mapped region at address 0x40 ==142143==at 0x408B73: target_specific_reloc_handling (readelf.c:11638) ==142143==by 0x408B73: apply_relocations (readelf.c:12343) ==142143==by 0x40EAC6: dump_section_as_bytes (readelf.c:12744) ==142143==by 0x42334D: process_section_contents (readelf.c:13085) ==142143==by 0x42334D: process_object (readelf.c:16780) ==142143==by 0x402111: process_file (readelf.c:17154) ==142143==by 0x402111: main (readelf.c:17225) ==142143== If you believe this happened as a result of a stack ==142143== overflow in your program's main thread (unlikely but ==142143== possible), you can try to increase the size of the ==142143== main thread stack using the --main-stacksize= flag. ==142143== The main thread stack size used in this run was 8388608. ASAN says: ==136663==ERROR: AddressSanitizer: SEGV on unknown address 0x0040 (pc 0x0054a93e sp 0x7ffc654cd420 bp 0x7ffc654cd8f0 T0) #0 0x54a93d in target_specific_reloc_handling /home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:11637 #1 0x52e6dc in apply_relocations /home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:12343 #2 0x55de03 in dump_section_as_bytes /home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:12744 #3 0x4e1531 in process_section_contents /home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:13085 #4 0x48d610 in process_object /home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:16780 #5 0x488365 in process_file /home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:17154 #6 0x4855c3 in main /home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:17225 #7 0x7fca89589f44 (/lib/x86_64-linux-gnu/libc.so.6+0x21f44) #8 0x47ddfc in _start (/home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/readelf+0x47ddfc) -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/21141] New: readelf segfault - invalid write in elfcomm.c
https://sourceware.org/bugzilla/show_bug.cgi?id=21141 Bug ID: 21141 Summary: readelf segfault - invalid write in elfcomm.c Product: binutils Version: 2.29 (HEAD) Status: UNCONFIRMED Severity: normal Priority: P2 Component: binutils Assignee: unassigned at sourceware dot org Reporter: thuanpv at comp dot nus.edu.sg Target Milestone: --- Created attachment 9808 --> https://sourceware.org/bugzilla/attachment.cgi?id=9808=edit Crashing input Dear all, This bug was found with AFLGo, a directed version of AFL/AFLFast. Thanks also to Marcel Böhme. This bug was found on Ubuntu 14.04 64-bit & binutils was checkout from main repository at git://sourceware.org/git/binutils-gdb.git. Its commit is 53f7e8ea7fad1fcff1b58f4cbd74e192e0bcbc1d (Fri Feb 10 00:00:16 2017) binutils was built with ASAN using gcc-6.2 and clang-3.4. The configure command was: CC=clang CFLAGS="-DFORTIFY_SOURCE=2 -fstack-protector-all -fsanitize=undefined,address -fno-omit-frame-pointer -g -Wno-error" ../configure --disable-shared --disable-gdb --disable-libdecnumber --disable-readline --disable-sim To reproduce: Download the attached file - bug_7 readelf -w bug_7 Valgrind says: ==128187== Invalid write of size 1 ==128187==at 0x438C87: byte_put_little_endian (elfcomm.c:75) ==128187==by 0x408B97: target_specific_reloc_handling (readelf.c:11640) ==128187==by 0x408B97: apply_relocations (readelf.c:12343) ==128187==by 0x40B133: load_specific_debug_section (readelf.c:12905) ==128187==by 0x42384B: display_debug_section (readelf.c:13009) ==128187==by 0x42384B: process_section_contents (readelf.c:13091) ==128187==by 0x42384B: process_object (readelf.c:16780) ==128187==by 0x402111: process_file (readelf.c:17154) ==128187==by 0x402111: main (readelf.c:17225) ==128187== Address 0x6203611 is not stack'd, malloc'd or (recently) free'd ==128187== ==128187== ==128187== Process terminating with default action of signal 11 (SIGSEGV) ==128187== Access not within mapped region at address 0x6203611 ==128187==at 0x438C87: byte_put_little_endian (elfcomm.c:75) ==128187==by 0x408B97: target_specific_reloc_handling (readelf.c:11640) ==128187==by 0x408B97: apply_relocations (readelf.c:12343) ==128187==by 0x40B133: load_specific_debug_section (readelf.c:12905) ==128187==by 0x42384B: display_debug_section (readelf.c:13009) ==128187==by 0x42384B: process_section_contents (readelf.c:13091) ==128187==by 0x42384B: process_object (readelf.c:16780) ==128187==by 0x402111: process_file (readelf.c:17154) ==128187==by 0x402111: main (readelf.c:17225) ASAN says: ==126476==ERROR: AddressSanitizer: SEGV on unknown address 0x611001009481 (pc 0x00722aa9 sp 0x7fff64ffa960 bp 0x7fff64ffac10 T0) #0 0x722aa8 in byte_put_little_endian /home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/elfcomm.c:75 #1 0x54acfa in target_specific_reloc_handling /home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:11640 #2 0x52e6dc in apply_relocations /home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:12343 #3 0x4846b5 in load_specific_debug_section /home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:12905 #4 0x564b4c in display_debug_section /home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:13009 #5 0x4e194f in process_section_contents /home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:13091 #6 0x48d610 in process_object /home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:16780 #7 0x488365 in process_file /home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:17154 #8 0x4855c3 in main /home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:17225 #9 0x7f7ae9a5df44 (/lib/x86_64-linux-gnu/libc.so.6+0x21f44) #10 0x47ddfc in _start (/home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/readelf+0x47ddfc) -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/21140] New: readelf segfault - use after free in elfcomm.c
https://sourceware.org/bugzilla/show_bug.cgi?id=21140 Bug ID: 21140 Summary: readelf segfault - use after free in elfcomm.c Product: binutils Version: 2.29 (HEAD) Status: UNCONFIRMED Severity: normal Priority: P2 Component: binutils Assignee: unassigned at sourceware dot org Reporter: thuanpv at comp dot nus.edu.sg Target Milestone: --- Created attachment 9807 --> https://sourceware.org/bugzilla/attachment.cgi?id=9807=edit Crashing input Dear all, This bug was found with AFLGo, a directed version of AFL/AFLFast. Thanks also to Marcel Böhme. This bug was found on Ubuntu 14.04 64-bit & binutils was checkout from main repository at git://sourceware.org/git/binutils-gdb.git. Its commit is 53f7e8ea7fad1fcff1b58f4cbd74e192e0bcbc1d (Fri Feb 10 00:00:16 2017) binutils was built with ASAN using gcc-6.2 and clang-3.4. The configure command was: CC=clang CFLAGS="-DFORTIFY_SOURCE=2 -fstack-protector-all -fsanitize=undefined,address -fno-omit-frame-pointer -g -Wno-error" ../configure --disable-shared --disable-gdb --disable-libdecnumber --disable-readline --disable-sim To reproduce: Download the attached file - bug_6 readelf -w bug_6 ASAN says: ==121366==ERROR: AddressSanitizer: heap-use-after-free on address 0x6060acb9 at pc 0x722a9d bp 0x7ffdb6d1d350 sp 0x7ffdb6d1d348 WRITE of size 1 at 0x6060acb9 thread T0 #0 0x722a9c in byte_put_little_endian /home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/elfcomm.c:75 #1 0x54acfa in target_specific_reloc_handling /home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:11640 #2 0x52e6dc in apply_relocations /home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:12343 #3 0x4846b5 in load_specific_debug_section /home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:12905 #4 0x564b4c in display_debug_section /home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:13009 #5 0x4e194f in process_section_contents /home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:13091 #6 0x48d610 in process_object /home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:16780 #7 0x488365 in process_file /home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:17154 #8 0x4855c3 in main /home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:17225 #9 0x7f97b92dcf44 (/lib/x86_64-linux-gnu/libc.so.6+0x21f44) #10 0x47ddfc in _start (/home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/readelf+0x47ddfc) -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/21139] New: readelf crashes - corrupted double-linked list because of use after free
https://sourceware.org/bugzilla/show_bug.cgi?id=21139 Bug ID: 21139 Summary: readelf crashes - corrupted double-linked list because of use after free Product: binutils Version: 2.29 (HEAD) Status: UNCONFIRMED Severity: normal Priority: P2 Component: binutils Assignee: unassigned at sourceware dot org Reporter: thuanpv at comp dot nus.edu.sg Target Milestone: --- Created attachment 9806 --> https://sourceware.org/bugzilla/attachment.cgi?id=9806=edit Crashing input Dear all, This bug was found with AFLGo, a directed version of AFL/AFLFast. Thanks also to Marcel Böhme. This bug was found on Ubuntu 14.04 64-bit & binutils was checkout from main repository at git://sourceware.org/git/binutils-gdb.git. Its commit is 53f7e8ea7fad1fcff1b58f4cbd74e192e0bcbc1d (Fri Feb 10 00:00:16 2017) binutils was built with ASAN using gcc-6.2 and clang-3.4. The configure command was: CC=clang CFLAGS="-DFORTIFY_SOURCE=2 -fstack-protector-all -fsanitize=undefined,address -fno-omit-frame-pointer -g -Wno-error" ../configure --disable-shared --disable-gdb --disable-libdecnumber --disable-readline --disable-sim To reproduce: Download the attached file - bug_5 readelf -w bug_5 ASAN says: ==20954==ERROR: AddressSanitizer: heap-use-after-free on address 0x6170fe00 at pc 0x54aa2e bp 0x7ffe965bcb50 sp 0x7ffe965bcb48 READ of size 8 at 0x6170fe00 thread T0 #0 0x54aa2d in target_specific_reloc_handling /home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:11637 #1 0x52e6dc in apply_relocations /home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:12343 #2 0x4846b5 in load_specific_debug_section /home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:12905 #3 0x564b4c in display_debug_section /home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:13009 #4 0x4e194f in process_section_contents /home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:13091 #5 0x48d610 in process_object /home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:16780 #6 0x488365 in process_file /home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:17154 #7 0x4855c3 in main /home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:17225 #8 0x7f019152bf44 (/lib/x86_64-linux-gnu/libc.so.6+0x21f44) #9 0x47ddfc in _start (/home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/readelf+0x47ddfc) -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/21138] New: readelf segfault - multiple buffer overflow in elfcomm.c
https://sourceware.org/bugzilla/show_bug.cgi?id=21138 Bug ID: 21138 Summary: readelf segfault - multiple buffer overflow in elfcomm.c Product: binutils Version: 2.29 (HEAD) Status: UNCONFIRMED Severity: normal Priority: P2 Component: binutils Assignee: unassigned at sourceware dot org Reporter: thuanpv at comp dot nus.edu.sg Target Milestone: --- Created attachment 9805 --> https://sourceware.org/bugzilla/attachment.cgi?id=9805=edit Crashing input Dear all, This bug was found with AFLGo, a directed version of AFL/AFLFast. Thanks also to Marcel Böhme. This bug was found on Ubuntu 14.04 64-bit & binutils was checkout from main repository at git://sourceware.org/git/binutils-gdb.git. Its commit is 53f7e8ea7fad1fcff1b58f4cbd74e192e0bcbc1d (Fri Feb 10 00:00:16 2017) binutils was built with ASAN using gcc-6.2 and clang-3.4. The configure command was: CC=clang CFLAGS="-DFORTIFY_SOURCE=2 -fstack-protector-all -fsanitize=undefined,address -fno-omit-frame-pointer -g -Wno-error" ../configure --disable-shared --disable-gdb --disable-libdecnumber --disable-readline --disable-sim To reproduce: Download the attached file - bug_4 readelf -R6 bug_4 Valgrind says: Hex dump of section '.debug_info': ==34395== Invalid write of size 1 ==34395==at 0x438C87: byte_put_little_endian (elfcomm.c:75) ==34395==by 0x408B97: target_specific_reloc_handling (readelf.c:11640) ==34395==by 0x408B97: apply_relocations (readelf.c:12343) ==34395==by 0x40EAC6: dump_section_as_bytes (readelf.c:12744) ==34395==by 0x42334D: process_section_contents (readelf.c:13085) ==34395==by 0x42334D: process_object (readelf.c:16780) ==34395==by 0x402111: process_file (readelf.c:17154) ==34395==by 0x402111: main (readelf.c:17225) ==34395== Address 0x53e3926 is 1,963,078 bytes inside an unallocated block of size 4,160,256 in arena "client" ==34395== ==34395== Invalid write of size 1 ==34395==at 0x438C91: byte_put_little_endian (elfcomm.c:78) ==34395==by 0x408B97: target_specific_reloc_handling (readelf.c:11640) ==34395==by 0x408B97: apply_relocations (readelf.c:12343) ==34395==by 0x40EAC6: dump_section_as_bytes (readelf.c:12744) ==34395==by 0x42334D: process_section_contents (readelf.c:13085) ==34395==by 0x42334D: process_object (readelf.c:16780) ==34395==by 0x402111: process_file (readelf.c:17154) ==34395==by 0x402111: main (readelf.c:17225) ==34395== Address 0x53e3925 is 1,963,077 bytes inside an unallocated block of size 4,160,256 in arena "client" ==34395== ==34395== Invalid write of size 1 ==34395==at 0x438C9B: byte_put_little_endian (elfcomm.c:81) ==34395==by 0x408B97: target_specific_reloc_handling (readelf.c:11640) ==34395==by 0x408B97: apply_relocations (readelf.c:12343) ==34395==by 0x40EAC6: dump_section_as_bytes (readelf.c:12744) ==34395==by 0x42334D: process_section_contents (readelf.c:13085) ==34395==by 0x42334D: process_object (readelf.c:16780) ==34395==by 0x402111: process_file (readelf.c:17154) ==34395==by 0x402111: main (readelf.c:17225) ==34395== Address 0x53e3924 is 1,963,076 bytes inside an unallocated block of size 4,160,256 in arena "client" ASAN says: ==20311==ERROR: AddressSanitizer: SEGV on unknown address 0x6110001e9df6 (pc 0x00722aa9 sp 0x7ffc5c7d84a0 bp 0x7ffc5c7d8750 T0) #0 0x722aa8 in byte_put_little_endian /home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/elfcomm.c:75 #1 0x54acfa in target_specific_reloc_handling /home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:11640 #2 0x52e6dc in apply_relocations /home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:12343 #3 0x55de03 in dump_section_as_bytes /home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:12744 #4 0x4e1531 in process_section_contents /home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:13085 #5 0x48d610 in process_object /home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:16780 #6 0x488365 in process_file /home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:17154 #7 0x4855c3 in main /home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:17225 #8 0x7fa9b0d4ef44 (/lib/x86_64-linux-gnu/libc.so.6+0x21f44) #9 0x47ddfc in _start (/home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/readelf+0x47ddfc) -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/21137] New: readelf - heap buffer overflow in elfcomm
https://sourceware.org/bugzilla/show_bug.cgi?id=21137 Bug ID: 21137 Summary: readelf - heap buffer overflow in elfcomm Product: binutils Version: 2.29 (HEAD) Status: UNCONFIRMED Severity: normal Priority: P2 Component: binutils Assignee: unassigned at sourceware dot org Reporter: thuanpv at comp dot nus.edu.sg Target Milestone: --- Created attachment 9804 --> https://sourceware.org/bugzilla/attachment.cgi?id=9804=edit Bug triggering input Dear all, This bug was found with AFLGo, a directed version of AFL/AFLFast. Thanks also to Marcel Böhme. This bug was found on Ubuntu 14.04 64-bit & binutils was checkout from main repository at git://sourceware.org/git/binutils-gdb.git. Its commit is 53f7e8ea7fad1fcff1b58f4cbd74e192e0bcbc1d (Fri Feb 10 00:00:16 2017) To reproduce: Download the attached file - bug_3 readelf -w bug_3 binutils was built with ASAN using gcc-6.2 and clang-3.4. The configure command was: CC=clang CFLAGS="-DFORTIFY_SOURCE=2 -fstack-protector-all -fsanitize=undefined,address -fno-omit-frame-pointer -g -Wno-error" ../configure --disable-shared --disable-gdb --disable-libdecnumber --disable-readline --disable-sim ==81550==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60e0e00c at pc 0x722a9d bp 0x7ffd132dc8b0 sp 0x7ffd132dc8a8 WRITE of size 1 at 0x60e0e00c thread T0 #0 0x722a9c in byte_put_little_endian /home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/elfcomm.c:75 #1 0x54acfa in target_specific_reloc_handling /home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:11640 #2 0x52e6dc in apply_relocations /home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:12343 #3 0x4846b5 in load_specific_debug_section /home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:12905 #4 0x564b4c in display_debug_section /home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:13009 #5 0x4e194f in process_section_contents /home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:13091 #6 0x48d610 in process_object /home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:16780 #7 0x488365 in process_file /home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:17154 #8 0x4855c3 in main /home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:17225 #9 0x7efe28957f44 (/lib/x86_64-linux-gnu/libc.so.6+0x21f44) #10 0x47ddfc in _start (/home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/readelf+0x47ddfc) 0x60e0e00c is located 15 bytes to the right of 157-byte region [0x60e0df60,0x60e0dffd) allocated by thread T0 here: #0 0x467d19 in __interceptor_malloc (/home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/readelf+0x467d19) #1 0x503114 in get_data /home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:393 #2 0x48180a in load_specific_debug_section /home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:12829 #3 0x564b4c in display_debug_section /home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:13009 #4 0x4e194f in process_section_contents /home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:13091 #5 0x48d610 in process_object /home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:16780 #6 0x488365 in process_file /home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:17154 #7 0x4855c3 in main /home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:17225 -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/21136] New: readelf segfault - heap buffer overflow
https://sourceware.org/bugzilla/show_bug.cgi?id=21136 Bug ID: 21136 Summary: readelf segfault - heap buffer overflow Product: binutils Version: 2.29 (HEAD) Status: UNCONFIRMED Severity: normal Priority: P2 Component: binutils Assignee: unassigned at sourceware dot org Reporter: thuanpv at comp dot nus.edu.sg Target Milestone: --- Created attachment 9803 --> https://sourceware.org/bugzilla/attachment.cgi?id=9803=edit Crashing input Dear all, This bug was found with AFLGo, a directed version of AFL/AFLFast. Thanks also to Marcel Böhme. This bug was found on Ubuntu 14.04 64-bit & binutils was checkout from main repository at git://sourceware.org/git/binutils-gdb.git. Its commit is 53f7e8ea7fad1fcff1b58f4cbd74e192e0bcbc1d (Fri Feb 10 00:00:16 2017) To reproduce: Download the attached file - bug_2 readelf -da bug_2 Valgrind says: ==29176== Invalid read of size 8 ==29176==at 0x408B77: target_specific_reloc_handling (readelf.c:11638) ==29176==by 0x408B77: apply_relocations (readelf.c:12343) ==29176==by 0x4178B4: process_notes_at.part.19 (readelf.c:16279) ==29176==by 0x423D91: process_notes_at (readelf.c:16415) ==29176==by 0x423D91: process_note_sections (readelf.c:16526) ==29176==by 0x423D91: process_notes (readelf.c:16559) ==29176==by 0x423D91: process_object (readelf.c:16782) ==29176==by 0x402111: process_file (readelf.c:17154) ==29176==by 0x402111: main (readelf.c:17225) ==29176== Address 0x20052093a0 is not stack'd, malloc'd or (recently) free'd ==29176== ==29176== ==29176== Process terminating with default action of signal 11 (SIGSEGV) ==29176== Access not within mapped region at address 0x20052093A0 ==29176==at 0x408B77: target_specific_reloc_handling (readelf.c:11638) ==29176==by 0x408B77: apply_relocations (readelf.c:12343) ==29176==by 0x4178B4: process_notes_at.part.19 (readelf.c:16279) ==29176==by 0x423D91: process_notes_at (readelf.c:16415) ==29176==by 0x423D91: process_note_sections (readelf.c:16526) ==29176==by 0x423D91: process_notes (readelf.c:16559) ==29176==by 0x423D91: process_object (readelf.c:16782) ==29176==by 0x402111: process_file (readelf.c:17154) ==29176==by 0x402111: main (readelf.c:17225) ASAN says ==30126==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6190ee00 at pc 0x54aa2e bp 0x7ffcee43fc30 sp 0x7ffcee43fc28 READ of size 8 at 0x6190ee00 thread T0 #0 0x54aa2d in target_specific_reloc_handling /home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:11637 #1 0x52e6dc in apply_relocations /home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:12343 #2 0x527e5f in process_notes_at /home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:16279 #3 0x52616c in process_note_sections /home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:16526 #4 0x4e1ec2 in process_notes /home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:16559 #5 0x48d646 in process_object /home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:16782 #6 0x488365 in process_file /home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:17154 #7 0x4855c3 in main /home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:17225 #8 0x7fef50e75f44 (/lib/x86_64-linux-gnu/libc.so.6+0x21f44) #9 0x47ddfc in _start (/home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/readelf+0x47ddfc) -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/21135] New: readelf segfault - invalid read
https://sourceware.org/bugzilla/show_bug.cgi?id=21135 Bug ID: 21135 Summary: readelf segfault - invalid read Product: binutils Version: 2.29 (HEAD) Status: UNCONFIRMED Severity: normal Priority: P2 Component: binutils Assignee: unassigned at sourceware dot org Reporter: thuanpv at comp dot nus.edu.sg Target Milestone: --- Created attachment 9802 --> https://sourceware.org/bugzilla/attachment.cgi?id=9802=edit Crashing input Dear all, This bug was found with AFLGo, a directed version of AFL/AFLFast. Thanks also to Marcel Böhme. We found several inputs causing readelf to crash. we will report all of them one by one. This bug was found on Ubuntu 14.04 64-bit & binutils was checkout from main repository at git://sourceware.org/git/binutils-gdb.git. Its commit is 53f7e8ea7fad1fcff1b58f4cbd74e192e0bcbc1d (Fri Feb 10 00:00:16 2017) To reproduce: Download the attached file - bug_1 readelf -zR3 bug_1 Valgrind says: ==54145== Command: /home/ubuntu/thesis/subjects/binutils-newest/build-normal/binutils/readelf -zR3 bug_1 ==54145== readelf: Warning: Section 1 has an out of range sh_info value of 61440 readelf: Warning: Section 3 has an out of range sh_link value of 1179648 readelf: Warning: Section 4 has an out of range sh_link value of 4278190955 readelf: Warning: Section 5 has an out of range sh_link value of 1310720 readelf: Warning: Section 6 has an out of range sh_link value of 1953068403 readelf: Warning: Section 7 has an out of range sh_link value of 117442048 readelf: Error: Reading 0x180064 bytes extends past end of file for string table readelf: Error: Section 3 has invalid sh_entsize of 0600 readelf: Error: (Using the expected size of 24 for the rest of this dump) Hex dump of section '': ==54145== Invalid read of size 1 ==54145==at 0x40E9A0: dump_section_as_bytes (readelf.c:12786) ==54145==by 0x42334D: process_section_contents (readelf.c:13085) ==54145==by 0x42334D: process_object (readelf.c:16780) ==54145==by 0x402111: process_file (readelf.c:17154) ==54145==by 0x402111: main (readelf.c:17225) ==54145== Address 0x0 is not stack'd, malloc'd or (recently) free'd ==54145== ==54145== ==54145== Process terminating with default action of signal 11 (SIGSEGV) ==54145== Access not within mapped region at address 0x0 ==54145==at 0x40E9A0: dump_section_as_bytes (readelf.c:12786) ==54145==by 0x42334D: process_section_contents (readelf.c:13085) ==54145==by 0x42334D: process_object (readelf.c:16780) ==54145==by 0x402111: process_file (readelf.c:17154) ==54145==by 0x402111: main (readelf.c:17225) ASAN says: ==57956==ERROR: AddressSanitizer: SEGV on unknown address 0x (pc 0x0055efcf sp 0x7fff2de971a0 bp 0x7fff2de97af0 T0) #0 0x55efce in dump_section_as_bytes /home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:12786 #1 0x4e1531 in process_section_contents /home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:13085 #2 0x48d610 in process_object /home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:16780 #3 0x488365 in process_file /home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:17154 #4 0x4855c3 in main /home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/../../binutils/readelf.c:17225 #5 0x7f62892d3f44 (/lib/x86_64-linux-gnu/libc.so.6+0x21f44) #6 0x47ddfc in _start (/home/ubuntu/thesis/subjects/binutils-newest/build-asan/binutils/readelf+0x47ddfc) -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils