From: Mike Frysinger <vapier@gentoo.org>
To: binutils@sources.redhat.com
Subject: BFD overflows
Date: Sun, 08 May 2005 07:56:00 -0000 [thread overview]
Message-ID: <200505072114.41510.vapier@gentoo.org> (raw)
[-- Attachment #1: Type: text/plain, Size: 1920 bytes --]
we were playing around with bfd-related apps in Gentoo and ended up finding
that many can be overflowed with junk binaries
Sebastian Krahmer from SuSe proposed this patch which fixes some of the
overflows (should apply cleanly to mainline and the 2.16 branch):
http://viewcvs.gentoo.org/src/patchsets/binutils/2.16/81_all_binutils-2.15-bfd-overflow.patch?root=gentoo&rev=1.1
however, at least one issue still remains. find attached a small binary
which, when you run `strings` on it, triggers a segfault:
$ strings --version
GNU strings 2.16
Copyright 2005 Free Software Foundation, Inc.
This program is free software; you may redistribute it under the terms of
the GNU General Public License. This program has absolutely no warranty.
$ gdb --args strings strings.114
Using host libthread_db library "/lib/libthread_db.so.1".
(gdb) run
Starting
program: /var/tmp/portage/binutils-2.16/binutils/strings /root/strings.114
Program received signal SIGSEGV, Segmentation fault.
0x0000000000422048 in bfd_elf_string_from_elf_section (abfd=0x5a9090,
shindex=26, strindex=11) at elf.c:288
288 if (hdr->contents == NULL
(gdb) bt
#0 0x0000000000422048 in bfd_elf_string_from_elf_section (abfd=0x5a9090,
shindex=26, strindex=11) at elf.c:288
#1 0x000000000042546f in bfd_section_from_shdr (abfd=0x5a9090, shindex=1) at
elf.c:1713
#2 0x00000000004522f8 in bfd_elf32_object_p (abfd=0x5a9090) at elfcode.h:723
#3 0x000000000040a2df in bfd_check_format_matches (abfd=0x5a9090,
format=bfd_object, matching=0x0) at format.c:228
#4 0x000000000040a07c in bfd_check_format (abfd=0x5a9090, format=bfd_object)
at format.c:91
#5 0x000000000040243a in strings_object_file (file=0x7fffffb25439
"/root/strings.114") at strings.c:358
#6 0x0000000000402532 in strings_file (file=0x7fffffb25439
"/root/strings.114") at strings.c:397
#7 0x000000000040230f in main (argc=2, argv=0x7fffffb24868) at strings.c:306
-mike
[-- Attachment #2: strings.114.bz2 --]
[-- Type: application/x-bzip2, Size: 8909 bytes --]
next reply other threads:[~2005-05-08 1:13 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-05-08 7:56 Mike Frysinger [this message]
2005-05-09 3:45 ` Alan Modra
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=200505072114.41510.vapier@gentoo.org \
--to=vapier@gentoo.org \
--cc=binutils@sources.redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).