From mboxrd@z Thu Jan  1 00:00:00 1970
Content-Type: multipart/mixed; boundary="===============1007551641565886258=="
MIME-Version: 1.0
From: Mark Wielaard <mjw@redhat.com>
To: elfutils-devel@lists.fedorahosted.org
Subject: Re: out-of-bounds read / crash in elfutils tools (readelf, nm,
 ...) with malformed file
Date: Fri, 07 Nov 2014 16:45:07 +0100
Message-ID: <1415375107.19702.36.camel@bordewijk.wildebeest.org>
In-Reply-To: 20141107163249.1ded8b70@pc

--===============1007551641565886258==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable

On Fri, 2014-11-07 at 16:32 +0100, Hanno B=C3=B6ck wrote:
> Am Fri, 07 Nov 2014 12:58:07 +0100
> schrieb Mark Wielaard <mjw@redhat.com>:
> > > > Thanks. If you have any other examples please do report them.
> > > =

> > > Ten to crash readelf -a attached, according to american-fuzzy-lop
> > > all distinct code paths.
> > =

> > Thanks. eu-readelf didn't sanitize the hash section data before use.
> > The attached patch should fix that.
> =

> Fixes some of them but not all.
> Still crashers:
> id:000053,src:000000,op:flip1,pos:879
> id:000054,src:000000,op:flip1,pos:885

Those seem fine for me. How do they crash for you? Could you run under
gdb and provide a backtrace?

Thanks,

Mark

--===============1007551641565886258==--