From mboxrd@z Thu Jan 1 00:00:00 1970 Content-Type: multipart/mixed; boundary="===============6171811839955065047==" MIME-Version: 1.0 From: Mark Wielaard To: elfutils-devel@lists.fedorahosted.org Subject: Re: out-of-bounds read / crash in elfutils tools (readelf, nm, ...) with malformed file Date: Thu, 13 Nov 2014 15:45:26 +0100 Message-ID: <1415889926.5000.2.camel@bordewijk.wildebeest.org> In-Reply-To: 20141111165753.GA11525@blokker.redhat.com --===============6171811839955065047== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable On Tue, 2014-11-11 at 17:57 +0100, Mark Wielaard wrote: > On Tue, Nov 11, 2014 at 02:57:05PM +0100, Hanno B=C3=B6ck wrote: > > Am Tue, 11 Nov 2014 14:53:52 +0100 > > schrieb Mark Wielaard : > > = > > > On Tue, 2014-11-11 at 14:40 +0100, Hanno B=C3=B6ck wrote: > > > > I still get a bunch of crashers with correct LD_LIBRARY_PATH on > > > > readelf -a with 32 bit compile (CFLAGS=3D"-m32 -g"): > > > > sig:11,hash:378b8b26 > > > > sig:11,hash:1aa8d351 > > > > sig:11,hash:872fe371 > > > > from attachment eu-readelf-crasher-hangs-2.tar.xz > > > > = > > > > and > > > > id:000113,src:000000,op:flip32,pos:5474 > > > > id:000116,src:000000,op:flip32,pos:5554 > > > > from attachment = > > > > /tmp/elfutils-nm-crasher.tar.xz > > > = > > > Could you attach or post those files somewhere? > > = > > These are all in attachments of previous mails in this thread: > > = > > eu-readelf-crasher-hangs-2.tar.xz > > https://lists.fedorahosted.org/pipermail/elfutils-devel/2014-November/0= 04237.html > > = > > elfutils-nm-crasher.tar.xz > > https://lists.fedorahosted.org/pipermail/elfutils-devel/2014-November/0= 04249.html > = > Aha, apparently I am unable to write correct overflow checks... sigh. > = > Please try the following: > [...] I pushed this now to master as attached. Cheers, Mark --===============6171811839955065047== Content-Type: text/x-patch MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="0001-libelf-Fix-unsigned-overflow-check-in-elf_getdata.patch" RnJvbSBjNTBkZGZjYTEwNWE3M2Y3NTY3ZjMwNzI4MzFkY2ZiZjQ5YWQwNTY3IE1vbiBTZXAgMTcg MDA6MDA6MDAgMjAwMQ0KRnJvbTogTWFyayBXaWVsYWFyZCA8bWp3QHJlZGhhdC5jb20+DQpEYXRl OiBUaHUsIDEzIE5vdiAyMDE0IDE1OjQzOjAyICswMTAwDQpTdWJqZWN0OiBbUEFUQ0hdIGxpYmVs ZjogRml4IHVuc2lnbmVkIG92ZXJmbG93IGNoZWNrIGluIGVsZl9nZXRkYXRhLg0KDQotLS0NCiBs aWJlbGYvQ2hhbmdlTG9nICAgICB8IDUgKysrKysNCiBsaWJlbGYvZWxmX2dldGRhdGEuYyB8IDUg KystLS0NCiAyIGZpbGVzIGNoYW5nZWQsIDcgaW5zZXJ0aW9ucygrKSwgMyBkZWxldGlvbnMoLSkN Cg0KZGlmZiAtLWdpdCBhL2xpYmVsZi9DaGFuZ2VMb2cgYi9saWJlbGYvQ2hhbmdlTG9nDQppbmRl eCBhOWQ4YzZmLi40NWUyMjBkIDEwMDY0NA0KLS0tIGEvbGliZWxmL0NoYW5nZUxvZw0KKysrIGIv bGliZWxmL0NoYW5nZUxvZw0KQEAgLTEsMyArMSw4IEBADQorMjAxNC0xMS0xMyAgTWFyayBXaWVs YWFyZCAgPG1qd0ByZWRoYXQuY29tPg0KKw0KKwkqIGVsZl9nZXRkYXRhLmMgKF9fbGliZWxmX3Nl dF9yYXdkYXRhX3dybG9jayk6IEZpeCB1bnNpZ25lZCBvdmVyZmxvdw0KKwljaGVjay4NCisNCiAy MDE0LTExLTA4ICBNYXJrIFdpZWxhYXJkICA8bWp3QHJlZGhhdC5jb20+DQogDQogCSogZWxmX2Jl Z2luLmMgKF9fbGliZWxmX25leHRfYXJoZHJfd3Jsb2NrKTogVXNlIG1lbXBjcHkgbm90IF9fbWVt cGNweS4NCmRpZmYgLS1naXQgYS9saWJlbGYvZWxmX2dldGRhdGEuYyBiL2xpYmVsZi9lbGZfZ2V0 ZGF0YS5jDQppbmRleCAzM2QzNWQ2Li4xY2UxZTIzIDEwMDY0NA0KLS0tIGEvbGliZWxmL2VsZl9n ZXRkYXRhLmMNCisrKyBiL2xpYmVsZi9lbGZfZ2V0ZGF0YS5jDQpAQCAtMjQ1LDkgKzI0NSw4IEBA IF9fbGliZWxmX3NldF9yYXdkYXRhX3dybG9jayAoRWxmX1NjbiAqc2NuKQ0KIAkgIC8qIEZpcnN0 IHNlZSB3aGV0aGVyIHRoZSBpbmZvcm1hdGlvbiBpbiB0aGUgc2VjdGlvbiBoZWFkZXIgaXMNCiAJ ICAgICB2YWxpZCBhbmQgaXQgZG9lcyBub3QgYXNrIGZvciB0b28gbXVjaC4gIENoZWNrIGZvciB1 bnNpZ25lZA0KIAkgICAgIG92ZXJmbG93LiAgKi8NCi0JICBpZiAodW5saWtlbHkgKG9mZnNldCAr IHNpemUgPiBlbGYtPm1heGltdW1fc2l6ZQ0KLQkJCXx8IChvZmZzZXQgKyBzaXplICsgZWxmLT5t YXhpbXVtX3NpemUNCi0JCQkgICAgPCBlbGYtPm1heGltdW1fc2l6ZSkpKQ0KKwkgIGlmICh1bmxp a2VseSAob2Zmc2V0ID4gZWxmLT5tYXhpbXVtX3NpemUNCisJICAgICAgfHwgZWxmLT5tYXhpbXVt X3NpemUgLSBvZmZzZXQgPCBzaXplKSkNCiAJICAgIHsNCiAJICAgICAgLyogU29tZXRoaW5nIGlz IHdyb25nLiAgKi8NCiAJICAgICAgX19saWJlbGZfc2V0ZXJybm8gKEVMRl9FX0lOVkFMSURfU0VD VElPTl9IRUFERVIpOw0KLS0gDQoxLjguMy4xDQoNCg== --===============6171811839955065047==--