From mboxrd@z Thu Jan 1 00:00:00 1970 Content-Type: multipart/mixed; boundary="===============2039942563078571382==" MIME-Version: 1.0 From: =?utf-8?q?Hanno_B=C3=B6ck_=3Channo_at_hboeck=2Ede=3E?= To: elfutils-devel@lists.fedorahosted.org Subject: Re: out-of-bounds read / crash in elfutils tools (readelf, nm, ...) with malformed file Date: Fri, 07 Nov 2014 01:27:11 +0100 Message-ID: <20141107012711.0342a419@pc> In-Reply-To: 1415286703.19702.20.camel@bordewijk.wildebeest.org --===============2039942563078571382== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Am Thu, 06 Nov 2014 16:11:43 +0100 schrieb Mark Wielaard : > > (actually this bug report is kind of a fallout of a bug search in > > libbfd - various parser bugs in the binutils-tools have been found > > and fixed in the past days and I thought I'd run other elf-related > > tools on the collection of bug-exposing binaries) > = > Thanks. If you have any other examples please do report them. Ten to crash readelf -a attached, according to american-fuzzy-lop all distinct code paths. -- = Hanno B=C3=B6ck http://hboeck.de/ mail/jabber: hanno@hboeck.de GPG: BBB51E42 --===============2039942563078571382== Content-Type: application/x-xz MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="eu-readelf-crasher.tar.xz" /Td6WFoAAATm1rRGAgAhARYAAAB0L+Wj4Wf/CD5dADSZA0E8dSyWFwMwhErewcF9UDX3P5vB6uND d2snuW36i/OK/TDb7W8/jsEwrmaDvk9xklknh1hKtjJJXffV4qxP++ROs+Nhc4hJwNEcCn59N7DT t8wbunmAoIzOJS5kGp373lyZ6ixbVP60bYr7GrXHql2SYewQCh7RZ7K3Y+OMYlcXYzEHKuK7v8HB L0oNOtcd8i64Dr58W4W6tlwUy1EDSnFuhQuJe3b2NcU0xabW2rxI5UuU9EI03IHYu1LVlqY8gv7f WRN5Z1qj7+P/NK8wkzQWdCMeJEjNI1WOxT9ffJN/OYjLDonOtdwR0EDyPUlT20/f0FisiM+zr27R Trtqk92Qxzq4c/uPyVikKz5QgMaTDD7ZMnJ7wSiI4yT7UivbfozzjrGUmzlLzUtdN0rj4Vu5FpQl gS9C1iK4mpWSrFvwE/+n808eafX5Bcc64uvTxRe5TZxfpzmWmmae95WZ2+8RAA175WG+4bSTFxcz iViqaGz50dhRcEohH1iQn8iOCowamQzknq7CT8PJy10cnOiGh2/qWl1+ALGApKeRF9P4BV4UCBWM hiJxQlDSirGDqCYilzb+2K/YiIfHBHYzBreIfi+xf++jMzaIV7haxROZUpcF2m+t6b+MdlDB4eqG O0afYeK2j71mPC0YQ54IlaCfgMpadBTUjNGX5U/9OAyD756KNXAubAZwipKfXwZkzHCj1AtOzzbw KvQY3k6G2atHGzYgSaJmMfVieAT3w2wDC1ygb9L1j2sDfNaVa0JqzIDYwXdayRCZrS7ngV/xIJ3C LnBY/ceKPpzEjO7MyjFQMOKrDorgF+LLQVKXArmZqd9iz9R/+YbVtdFS+VTeDre+ZrAn96TesU6w NVFGsUPpksrzk1OxXw1X21YdyZ14ha8fZmZceWDiICKWm+hJNyGlYAW6kS4MAEPi9i1CehcEQfuS hOy726GPX8RhXLw0YTY8AUUgSyp2UcmqT70bZnAmcLkuJrBZBA25uXKnO60JRMhVrboRDjtlw844 CIOXfm4c/KYfTG+PGeYrJxwZMi+rVO9gIkGENFLMoxbvdAeBDPpjoBbv/WKmvxyeDl2HbVed66S9 UHLE01FqGdW9lAehEWFcEBmbGqyByi1xV9qPS2ufLe0GbeaPOLq02zqLZcnHBE/J6bdAN2UWg+pc /u0Hft9N3zcvkMWHVKFQBto0qYcV0E/Xez+3INzvQ2KSrLZo3Qh/bwbiJZcX++PFNOqtOMxZqbZh MD8iYPwpvqapYNFZPks64iIwtAaa+TojA2mCIpwXKlFmU/m5T01xWW9C/WTjEfKeX5DYmj2Dq4JQ WpKaXXLLDDnHrAvnGK9S/4ToDYaSHPbNi62+VJGL4/zkufE26a4PFbZuMTBHar3FJx4nMK6MqDKg dhq7TXTLxFNjuwX6/R5SyE2xSEqq0sKNzqJzMk+4wK28qntARlSvOBqISp7cu363a34zpISauPDe FPrVnngZkxyBGbvRRZGq+ieVsop/F/coxgAWv1eGWKyUft7NFTyzSF0CMMvNjj1Piul137GsGjMi rN25c0KYBwa0qDyQGXBnp46n7i06XR9L6DIazCBLcSb1UnrUFBBvXLoFX47oYn0ut70d26+mU49Z ZokR5hjB66xuUtbhSjP3IOVnQeLA+bfrHzRXuTC5G4PR45/ooLRGJvI5ZrBJ1bSJm49YNxik/Rhq MWittBZY49p2sxT/uRwSPDVhD7IkAJ+c1tCPOff+/pn4A+CdN73/tWneplfst44SKVvWK/QE1cFM KUt0qqkgoxENTXzijWbcWsMKeTS9jOu+k4/s5ez25P7du9Cljwp5ohm2grDowLnz4w14ajh6FXSL uayneb9+c+DqIlz0TuKII/xAcLYwC3BGMY6B4WsIug25bh5HiV+gazW8QuESsFkesW9JHn0BJIF5 cwErVQHgEMCoUoGP9FKJxugOv32iE08WvBjN656wiKr6uC2EXfyP67fe+7jtGsjytxuZnWVtc77Y JemH29JRSWDFh3vPzUrMA7j6D+29HyqeLBNt0p50SPU/788PXk2Y9inh5c/j2BnLyCyDACzZtyOv r88DbTwBj8A+cAHCaDoC7WrygfUoHP9pJWT5jv12kEAgp23dqqJXicdS4L37cJYtPpxv6vjSIFaw O/teUPr5fsqMceTJxHVirhI1A4E6hb2aTT8GRlpT2PDrHWFT6SGnYlRXt/HKCOVMmCR6kNSnXgzJ +RZEpIhYp3UnH4PHZMuFxQC8ARex4paMbGE6p52It16NxMlEMOzydjCPqRngVFyG9rRF+Xbn/eb2 OkeUd2h8xDBHhSkeMpBsu9AvrXXjMQjfQA10zWc/13u9bNKIZRjSNcJM1ax2rq5LI8f1MeujcpYy BJt1Qd6VcNyNVV4B8TSJzF52V4JuLYvSTlH42QYJrg955fpPNXacAfrvauhekrUTCd5UM6R1vuoI OjYLsoumG4EyyGpQUWDRSgZ/3F+k5jcBbttt9SEK76d8vTSjN5w6GIjjjJ9y7fHv6iNcxe6AqOrG BcQ+XrZwwRKdE3PbFZ60JqYiO2/D+LXyuoZQI2A1KLHx2jMbdzcDkBk4w0OBglPLgoPedN/XAOud nY8PC2st9sPnGAaHAJ8FySeB6uHo0S7yXZRvcelYE5KyV2UM1lk05aQaB3iWnGTnltgx7ozODTT7 wA/oDxRBxGl5aQgiFWJSWEb31dkND0U2z2mnJ5XzrTwOlsOrqSSI+TzMr4za0KFR40tsEzjFEBWb 1Cn4SNrIJe5i6G20rUFS+OXOj2MqgbrbijVEUgsu+EIAAABOGtyChaJ85gAB2hCA0AUAWAu3DbHE Z/sCAAAAAARZWg== --===============2039942563078571382== Content-Type: application/pgp-signature MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="signature.asc" LS0tLS1CRUdJTiBQR1AgU0lHTkFUVVJFLS0tLS0KVmVyc2lvbjogR251UEcgdjIKCmlRSWNCQUVC Q2dBR0JRSlVYQkhmQUFvSkVLV0lBSEs3dFI1Q2xEUVAvMTNpS1N3MmpYWXlUbkVBVURyMzMwbzAK cjY3L2x6RTBpV09jRTYxQXZPanB6RVNkYXdNcThqYTd3TTdmK1hyay9Sa05YaW5LNHozaXM3YllK alpqcmdEVwpwcTducDRsd0trN1drWmNMOWV2OWtnUXVvZTN3eTV0VUx3Q01CcUdIdkwxbG1YK25L S0x4U2JvTEFFQ0JISVpKCkxLZEY2aHdEUFk5OUxTTFcrVCtWdkZBaWJtaWdNVGZ6OFdmMDg4VEJa YVlVMkM5bDdTZHNoUjA4QUpKMVNta2wKVi9IVUxXM3VMU3NBUjIycm1XS0RDNnhZQnBUeUZyZDFl blZZR2xGZ09jZ01pTHpxMTVyQmZJdU92MCt2YU9RWgprS2lZMEl3SnloZTJ2QndWVkVOVm81anRq akZUMi9HSHVoaXc1Q2h6SkNKQloxOGh6N1k4QXNieGtDUlVFNDRrClVzWDlMb09aamU1Mkl6ZUcv UVBqL24zc2pyV05oMEd1UmNFYWp3VzdHNitZVGJoREFLY1dKUnc0YmdHUy8xWW8KRzE1K2dZK2Zy QmRJeHJhcmlvbnRLOXlVWVg3TG1NWStkeXFJQVpydkhYYWR1WGhBNmxDQ2JsbUZnYjc2ODJCYQph M2FJcVlOeERMbVUxM1JKNENFck8wbFd0UTNRZk1FN05jSHM3akRDN0JreGJHdGFkUGJoRGllSE1E bkRzaG8zCktKQ3REQzkraG4wQVlvaUJmSGU3cTBiMUpwc05YQWNaVTFuRmlyWmZpRklSbFBERGgv amM5RVNUUmVIbVNISjAKY2ZKNDlucUlYSDJoN0dxdnp2ZFpaa0VmV1E2ZEFnVU83VWtyV013c0R3 RWhlL0ZZNVpJYXl2TGJGWmgzeXMyZQo2bU54MUhNbFoxWWNQYzdFWUg0Zgo9UzRUQQotLS0tLUVO RCBQR1AgU0lHTkFUVVJFLS0tLS0K --===============2039942563078571382==--