From mboxrd@z Thu Jan  1 00:00:00 1970
Content-Type: multipart/mixed; boundary="===============7912873456351266913=="
MIME-Version: 1.0
From: =?utf-8?q?Hanno_B=C3=B6ck_=3Channo_at_hboeck=2Ede=3E?=
To: elfutils-devel@lists.fedorahosted.org
Subject: Re: out-of-bounds read / crash in elfutils tools (readelf, nm,
 ...) with malformed file
Date: Fri, 07 Nov 2014 16:32:49 +0100
Message-ID: <20141107163249.1ded8b70@pc>
In-Reply-To: 1415361487.19702.26.camel@bordewijk.wildebeest.org

--===============7912873456351266913==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable

Am Fri, 07 Nov 2014 12:58:07 +0100
schrieb Mark Wielaard <mjw@redhat.com>:

> On Fri, 2014-11-07 at 01:27 +0100, Hanno B=C3=B6ck wrote:
> > Am Thu, 06 Nov 2014 16:11:43 +0100
> > schrieb Mark Wielaard <mjw@redhat.com>:
> > =

> > > > (actually this bug report is kind of a fallout of a bug search
> > > > in libbfd - various parser bugs in the binutils-tools have been
> > > > found and fixed in the past days and I thought I'd run other
> > > > elf-related tools on the collection of bug-exposing binaries)
> > > =

> > > Thanks. If you have any other examples please do report them.
> > =

> > Ten to crash readelf -a attached, according to american-fuzzy-lop
> > all distinct code paths.
> =

> Thanks. eu-readelf didn't sanitize the hash section data before use.
> The attached patch should fix that.

Fixes some of them but not all.
Still crashers:
id:000053,src:000000,op:flip1,pos:879
id:000054,src:000000,op:flip1,pos:885

Also see attachmend, output from american fuzzy lop with latest git
code and your two patches. 9 crashes, 10 hangs.

-- =

Hanno B=C3=B6ck
http://hboeck.de/

mail/jabber: hanno@hboeck.de
GPG: BBB51E42

--===============7912873456351266913==
Content-Type: application/x-xz
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="eu-readelf-crasher-hangs-2.tar.xz"

/Td6WFoAAATm1rRGAgAhARYAAAB0L+Wj4qf/CUZdADGciEb9JU+FCS8ShHKB8WnTGyvZUBWfg9bh
DO7AUpLUFcR1SQW07aNWG/EvEYto9JdI6B3g2zwaaePQZFKAMQTk3E//Zay/MbJiC2JJfDs+E9Dq
xOig9PeriKZJxKzyvqDC7qutR7XZprO8+Mq+Nt9sMDCzP2sbQjkBq5Yg8Og3dhMivMRO3W8ideI/
2fIh/PKgA4czQ887k9yInGUW7jlR+vPfWK0viKPFChtb6s1JYHaMYr803Hs/ao40Q/7LCxyGH1Te
DQH3SYvuVaUlKzk5pSScV5hrTTLUvcZBiPn/2Omfr5yZVbQ5TPy2pw8K3hhBLQwodpHWfpdjaAlO
qYS2Cy0zSQKLnp03NoWSRY7HT+6Hl5ffMGVbKN9RxH1Hu5lnN96aqbXwVubo8RXuVkPtZKvOjkRs
i2AM9tLBOl6Tp5bbJGRYRzrzLwZlL+xhNRWwgjXaC/EhN9DOzZMRzx8LRcczJu1qw/PG7fKL7h2h
RSDijjVqZSHG2kFa9ElutWmeplF0JFxHDuxaRotEXqAjqDKQRPsOfsmsmBO6afE12xP+Ga+bKi6k
LAMk5HVDWDgOZUxboPyVUuYESOlMTI9iAn0ttoY++5Ak/poVdwbDGKfK8n3Gnd+0QyAX6z1aMRMe
ZgOUc6+bKcaN/98AfzHp0GFx3HMDBU7JOP3VttuEfHQtBEjIxEGyn67/P9B974m0OMwHWv6cGZ6b
AXIYGAAsuXPd3qMaMNn/bxECuDJyGopkJShkg878UhifkeEjj/FWUH5iXVGqhySZg4rgpFm95Pwv
/LmRVq37csbabdaHk88zDF24WxzKRj9EIpohDhHIk0TJ+kj1kE5tz0T0R9tnd0uAujzpw65zUPAs
IbdKypcQG05LsTijBnYVjbaTzXgx5t2KeuQr5bILP8F66JJn6mmrsoXszTdTlFzMZlriS0iOL5Kk
AOY0tlNaTYkPSw1wiUNnHPi/B/wLYZCiwOXQutsFALfnHLjl1B1g+/1/5YUscnMRPEKe6kNqzH2S
WLdyLO+S2ofxvPYyqFpcgQOwr4IPGTRbCRUYhm1OeOMO+XirLmV5kBY0kfDLrm6SLVoBCSK7i7fQ
hrDTE/3TxsHaO7if/D0RgXwlb9ulflDVw601GUF56Vrc+chx0cGzP315yYLsyOB3eS7Z389CzZ/I
hro6vZLM/E0aD+YTCA5h8keUQk5NKc4DgysfxLgsdw6EIvCeLctqdoC8Phqmz3S0y43j0PLGln3b
s/3vQ8snwfzmrIT060R8oD4Cxosc0qi9rST+TjkY+OjZcbe8PfG925u8zk+Q3W4Spntmrydg9Q7y
8r1oOZCQYRsaOS2XirCGBTdkVlAbKt4gCC99I3ngMumDczUGuSPyfTHYEQ812bfH+hwf+LprUQVH
7gT9SmIcXk7eqj++nfYlDX2vGJ+srsMFH3I31LPiS7E/IuzUZT0436ZaQDTasTVJ4g0Em3ncku8K
8psKn0EsQmQZnFWYLZXigh3SedhpGRtbXafh09eCGm5r4eGBHbl4AHam5gMh3uRCFz7cpcvY5Uvu
fJT4tOzyyiB16NKsxpJX/uSHApgfo+ibTPvh8r/mlPDHJVqacI4u9jwgmBxEW+FWER58/hrZ2c1C
McqBKODw8PZrheuBHQe74ngPq9Gwqri47YP3YfQFqusBgP/xYuwinRLRMug+JEiDa09GXTi/sCzX
ykohC1670+clT2fBFxgWTdlV/F5R1OoA6eHauj2sheBfrw+6UrJnBXUg/Rw0G0EBgXwyBA6KniX7
Q1Q9SRJ3vUbiqfYmuUlSMfPvCv/NrqdeXC+MfYELu2NuXmAt+Z73j1gRU/5dXIFs3L+P3VROCuTV
fCt/ZNgIAC+Cp4SNoAp9x/RDX2SpXZRmvu1KziF5DSouUie0zdHOgaNsww/WQ5T3XCO6AMvk4SCx
EQ7lrSCK22pBBmv8eRVy06ycZYCe5n5GlATrihqYlWdOizxNnGXi9hyIfLxG6ACUrIanOP8bUPLY
IWxkYRNmj1OHzch+7aaDX+dCRgmYK+ZFrb/hkQGOn2n/CUYKTelHxc9IHCKbIhw2zwMvrOovItTb
YX5W5AkZygo28BDMd17CyBU5wc6YHB/Fiuy98vuy36CsBRBFpqrPzJjJbDk7fqqea4z+7dMPcwcR
gjPyWNGit0tQHLqBujbRgOHdaedcJuFtg/OpnN5qeZh+dBlukMeD2WfUxJM/8wbFJ/v4LPCZOjrV
9P5TFilOVZoe/n2AD+OerflG09ktyFtGTD8aFPCDC069Ki24+uwuNQEOjhZs1URMgddJm1QDatcK
llh0CJWF9F/isfIndwhKpl9Lhj9YsZN7ypX3N1jH/ljJBhyixLlOxtD/Qgw5WHmoJOXILmZBXc2P
ELpUQ0zKmbJCLWni0/O4nxxHdhiTaL0QXxMX9kuN0Ei/4dY7bDwKhbd7yyZEL6Qv08UiXxvMt/mK
JSyhAFjBLHDzDzmTqiE0BbxwWtUU99jZPP9sTDdAnGj1+qKj9AqnWsSTZZSe1U5JtlBRqObhAgfs
I96ZcMhLRW2R1PH+NUMhfDMf1fv1cUJi8SzcThMFz8Tb9Os0R260bv5meUZmn3ldFCUmh7zNsl15
b7j7jOKTMAHb9Be5dLVt4wfhHgs+hjuDX4J/505xqjbfa7D178d0al9/jI9OFCjzMZ7Yi4JcP068
LKa5hQS8Iu5ps+BVO0uvZ6Xfm4cbARWNbWM4H05bqDZodTB319X6aYY17igialS0bMlPh4rz+ym1
0JT70Hxn5ongF3fu+8Xgz34Zcia4XAcb2mbHPSqcpl6oMs1eJXIgMY4/8zbMxZ0HAEwvZ96dj0CR
/asdMPZ7WONK85iVDDI3MyWSlWP+AHMcBXWpN/Kab0z9eZwogk+aGMiO+HIWOo8IhxDVR9yxkO3z
j3Odnoz+9zi5HtPh82PBXC6UJyviFjj8COKIdix/1rccTEwrSQVDEL6QW7n4Srf9PKsfmFoyGNdO
gjbCVwC4Y3mPW5cj9W6d/wCcS+S5R1dOgW5h0C/K9wNOgtURJEkeirsxtkKoiQmi6coyXtiag24+
FhgB+0dyWV2En9ojrWGJwJy7N8jn8IxbnkIXT97zT79JxF40Tge9bWArme/Zho4F9PGmWiNP26pQ
KlQaQ1zM56h/4MYAAACETl3+5uZzKAAB4hKA0AoAN8HGGLHEZ/sCAAAAAARZWg==
--===============7912873456351266913==
Content-Type: application/pgp-signature
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="signature.asc"

LS0tLS1CRUdJTiBQR1AgU0lHTkFUVVJFLS0tLS0KVmVyc2lvbjogR251UEcgdjIKCmlRSWNCQUVC
Q2dBR0JRSlVYT1loQUFvSkVLV0lBSEs3dFI1Q1RPOFAvaVQ2cEFLei9wU2w0ODFYYlpadVhIQ08K
Q25TY05McmU5Qkw5MVl2NVJnWEJQZGtXLzcvQVgwalJnMjZRalJ5dTYxNE1mOVEycnJEM3NLbHpK
ck1ZNkdWYgpPZ1ViNFZabEpCZ1R4Q2tTanM5dVZ6RWhxaG5FT1JpSGsxS05MZ3lTdVdmWDFNQkFp
MXFSMkFqdHprNUFDeGt1ClJrTVlVRWdnSUJNdmFZSWRRdDcyeWJ2eVVHZmtiQU1xNWZKcHR4LzZk
TFdFTFlpNmdxSTdyU3NYNkdXdW5IYk8KeGtBOUxSOWpmckNEbkcxWW1aaTN3cytack9XWmQ3T3JQ
a2t1R0RaeGJmNTZaakhDUVIzK3ptcWJzWVFDeXJMaApLenUyZ1N2WWFSbm9iRFpueHhXdDBzdlVG
R0EzRFc2V3J1aUZOc1B2WUFnOEFkQmJ4YzRkZnYyUDFVVS9HcXdFCjZ3U0Y4cUl1RCtoS2t6STZI
WEdTeGdxc09GQlRaeW8zajVRS0svNFZNR1dNbm5UclllQS9HMEszUHA3cnVQQVoKUE8wcGRYNWoy
TnU0ZEd0SlBRMzdVWkx3RjNEdEx1V0pPcG5HeVlzN1B2UW9FbTdveWlKOG5SNzBIeHFJQlZwUgpM
bHcvcUVISlZmSzdHd0NvcXJ0OEo1VTFWLzV3KzZyeUpHVkY4ejhUM1RxdS9oSWM2bFp4OEtJakFo
YUo3OHZxCkRHdStBYW0zdzh0dmxnSVZ4QTBlbkxBQXkxNXF3U0NLQzhJMjFUK0NLbm9oRDFWSUFR
OTFDTk1WY3Ezd1dwL3MKL3c3Q1Z6a3IzbFdWM0gwUnV3Z1hqVzk0bGV5STdWSDNCL0NoRWZvREpo
SU5MQllMSi9obHBvR0N0S3lObWJHWQpUTXNUemsrb1pOVWk2cDhqbmx1NAo9bzcwRgotLS0tLUVO
RCBQR1AgU0lHTkFUVVJFLS0tLS0K

--===============7912873456351266913==--