From mboxrd@z Thu Jan 1 00:00:00 1970 Content-Type: multipart/mixed; boundary="===============7912873456351266913==" MIME-Version: 1.0 From: =?utf-8?q?Hanno_B=C3=B6ck_=3Channo_at_hboeck=2Ede=3E?= To: elfutils-devel@lists.fedorahosted.org Subject: Re: out-of-bounds read / crash in elfutils tools (readelf, nm, ...) with malformed file Date: Fri, 07 Nov 2014 16:32:49 +0100 Message-ID: <20141107163249.1ded8b70@pc> In-Reply-To: 1415361487.19702.26.camel@bordewijk.wildebeest.org --===============7912873456351266913== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Am Fri, 07 Nov 2014 12:58:07 +0100 schrieb Mark Wielaard : > On Fri, 2014-11-07 at 01:27 +0100, Hanno B=C3=B6ck wrote: > > Am Thu, 06 Nov 2014 16:11:43 +0100 > > schrieb Mark Wielaard : > > = > > > > (actually this bug report is kind of a fallout of a bug search > > > > in libbfd - various parser bugs in the binutils-tools have been > > > > found and fixed in the past days and I thought I'd run other > > > > elf-related tools on the collection of bug-exposing binaries) > > > = > > > Thanks. If you have any other examples please do report them. > > = > > Ten to crash readelf -a attached, according to american-fuzzy-lop > > all distinct code paths. > = > Thanks. eu-readelf didn't sanitize the hash section data before use. > The attached patch should fix that. Fixes some of them but not all. Still crashers: id:000053,src:000000,op:flip1,pos:879 id:000054,src:000000,op:flip1,pos:885 Also see attachmend, output from american fuzzy lop with latest git code and your two patches. 9 crashes, 10 hangs. -- = Hanno B=C3=B6ck http://hboeck.de/ mail/jabber: hanno@hboeck.de GPG: BBB51E42 --===============7912873456351266913== Content-Type: application/x-xz MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="eu-readelf-crasher-hangs-2.tar.xz" /Td6WFoAAATm1rRGAgAhARYAAAB0L+Wj4qf/CUZdADGciEb9JU+FCS8ShHKB8WnTGyvZUBWfg9bh DO7AUpLUFcR1SQW07aNWG/EvEYto9JdI6B3g2zwaaePQZFKAMQTk3E//Zay/MbJiC2JJfDs+E9Dq xOig9PeriKZJxKzyvqDC7qutR7XZprO8+Mq+Nt9sMDCzP2sbQjkBq5Yg8Og3dhMivMRO3W8ideI/ 2fIh/PKgA4czQ887k9yInGUW7jlR+vPfWK0viKPFChtb6s1JYHaMYr803Hs/ao40Q/7LCxyGH1Te DQH3SYvuVaUlKzk5pSScV5hrTTLUvcZBiPn/2Omfr5yZVbQ5TPy2pw8K3hhBLQwodpHWfpdjaAlO qYS2Cy0zSQKLnp03NoWSRY7HT+6Hl5ffMGVbKN9RxH1Hu5lnN96aqbXwVubo8RXuVkPtZKvOjkRs i2AM9tLBOl6Tp5bbJGRYRzrzLwZlL+xhNRWwgjXaC/EhN9DOzZMRzx8LRcczJu1qw/PG7fKL7h2h RSDijjVqZSHG2kFa9ElutWmeplF0JFxHDuxaRotEXqAjqDKQRPsOfsmsmBO6afE12xP+Ga+bKi6k LAMk5HVDWDgOZUxboPyVUuYESOlMTI9iAn0ttoY++5Ak/poVdwbDGKfK8n3Gnd+0QyAX6z1aMRMe ZgOUc6+bKcaN/98AfzHp0GFx3HMDBU7JOP3VttuEfHQtBEjIxEGyn67/P9B974m0OMwHWv6cGZ6b AXIYGAAsuXPd3qMaMNn/bxECuDJyGopkJShkg878UhifkeEjj/FWUH5iXVGqhySZg4rgpFm95Pwv /LmRVq37csbabdaHk88zDF24WxzKRj9EIpohDhHIk0TJ+kj1kE5tz0T0R9tnd0uAujzpw65zUPAs IbdKypcQG05LsTijBnYVjbaTzXgx5t2KeuQr5bILP8F66JJn6mmrsoXszTdTlFzMZlriS0iOL5Kk AOY0tlNaTYkPSw1wiUNnHPi/B/wLYZCiwOXQutsFALfnHLjl1B1g+/1/5YUscnMRPEKe6kNqzH2S WLdyLO+S2ofxvPYyqFpcgQOwr4IPGTRbCRUYhm1OeOMO+XirLmV5kBY0kfDLrm6SLVoBCSK7i7fQ hrDTE/3TxsHaO7if/D0RgXwlb9ulflDVw601GUF56Vrc+chx0cGzP315yYLsyOB3eS7Z389CzZ/I hro6vZLM/E0aD+YTCA5h8keUQk5NKc4DgysfxLgsdw6EIvCeLctqdoC8Phqmz3S0y43j0PLGln3b s/3vQ8snwfzmrIT060R8oD4Cxosc0qi9rST+TjkY+OjZcbe8PfG925u8zk+Q3W4Spntmrydg9Q7y 8r1oOZCQYRsaOS2XirCGBTdkVlAbKt4gCC99I3ngMumDczUGuSPyfTHYEQ812bfH+hwf+LprUQVH 7gT9SmIcXk7eqj++nfYlDX2vGJ+srsMFH3I31LPiS7E/IuzUZT0436ZaQDTasTVJ4g0Em3ncku8K 8psKn0EsQmQZnFWYLZXigh3SedhpGRtbXafh09eCGm5r4eGBHbl4AHam5gMh3uRCFz7cpcvY5Uvu fJT4tOzyyiB16NKsxpJX/uSHApgfo+ibTPvh8r/mlPDHJVqacI4u9jwgmBxEW+FWER58/hrZ2c1C McqBKODw8PZrheuBHQe74ngPq9Gwqri47YP3YfQFqusBgP/xYuwinRLRMug+JEiDa09GXTi/sCzX ykohC1670+clT2fBFxgWTdlV/F5R1OoA6eHauj2sheBfrw+6UrJnBXUg/Rw0G0EBgXwyBA6KniX7 Q1Q9SRJ3vUbiqfYmuUlSMfPvCv/NrqdeXC+MfYELu2NuXmAt+Z73j1gRU/5dXIFs3L+P3VROCuTV fCt/ZNgIAC+Cp4SNoAp9x/RDX2SpXZRmvu1KziF5DSouUie0zdHOgaNsww/WQ5T3XCO6AMvk4SCx EQ7lrSCK22pBBmv8eRVy06ycZYCe5n5GlATrihqYlWdOizxNnGXi9hyIfLxG6ACUrIanOP8bUPLY IWxkYRNmj1OHzch+7aaDX+dCRgmYK+ZFrb/hkQGOn2n/CUYKTelHxc9IHCKbIhw2zwMvrOovItTb YX5W5AkZygo28BDMd17CyBU5wc6YHB/Fiuy98vuy36CsBRBFpqrPzJjJbDk7fqqea4z+7dMPcwcR gjPyWNGit0tQHLqBujbRgOHdaedcJuFtg/OpnN5qeZh+dBlukMeD2WfUxJM/8wbFJ/v4LPCZOjrV 9P5TFilOVZoe/n2AD+OerflG09ktyFtGTD8aFPCDC069Ki24+uwuNQEOjhZs1URMgddJm1QDatcK llh0CJWF9F/isfIndwhKpl9Lhj9YsZN7ypX3N1jH/ljJBhyixLlOxtD/Qgw5WHmoJOXILmZBXc2P ELpUQ0zKmbJCLWni0/O4nxxHdhiTaL0QXxMX9kuN0Ei/4dY7bDwKhbd7yyZEL6Qv08UiXxvMt/mK JSyhAFjBLHDzDzmTqiE0BbxwWtUU99jZPP9sTDdAnGj1+qKj9AqnWsSTZZSe1U5JtlBRqObhAgfs I96ZcMhLRW2R1PH+NUMhfDMf1fv1cUJi8SzcThMFz8Tb9Os0R260bv5meUZmn3ldFCUmh7zNsl15 b7j7jOKTMAHb9Be5dLVt4wfhHgs+hjuDX4J/505xqjbfa7D178d0al9/jI9OFCjzMZ7Yi4JcP068 LKa5hQS8Iu5ps+BVO0uvZ6Xfm4cbARWNbWM4H05bqDZodTB319X6aYY17igialS0bMlPh4rz+ym1 0JT70Hxn5ongF3fu+8Xgz34Zcia4XAcb2mbHPSqcpl6oMs1eJXIgMY4/8zbMxZ0HAEwvZ96dj0CR /asdMPZ7WONK85iVDDI3MyWSlWP+AHMcBXWpN/Kab0z9eZwogk+aGMiO+HIWOo8IhxDVR9yxkO3z j3Odnoz+9zi5HtPh82PBXC6UJyviFjj8COKIdix/1rccTEwrSQVDEL6QW7n4Srf9PKsfmFoyGNdO gjbCVwC4Y3mPW5cj9W6d/wCcS+S5R1dOgW5h0C/K9wNOgtURJEkeirsxtkKoiQmi6coyXtiag24+ FhgB+0dyWV2En9ojrWGJwJy7N8jn8IxbnkIXT97zT79JxF40Tge9bWArme/Zho4F9PGmWiNP26pQ KlQaQ1zM56h/4MYAAACETl3+5uZzKAAB4hKA0AoAN8HGGLHEZ/sCAAAAAARZWg== --===============7912873456351266913== Content-Type: application/pgp-signature MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="signature.asc" LS0tLS1CRUdJTiBQR1AgU0lHTkFUVVJFLS0tLS0KVmVyc2lvbjogR251UEcgdjIKCmlRSWNCQUVC Q2dBR0JRSlVYT1loQUFvSkVLV0lBSEs3dFI1Q1RPOFAvaVQ2cEFLei9wU2w0ODFYYlpadVhIQ08K Q25TY05McmU5Qkw5MVl2NVJnWEJQZGtXLzcvQVgwalJnMjZRalJ5dTYxNE1mOVEycnJEM3NLbHpK ck1ZNkdWYgpPZ1ViNFZabEpCZ1R4Q2tTanM5dVZ6RWhxaG5FT1JpSGsxS05MZ3lTdVdmWDFNQkFp MXFSMkFqdHprNUFDeGt1ClJrTVlVRWdnSUJNdmFZSWRRdDcyeWJ2eVVHZmtiQU1xNWZKcHR4LzZk TFdFTFlpNmdxSTdyU3NYNkdXdW5IYk8KeGtBOUxSOWpmckNEbkcxWW1aaTN3cytack9XWmQ3T3JQ a2t1R0RaeGJmNTZaakhDUVIzK3ptcWJzWVFDeXJMaApLenUyZ1N2WWFSbm9iRFpueHhXdDBzdlVG R0EzRFc2V3J1aUZOc1B2WUFnOEFkQmJ4YzRkZnYyUDFVVS9HcXdFCjZ3U0Y4cUl1RCtoS2t6STZI WEdTeGdxc09GQlRaeW8zajVRS0svNFZNR1dNbm5UclllQS9HMEszUHA3cnVQQVoKUE8wcGRYNWoy TnU0ZEd0SlBRMzdVWkx3RjNEdEx1V0pPcG5HeVlzN1B2UW9FbTdveWlKOG5SNzBIeHFJQlZwUgpM bHcvcUVISlZmSzdHd0NvcXJ0OEo1VTFWLzV3KzZyeUpHVkY4ejhUM1RxdS9oSWM2bFp4OEtJakFo YUo3OHZxCkRHdStBYW0zdzh0dmxnSVZ4QTBlbkxBQXkxNXF3U0NLQzhJMjFUK0NLbm9oRDFWSUFR OTFDTk1WY3Ezd1dwL3MKL3c3Q1Z6a3IzbFdWM0gwUnV3Z1hqVzk0bGV5STdWSDNCL0NoRWZvREpo SU5MQllMSi9obHBvR0N0S3lObWJHWQpUTXNUemsrb1pOVWk2cDhqbmx1NAo9bzcwRgotLS0tLUVO RCBQR1AgU0lHTkFUVVJFLS0tLS0K --===============7912873456351266913==--