From mboxrd@z Thu Jan  1 00:00:00 1970
Content-Type: multipart/mixed; boundary="===============5283900718431579917=="
MIME-Version: 1.0
From: Mark Wielaard <mjw@redhat.com>
To: elfutils-devel@lists.fedorahosted.org
Subject: Re: out-of-bounds read / crash in elfutils tools (readelf, nm,
 ...) with malformed file
Date: Mon, 10 Nov 2014 21:58:27 +0100
Message-ID: <20141110205827.GF28913@blokker.redhat.com>
In-Reply-To: 20141109225946.43440e09@pc

--===============5283900718431579917==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable

On Sun, Nov 09, 2014 at 10:59:46PM +0100, Hanno B=C3=B6ck wrote:
> Am Sun, 09 Nov 2014 17:57:57 +0100
> schrieb Mark Wielaard <mjw@redhat.com>:
> =

> > > , however here are three more in
> > > nm. Seems they only crash on 32 bit.
> > =

> > I cannot get these to crash on either a fedora 20 x86_64 setup, nor
> > on a fedora 21-beta i686 setup. Could you run under gdb and provide a
> > backtrace?
> [...]
> Backtrace 2, id:000113,src:000000,op:flip32,pos:5474:
> Program received signal SIGSEGV, Segmentation fault.
> 0xf7dce3ab in __strcmp_ssse3 () from /lib32/libc.so.6
> (gdb) bt
> #0  0xf7dce3ab in __strcmp_ssse3 () from /lib32/libc.so.6
> #1  0xf7f6686d in ?? () from /usr/lib32/libdw.so.1
> #2  0xf7f66d80 in dwarf_begin_elf () from /usr/lib32/libdw.so.1

Note how here it seems to have picked up the system installed libdw.so.

Please make sure you setup LD_LIBRARY_PATH (should include backends,
libelf and libdw) correctly when running the tests.

I can only replicate your backtraces when using the system libelf/libdw,
not when running against lastest git master. e.g.

$ LD_LIBRARY_PATH=3Dbackends:libelf:libdw src/nm id\:000010\,src\:000000\,o=
p\:flip1\,pos\:5556 =


Symbols from id:000010,src:000000,op:flip1,pos:5556:

Name Value    Class  Type     Size     Line Section

Thanks,

Mark

--===============5283900718431579917==--