From mboxrd@z Thu Jan  1 00:00:00 1970
Content-Type: multipart/mixed; boundary="===============4967067351593297978=="
MIME-Version: 1.0
From: =?utf-8?q?Hanno_B=C3=B6ck_=3Channo_at_hboeck=2Ede=3E?=
To: elfutils-devel@lists.fedorahosted.org
Subject: Re: out-of-bounds read / crash in elfutils tools (readelf, nm,
 ...) with malformed file
Date: Thu, 13 Nov 2014 20:39:32 +0100
Message-ID: <20141113203932.3508bcbc@pc>
In-Reply-To: 1415889926.5000.2.camel@bordewijk.wildebeest.org

--===============4967067351593297978==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable

Am Thu, 13 Nov 2014 15:45:26 +0100
schrieb Mark Wielaard <mjw@redhat.com>:

> I pushed this now to master as attached.

still crashes readelf -a in
id:000116,src:000000,op:flip32,pos:5554


Program received signal SIGSEGV, Segmentation fault.
0xf7d96112 in vfprintf () from /lib32/libc.so.6
(gdb) bt
#0  0xf7d96112 in vfprintf () from /lib32/libc.so.6
#1  0xf7d9c5c8 in printf () from /lib32/libc.so.6
#2  0x0805163c in handle_symtab (ebl=3D0x8078b58, scn=3D0x807a140,
shdr=3D0xffffca5c) at readelf.c:2245
#3  0x08050fbb in print_symtab (ebl=3D0x8078b58, type=3D2) at readelf.c:2139
#4  0x0804cb06 in process_elf_file (dwflmod=3D0x80789e8, fd=3D3) at
readelf.c:887 #5  0x0804c1f4 in process_dwflmod (dwflmod=3D0x80789e8,
userdata=3D0x80789f0, name=3D0x8078af8
"id:000116,src:000000,op:flip32,pos:5554", base=3D134512640,
arg=3D0xffffcc8c) at readelf.c:691 #6  0xf7f38be4 in dwfl_getmodules ()
from /usr/lib32/libdw.so.1 #7  0x0804c66a in process_file (fd=3D3, =

    fname=3D0xffffcfe6 "id:000116,src:000000,op:flip32,pos:5554",
only_one=3Dtrue) at readelf.c:790
#8  0x0804b13f in main (argc=3D3, argv=3D0xffffce04) at readelf.c:296


-- =

Hanno B=C3=B6ck
http://hboeck.de/

mail/jabber: hanno@hboeck.de
GPG: BBB51E42

--===============4967067351593297978==
Content-Type: application/pgp-signature
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="signature.asc"

LS0tLS1CRUdJTiBQR1AgU0lHTkFUVVJFLS0tLS0KVmVyc2lvbjogR251UEcgdjIKCmlRSWNCQUVC
Q2dBR0JRSlVaUWowQUFvSkVLV0lBSEs3dFI1Q3JBQVArd1RJaEZCVUs3L3YrNGl0WnBQaWVWV1UK
OXg5NHM4ZnZxZjdkYXFTL2xlVkp1QUJLZHFqcnd1cXg5VkJWeDIrMGg2a2JSblVsbncrOEFMV3Vp
VU83cTkzRAprb2hpOXoyTWZMMGtFWE42UllYYzhyMkhYUnJPR2YxSFRJczBTcC9GWXpTMnBCcDlZ
c090cWxaZEdFWUNlelduCnV0S0V4TG5ld3F3cHFBZlRFWEV5S21aakxRUVFnTjB2eW9OdmRYYXo1
bUIwWUNaQktHQkdYOGRhNkg5cnZaczkKZEtPTVd5WmFBV3Rlcy9xcCttVWF5U1A4TEtsRmNiYktV
cUIxc2lINHN4UEgvbGhSSHd2MUxqQWRkQlE5SEtldwpTejEvSW1QdVQ0ZkVrWWUvK3dTK1NsTWFT
aGhQcDdsU1BsU0FKbzkwUlJDaSthT2VjN1RVREhNRitjZWFHK2FqCkx3ZndHZWdRZk15QjRsTGdl
Z0RtTGhUMU0ybmJ3VENDYmxKdXB3VlNCRTQwd2VvYkMrR3p5U0hyQmFJcmx4aVEKK0RsemJTWGFP
SUVtdmZ5VzAvK2M0TUcyWUxDbFU1VzNjS2QwVFQ2RGlISDl5NjIydWxsYUIxMTczZWVDZG9yUgpu
V1g5Z1JvVW1yMk93ZkJOdEc3UDdpazk4ckZEelFKbEpqY2JINnVqNGtWMGd6S3J6c1I4ZGc2MGJh
VWsyY1Y5CmppNHNJaTQzcndvcm16a2VPT2hqWHJJL3hHdG5kdVZHRTZkWDRoTnlvelR5N1V3M2l0
REF2MEZSM0ZJL1QrL3gKRGEvVzRtdjI0T1BRQUMwQVEyaW42S21MVXJmS3dYK3VyejBiem1CNTdV
aDk4bUNuUTgvcE5SWm5tdCtpQjRseAp2N1E3d3Z2c2UzRE8wQTJXaEtJVAo9MzM0RgotLS0tLUVO
RCBQR1AgU0lHTkFUVVJFLS0tLS0K

--===============4967067351593297978==--