From mboxrd@z Thu Jan  1 00:00:00 1970
Content-Type: multipart/mixed; boundary="===============0463297419896910288=="
MIME-Version: 1.0
From: Mark Wielaard <mjw@redhat.com>
To: elfutils-devel@lists.fedorahosted.org
Subject: Re: out-of-bounds read / crash in elfutils tools (readelf, nm,
 ...) with malformed file
Date: Thu, 13 Nov 2014 22:51:47 +0100
Message-ID: <20141113215147.GA20160@blokker.redhat.com>
In-Reply-To: 20141113203932.3508bcbc@pc

--===============0463297419896910288==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable

On Thu, Nov 13, 2014 at 08:39:32PM +0100, Hanno B=C3=B6ck wrote:
> Am Thu, 13 Nov 2014 15:45:26 +0100
> schrieb Mark Wielaard <mjw@redhat.com>:
> =

> > I pushed this now to master as attached.
> =

> still crashes readelf -a in
> id:000116,src:000000,op:flip32,pos:5554

> Program received signal SIGSEGV, Segmentation fault.
> 0xf7d96112 in vfprintf () from /lib32/libc.so.6

Sorry, you'll have to dig into that one a bit deeper yourself, since it
doesn't crash for me, even on a (Fedora 21 beta) i686 setup.

Maybe you could install debuginfo for glibc and see what is being
passed to printf that seem to cause it to crash.

> (gdb) bt
> #0  0xf7d96112 in vfprintf () from /lib32/libc.so.6
> #1  0xf7d9c5c8 in printf () from /lib32/libc.so.6
> #2  0x0805163c in handle_symtab (ebl=3D0x8078b58, scn=3D0x807a140,
> shdr=3D0xffffca5c) at readelf.c:2245
> #3  0x08050fbb in print_symtab (ebl=3D0x8078b58, type=3D2) at readelf.c:2=
139
> #4  0x0804cb06 in process_elf_file (dwflmod=3D0x80789e8, fd=3D3) at
> readelf.c:887 #5  0x0804c1f4 in process_dwflmod (dwflmod=3D0x80789e8,
> userdata=3D0x80789f0, name=3D0x8078af8
> "id:000116,src:000000,op:flip32,pos:5554", base=3D134512640,
> arg=3D0xffffcc8c) at readelf.c:691 #6  0xf7f38be4 in dwfl_getmodules ()
> from /usr/lib32/libdw.so.1 #7  0x0804c66a in process_file (fd=3D3, =

>     fname=3D0xffffcfe6 "id:000116,src:000000,op:flip32,pos:5554",
> only_one=3Dtrue) at readelf.c:790
> #8  0x0804b13f in main (argc=3D3, argv=3D0xffffce04) at readelf.c:296

Are you sure you are using the git master sources?
The backtrace looks like it is using the system installed libdw.so.

Thanks,

Mark

--===============0463297419896910288==--