* [Bug tools/25082] New: Multiple crashes in eu-unstrip @ 2019-10-08 14:55 leftcopy.chx at gmail dot com 2019-10-09 2:38 ` [Bug tools/25082] " leftcopy.chx at gmail dot com ` (3 more replies) 0 siblings, 4 replies; 5+ messages in thread From: leftcopy.chx at gmail dot com @ 2019-10-08 14:55 UTC (permalink / raw) To: elfutils-devel https://sourceware.org/bugzilla/show_bug.cgi?id=25082 Bug ID: 25082 Summary: Multiple crashes in eu-unstrip Product: elfutils Version: unspecified Status: UNCONFIRMED Severity: normal Priority: P2 Component: tools Assignee: unassigned at sourceware dot org Reporter: leftcopy.chx at gmail dot com CC: elfutils-devel at sourceware dot org Target Milestone: --- Created attachment 12033 --> https://sourceware.org/bugzilla/attachment.cgi?id=12033&action=edit pocs and error messages When executing `./eu-unstrip $FILE ./stripped -o /dev/null`, there might be some crashes if elfutils is built with ASAN. e.g., invalid read at unstrip.c:1661, unstrip.c:1663, unstrip.c:444 and unstrip.c:774. The relevant files are attached. ASAN:DEADLYSIGNAL ================================================================= ==19829==ERROR: AddressSanitizer: SEGV on unknown address 0x1000802274a1 (pc 0x5555555673e7 bp 0x7fffffffbd10 sp 0x7fffffffa4e0 T0) ==19829==The signal is caused by a READ memory access. #0 0x5555555673e6 in copy_elided_sections /home/hongxu/FOT/Targets/elfutils/eu-asan/src/unstrip.c:1661 #1 0x55555556bea1 in handle_file /home/hongxu/FOT/Targets/elfutils/eu-asan/src/unstrip.c:2162 #2 0x55555556c760 in handle_explicit_files /home/hongxu/FOT/Targets/elfutils/eu-asan/src/unstrip.c:2227 #3 0x55555556f1f6 in main /home/hongxu/FOT/Targets/elfutils/eu-asan/src/unstrip.c:2562 #4 0x7ffff6596b96 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b96) #5 0x555555559a89 in _start (/home/hongxu/FOT/Targets/elfutils/eu-asan/install/bin/eu-unstrip+0x5a89) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV /home/hongxu/FOT/Targets/elfutils/eu-asan/src/unstrip.c:1661 in copy_elided_sections ==19829==ABORTING -- You are receiving this mail because: You are on the CC list for the bug. ^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug tools/25082] Multiple crashes in eu-unstrip 2019-10-08 14:55 [Bug tools/25082] New: Multiple crashes in eu-unstrip leftcopy.chx at gmail dot com @ 2019-10-09 2:38 ` leftcopy.chx at gmail dot com 2019-10-09 2:38 ` leftcopy.chx at gmail dot com ` (2 subsequent siblings) 3 siblings, 0 replies; 5+ messages in thread From: leftcopy.chx at gmail dot com @ 2019-10-09 2:38 UTC (permalink / raw) To: elfutils-devel https://sourceware.org/bugzilla/show_bug.cgi?id=25082 --- Comment #2 from leftcopy.chx at gmail dot com --- Comment on attachment 12035 --> https://sourceware.org/bugzilla/attachment.cgi?id=12035 more pocs crashes with different backtraces -- You are receiving this mail because: You are on the CC list for the bug. ^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug tools/25082] Multiple crashes in eu-unstrip 2019-10-08 14:55 [Bug tools/25082] New: Multiple crashes in eu-unstrip leftcopy.chx at gmail dot com 2019-10-09 2:38 ` [Bug tools/25082] " leftcopy.chx at gmail dot com @ 2019-10-09 2:38 ` leftcopy.chx at gmail dot com 2019-10-21 10:59 ` mark at klomp dot org 2019-10-26 0:11 ` mark at klomp dot org 3 siblings, 0 replies; 5+ messages in thread From: leftcopy.chx at gmail dot com @ 2019-10-09 2:38 UTC (permalink / raw) To: elfutils-devel https://sourceware.org/bugzilla/show_bug.cgi?id=25082 --- Comment #1 from leftcopy.chx at gmail dot com --- Created attachment 12035 --> https://sourceware.org/bugzilla/attachment.cgi?id=12035&action=edit more pocs -- You are receiving this mail because: You are on the CC list for the bug. ^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug tools/25082] Multiple crashes in eu-unstrip 2019-10-08 14:55 [Bug tools/25082] New: Multiple crashes in eu-unstrip leftcopy.chx at gmail dot com 2019-10-09 2:38 ` [Bug tools/25082] " leftcopy.chx at gmail dot com 2019-10-09 2:38 ` leftcopy.chx at gmail dot com @ 2019-10-21 10:59 ` mark at klomp dot org 2019-10-26 0:11 ` mark at klomp dot org 3 siblings, 0 replies; 5+ messages in thread From: mark at klomp dot org @ 2019-10-21 10:59 UTC (permalink / raw) To: elfutils-devel https://sourceware.org/bugzilla/show_bug.cgi?id=25082 Mark Wielaard <mark at klomp dot org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|UNCONFIRMED |ASSIGNED Last reconfirmed| |2019-10-21 CC| |mark at klomp dot org Assignee|unassigned at sourceware dot org |mark at klomp dot org Ever confirmed|0 |1 --- Comment #3 from Mark Wielaard <mark at klomp dot org> --- Created attachment 12047 --> https://sourceware.org/bugzilla/attachment.cgi?id=12047&action=edit unstrip: Add various checks for bad input data eu-unstrip was clearly not written for bad ELF input files. Not surprisingly because it would be slightly odd to run it on untrusted input, which wasn't just stripped in two. But I have added a couple of robustness fixed that should at least not make it crash and give an error message that will hopefully explain what is wrong with the input files. -- You are receiving this mail because: You are on the CC list for the bug. ^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug tools/25082] Multiple crashes in eu-unstrip 2019-10-08 14:55 [Bug tools/25082] New: Multiple crashes in eu-unstrip leftcopy.chx at gmail dot com ` (2 preceding siblings ...) 2019-10-21 10:59 ` mark at klomp dot org @ 2019-10-26 0:11 ` mark at klomp dot org 3 siblings, 0 replies; 5+ messages in thread From: mark at klomp dot org @ 2019-10-26 0:11 UTC (permalink / raw) To: elfutils-devel https://sourceware.org/bugzilla/show_bug.cgi?id=25082 Mark Wielaard <mark at klomp dot org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |RESOLVED Resolution|--- |FIXED --- Comment #4 from Mark Wielaard <mark at klomp dot org> --- commit 90f4bb30381b0354b8b40cd09e68005713bfd69a (HEAD -> master, origin/master, origin/HEAD) Author: Mark Wielaard <mark@klomp.org> Date: Mon Oct 21 10:55:32 2019 +0200 unstrip: Add various checks for bad input data. There were various ways to crash eu-unstrip with bad ELF input data. Add various tests against bad data and allocate some structures on the heap instead of on the stack. https://sourceware.org/bugzilla/show_bug.cgi?id=25082 Signed-off-by: Mark Wielaard <mark@klomp.org> -- You are receiving this mail because: You are on the CC list for the bug. ^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2019-10-26 0:11 UTC | newest] Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2019-10-08 14:55 [Bug tools/25082] New: Multiple crashes in eu-unstrip leftcopy.chx at gmail dot com 2019-10-09 2:38 ` [Bug tools/25082] " leftcopy.chx at gmail dot com 2019-10-09 2:38 ` leftcopy.chx at gmail dot com 2019-10-21 10:59 ` mark at klomp dot org 2019-10-26 0:11 ` mark at klomp dot org
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).