* [Bug tools/25082] New: Multiple crashes in eu-unstrip
@ 2019-10-08 14:55 leftcopy.chx at gmail dot com
2019-10-09 2:38 ` [Bug tools/25082] " leftcopy.chx at gmail dot com
` (3 more replies)
0 siblings, 4 replies; 5+ messages in thread
From: leftcopy.chx at gmail dot com @ 2019-10-08 14:55 UTC (permalink / raw)
To: elfutils-devel
https://sourceware.org/bugzilla/show_bug.cgi?id=25082
Bug ID: 25082
Summary: Multiple crashes in eu-unstrip
Product: elfutils
Version: unspecified
Status: UNCONFIRMED
Severity: normal
Priority: P2
Component: tools
Assignee: unassigned at sourceware dot org
Reporter: leftcopy.chx at gmail dot com
CC: elfutils-devel at sourceware dot org
Target Milestone: ---
Created attachment 12033
--> https://sourceware.org/bugzilla/attachment.cgi?id=12033&action=edit
pocs and error messages
When executing `./eu-unstrip $FILE ./stripped -o /dev/null`, there might be
some crashes if elfutils is built with ASAN. e.g., invalid read at
unstrip.c:1661, unstrip.c:1663, unstrip.c:444 and unstrip.c:774.
The relevant files are attached.
ASAN:DEADLYSIGNAL
=================================================================
==19829==ERROR: AddressSanitizer: SEGV on unknown address 0x1000802274a1 (pc
0x5555555673e7 bp 0x7fffffffbd10 sp 0x7fffffffa4e0 T0)
==19829==The signal is caused by a READ memory access.
#0 0x5555555673e6 in copy_elided_sections
/home/hongxu/FOT/Targets/elfutils/eu-asan/src/unstrip.c:1661
#1 0x55555556bea1 in handle_file
/home/hongxu/FOT/Targets/elfutils/eu-asan/src/unstrip.c:2162
#2 0x55555556c760 in handle_explicit_files
/home/hongxu/FOT/Targets/elfutils/eu-asan/src/unstrip.c:2227
#3 0x55555556f1f6 in main
/home/hongxu/FOT/Targets/elfutils/eu-asan/src/unstrip.c:2562
#4 0x7ffff6596b96 in __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x21b96)
#5 0x555555559a89 in _start
(/home/hongxu/FOT/Targets/elfutils/eu-asan/install/bin/eu-unstrip+0x5a89)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV
/home/hongxu/FOT/Targets/elfutils/eu-asan/src/unstrip.c:1661 in
copy_elided_sections
==19829==ABORTING
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug tools/25082] Multiple crashes in eu-unstrip
2019-10-08 14:55 [Bug tools/25082] New: Multiple crashes in eu-unstrip leftcopy.chx at gmail dot com
@ 2019-10-09 2:38 ` leftcopy.chx at gmail dot com
2019-10-09 2:38 ` leftcopy.chx at gmail dot com
` (2 subsequent siblings)
3 siblings, 0 replies; 5+ messages in thread
From: leftcopy.chx at gmail dot com @ 2019-10-09 2:38 UTC (permalink / raw)
To: elfutils-devel
https://sourceware.org/bugzilla/show_bug.cgi?id=25082
--- Comment #1 from leftcopy.chx at gmail dot com ---
Created attachment 12035
--> https://sourceware.org/bugzilla/attachment.cgi?id=12035&action=edit
more pocs
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug tools/25082] Multiple crashes in eu-unstrip
2019-10-08 14:55 [Bug tools/25082] New: Multiple crashes in eu-unstrip leftcopy.chx at gmail dot com
2019-10-09 2:38 ` [Bug tools/25082] " leftcopy.chx at gmail dot com
@ 2019-10-09 2:38 ` leftcopy.chx at gmail dot com
2019-10-21 10:59 ` mark at klomp dot org
2019-10-26 0:11 ` mark at klomp dot org
3 siblings, 0 replies; 5+ messages in thread
From: leftcopy.chx at gmail dot com @ 2019-10-09 2:38 UTC (permalink / raw)
To: elfutils-devel
https://sourceware.org/bugzilla/show_bug.cgi?id=25082
--- Comment #2 from leftcopy.chx at gmail dot com ---
Comment on attachment 12035
--> https://sourceware.org/bugzilla/attachment.cgi?id=12035
more pocs
crashes with different backtraces
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug tools/25082] Multiple crashes in eu-unstrip
2019-10-08 14:55 [Bug tools/25082] New: Multiple crashes in eu-unstrip leftcopy.chx at gmail dot com
2019-10-09 2:38 ` [Bug tools/25082] " leftcopy.chx at gmail dot com
2019-10-09 2:38 ` leftcopy.chx at gmail dot com
@ 2019-10-21 10:59 ` mark at klomp dot org
2019-10-26 0:11 ` mark at klomp dot org
3 siblings, 0 replies; 5+ messages in thread
From: mark at klomp dot org @ 2019-10-21 10:59 UTC (permalink / raw)
To: elfutils-devel
https://sourceware.org/bugzilla/show_bug.cgi?id=25082
Mark Wielaard <mark at klomp dot org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|UNCONFIRMED |ASSIGNED
Last reconfirmed| |2019-10-21
CC| |mark at klomp dot org
Assignee|unassigned at sourceware dot org |mark at klomp dot org
Ever confirmed|0 |1
--- Comment #3 from Mark Wielaard <mark at klomp dot org> ---
Created attachment 12047
--> https://sourceware.org/bugzilla/attachment.cgi?id=12047&action=edit
unstrip: Add various checks for bad input data
eu-unstrip was clearly not written for bad ELF input files. Not surprisingly
because it would be slightly odd to run it on untrusted input, which wasn't
just stripped in two.
But I have added a couple of robustness fixed that should at least not make it
crash and give an error message that will hopefully explain what is wrong with
the input files.
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug tools/25082] Multiple crashes in eu-unstrip
2019-10-08 14:55 [Bug tools/25082] New: Multiple crashes in eu-unstrip leftcopy.chx at gmail dot com
` (2 preceding siblings ...)
2019-10-21 10:59 ` mark at klomp dot org
@ 2019-10-26 0:11 ` mark at klomp dot org
3 siblings, 0 replies; 5+ messages in thread
From: mark at klomp dot org @ 2019-10-26 0:11 UTC (permalink / raw)
To: elfutils-devel
https://sourceware.org/bugzilla/show_bug.cgi?id=25082
Mark Wielaard <mark at klomp dot org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|ASSIGNED |RESOLVED
Resolution|--- |FIXED
--- Comment #4 from Mark Wielaard <mark at klomp dot org> ---
commit 90f4bb30381b0354b8b40cd09e68005713bfd69a (HEAD -> master, origin/master,
origin/HEAD)
Author: Mark Wielaard <mark@klomp.org>
Date: Mon Oct 21 10:55:32 2019 +0200
unstrip: Add various checks for bad input data.
There were various ways to crash eu-unstrip with bad ELF input
data. Add various tests against bad data and allocate some structures
on the heap instead of on the stack.
https://sourceware.org/bugzilla/show_bug.cgi?id=25082
Signed-off-by: Mark Wielaard <mark@klomp.org>
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2019-10-26 0:11 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-10-08 14:55 [Bug tools/25082] New: Multiple crashes in eu-unstrip leftcopy.chx at gmail dot com
2019-10-09 2:38 ` [Bug tools/25082] " leftcopy.chx at gmail dot com
2019-10-09 2:38 ` leftcopy.chx at gmail dot com
2019-10-21 10:59 ` mark at klomp dot org
2019-10-26 0:11 ` mark at klomp dot org
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).