* [Bug general/25838] New: eu-readelf crashes due to a general protection fault
@ 2020-04-16 15:11 nguyenmanhdung1710 at gmail dot com
2020-04-18 0:02 ` [Bug general/25838] " mark at klomp dot org
` (5 more replies)
0 siblings, 6 replies; 7+ messages in thread
From: nguyenmanhdung1710 at gmail dot com @ 2020-04-16 15:11 UTC (permalink / raw)
To: elfutils-devel
https://sourceware.org/bugzilla/show_bug.cgi?id=25838
Bug ID: 25838
Summary: eu-readelf crashes due to a general protection fault
Product: elfutils
Version: unspecified
Status: UNCONFIRMED
Severity: normal
Priority: P2
Component: general
Assignee: unassigned at sourceware dot org
Reporter: nguyenmanhdung1710 at gmail dot com
CC: elfutils-devel at sourceware dot org
Target Milestone: ---
Created attachment 12470
--> https://sourceware.org/bugzilla/attachment.cgi?id=12470&action=edit
PoC
Hi,
A general protection fault was discovered in the latest commit 1a9fe4b of
elfutils 0.179, as demonstrated by eu-readelf, that can cause a denial of
service via a crafted file.
To reproduce: eu-readelf -a PoC
Valgrind says:
==3222== Process terminating with default action of signal 11 (SIGSEGV)
==3222== General Protection Fault
==3222== at 0x4124AB: handle_gnu_hash (readelf.c:3430)
==3222== by 0x4124AB: handle_hash (readelf.c:3501)
==3222== by 0x45EA8B: process_elf_file (readelf.c:1012)
==3222== by 0x465129: process_dwflmod (readelf.c:790)
==3222== by 0x4FCC888: dwfl_getmodules (dwfl_getmodules.c:86)
==3222== by 0x4094D5: process_file (readelf.c:898)
==3222== by 0x404D1E: main (readelf.c:372)
Thanks,
Manh Dung
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 7+ messages in thread
* [Bug general/25838] eu-readelf crashes due to a general protection fault
2020-04-16 15:11 [Bug general/25838] New: eu-readelf crashes due to a general protection fault nguyenmanhdung1710 at gmail dot com
@ 2020-04-18 0:02 ` mark at klomp dot org
2020-04-18 7:40 ` nguyenmanhdung1710 at gmail dot com
` (4 subsequent siblings)
5 siblings, 0 replies; 7+ messages in thread
From: mark at klomp dot org @ 2020-04-18 0:02 UTC (permalink / raw)
To: elfutils-devel
https://sourceware.org/bugzilla/show_bug.cgi?id=25838
Mark Wielaard <mark at klomp dot org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |mark at klomp dot org
--- Comment #1 from Mark Wielaard <mark at klomp dot org> ---
Sorry, I cannot replicate this on either x86_64 or i686.
Running the reproducer under valgrind doesn't show any issues.
Could you provide more details how you configured and build the binary?
How exactly are you invoking it and what exactly is the complete output?
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 7+ messages in thread
* [Bug general/25838] eu-readelf crashes due to a general protection fault
2020-04-16 15:11 [Bug general/25838] New: eu-readelf crashes due to a general protection fault nguyenmanhdung1710 at gmail dot com
2020-04-18 0:02 ` [Bug general/25838] " mark at klomp dot org
@ 2020-04-18 7:40 ` nguyenmanhdung1710 at gmail dot com
2020-04-18 7:41 ` nguyenmanhdung1710 at gmail dot com
` (3 subsequent siblings)
5 siblings, 0 replies; 7+ messages in thread
From: nguyenmanhdung1710 at gmail dot com @ 2020-04-18 7:40 UTC (permalink / raw)
To: elfutils-devel
https://sourceware.org/bugzilla/show_bug.cgi?id=25838
--- Comment #2 from Manh-Dung Nguyen <nguyenmanhdung1710 at gmail dot com> ---
Created attachment 12479
--> https://sourceware.org/bugzilla/attachment.cgi?id=12479&action=edit
Valgrind's output
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 7+ messages in thread
* [Bug general/25838] eu-readelf crashes due to a general protection fault
2020-04-16 15:11 [Bug general/25838] New: eu-readelf crashes due to a general protection fault nguyenmanhdung1710 at gmail dot com
2020-04-18 0:02 ` [Bug general/25838] " mark at klomp dot org
2020-04-18 7:40 ` nguyenmanhdung1710 at gmail dot com
@ 2020-04-18 7:41 ` nguyenmanhdung1710 at gmail dot com
2020-06-06 16:01 ` mark at klomp dot org
` (2 subsequent siblings)
5 siblings, 0 replies; 7+ messages in thread
From: nguyenmanhdung1710 at gmail dot com @ 2020-04-18 7:41 UTC (permalink / raw)
To: elfutils-devel
https://sourceware.org/bugzilla/show_bug.cgi?id=25838
--- Comment #3 from Manh-Dung Nguyen <nguyenmanhdung1710 at gmail dot com> ---
Hi Mark,
I use Ubuntu 16.04 64 bit. I recompile elf-utils using gcc 5.5.0 and I cannot
reproduce the bug. However, compiling elf-utils using afl-gcc of AFL version
2.52b can trigger the bug (please see the attached log of Valgrind). Thus, I
think this bug is probably triggered due to a different compiler that I've
tested.
Best,
Manh Dung
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 7+ messages in thread
* [Bug general/25838] eu-readelf crashes due to a general protection fault
2020-04-16 15:11 [Bug general/25838] New: eu-readelf crashes due to a general protection fault nguyenmanhdung1710 at gmail dot com
` (2 preceding siblings ...)
2020-04-18 7:41 ` nguyenmanhdung1710 at gmail dot com
@ 2020-06-06 16:01 ` mark at klomp dot org
2020-06-08 8:24 ` nguyenmanhdung1710 at gmail dot com
2020-06-08 9:17 ` mark at klomp dot org
5 siblings, 0 replies; 7+ messages in thread
From: mark at klomp dot org @ 2020-06-06 16:01 UTC (permalink / raw)
To: elfutils-devel
https://sourceware.org/bugzilla/show_bug.cgi?id=25838
--- Comment #4 from Mark Wielaard <mark at klomp dot org> ---
Sorry, I cannot replicate even when building elfutils with CC=afl-gcc, with or
without AFL_HARDEN=1. Could you provide more information on how exactly you
configure, build and run.
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 7+ messages in thread
* [Bug general/25838] eu-readelf crashes due to a general protection fault
2020-04-16 15:11 [Bug general/25838] New: eu-readelf crashes due to a general protection fault nguyenmanhdung1710 at gmail dot com
` (3 preceding siblings ...)
2020-06-06 16:01 ` mark at klomp dot org
@ 2020-06-08 8:24 ` nguyenmanhdung1710 at gmail dot com
2020-06-08 9:17 ` mark at klomp dot org
5 siblings, 0 replies; 7+ messages in thread
From: nguyenmanhdung1710 at gmail dot com @ 2020-06-08 8:24 UTC (permalink / raw)
To: elfutils-devel
https://sourceware.org/bugzilla/show_bug.cgi?id=25838
--- Comment #5 from Manh-Dung Nguyen <nguyenmanhdung1710 at gmail dot com> ---
So I think you can savely close this issue if you cannot reproduce the bug on
your side. The root cause is probably due to my hardware specifics.
Thanks,
MD
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 7+ messages in thread
* [Bug general/25838] eu-readelf crashes due to a general protection fault
2020-04-16 15:11 [Bug general/25838] New: eu-readelf crashes due to a general protection fault nguyenmanhdung1710 at gmail dot com
` (4 preceding siblings ...)
2020-06-08 8:24 ` nguyenmanhdung1710 at gmail dot com
@ 2020-06-08 9:17 ` mark at klomp dot org
5 siblings, 0 replies; 7+ messages in thread
From: mark at klomp dot org @ 2020-06-08 9:17 UTC (permalink / raw)
To: elfutils-devel
https://sourceware.org/bugzilla/show_bug.cgi?id=25838
Mark Wielaard <mark at klomp dot org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|--- |WORKSFORME
Status|UNCONFIRMED |RESOLVED
--- Comment #6 from Mark Wielaard <mark at klomp dot org> ---
OK, closed for now. Thanks.
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2020-06-08 9:17 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-04-16 15:11 [Bug general/25838] New: eu-readelf crashes due to a general protection fault nguyenmanhdung1710 at gmail dot com
2020-04-18 0:02 ` [Bug general/25838] " mark at klomp dot org
2020-04-18 7:40 ` nguyenmanhdung1710 at gmail dot com
2020-04-18 7:41 ` nguyenmanhdung1710 at gmail dot com
2020-06-06 16:01 ` mark at klomp dot org
2020-06-08 8:24 ` nguyenmanhdung1710 at gmail dot com
2020-06-08 9:17 ` mark at klomp dot org
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).