[Bug general/25838] New: eu-readelf crashes due to a general protection fault

[Bug general/25838] New: eu-readelf crashes due to a general protection fault

[nguyenmanhdung1710 at gmail dot com]

https://sourceware.org/bugzilla/show_bug.cgi?id=25838

            Bug ID: 25838
           Summary: eu-readelf crashes due to a general protection fault
           Product: elfutils
           Version: unspecified
            Status: UNCONFIRMED
          Severity: normal
          Priority: P2
         Component: general
          Assignee: unassigned at sourceware dot org
          Reporter: nguyenmanhdung1710 at gmail dot com
                CC: elfutils-devel at sourceware dot org
  Target Milestone: ---

Created attachment 12470
  --> https://sourceware.org/bugzilla/attachment.cgi?id=12470&action=edit
PoC

Hi,

A general protection fault was discovered in the latest commit 1a9fe4b of
elfutils 0.179, as demonstrated by eu-readelf, that can cause a denial of
service via a crafted file.

To reproduce: eu-readelf -a PoC

Valgrind says:
==3222== Process terminating with default action of signal 11 (SIGSEGV)
==3222==  General Protection Fault
==3222==    at 0x4124AB: handle_gnu_hash (readelf.c:3430)
==3222==    by 0x4124AB: handle_hash (readelf.c:3501)
==3222==    by 0x45EA8B: process_elf_file (readelf.c:1012)
==3222==    by 0x465129: process_dwflmod (readelf.c:790)
==3222==    by 0x4FCC888: dwfl_getmodules (dwfl_getmodules.c:86)
==3222==    by 0x4094D5: process_file (readelf.c:898)
==3222==    by 0x404D1E: main (readelf.c:372)

Thanks,
Manh Dung

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug general/25838] eu-readelf crashes due to a general protection fault

[mark at klomp dot org]

https://sourceware.org/bugzilla/show_bug.cgi?id=25838

Mark Wielaard <mark at klomp dot org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |mark at klomp dot org

--- Comment #1 from Mark Wielaard <mark at klomp dot org> ---
Sorry, I cannot replicate this on either x86_64 or i686.
Running the reproducer under valgrind doesn't show any issues.

Could you provide more details how you configured and build the binary?
How exactly are you invoking it and what exactly is the complete output?

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug general/25838] eu-readelf crashes due to a general protection fault

[nguyenmanhdung1710 at gmail dot com]

https://sourceware.org/bugzilla/show_bug.cgi?id=25838

--- Comment #2 from Manh-Dung Nguyen <nguyenmanhdung1710 at gmail dot com> ---
Created attachment 12479
  --> https://sourceware.org/bugzilla/attachment.cgi?id=12479&action=edit
Valgrind's output

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug general/25838] eu-readelf crashes due to a general protection fault

[nguyenmanhdung1710 at gmail dot com]

https://sourceware.org/bugzilla/show_bug.cgi?id=25838

--- Comment #3 from Manh-Dung Nguyen <nguyenmanhdung1710 at gmail dot com> ---
Hi Mark,

I use Ubuntu 16.04 64 bit. I recompile elf-utils using gcc 5.5.0 and I cannot
reproduce the bug. However, compiling elf-utils using afl-gcc of AFL version
2.52b can trigger the bug (please see the attached log of Valgrind). Thus, I
think this bug is probably triggered due to a different compiler that I've
tested.

Best,
Manh Dung

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug general/25838] eu-readelf crashes due to a general protection fault

[mark at klomp dot org]

https://sourceware.org/bugzilla/show_bug.cgi?id=25838

--- Comment #4 from Mark Wielaard <mark at klomp dot org> ---
Sorry, I cannot replicate even when building elfutils with CC=afl-gcc, with or
without AFL_HARDEN=1. Could you provide more information on how exactly you
configure, build and run.

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug general/25838] eu-readelf crashes due to a general protection fault

[nguyenmanhdung1710 at gmail dot com]

https://sourceware.org/bugzilla/show_bug.cgi?id=25838

--- Comment #5 from Manh-Dung Nguyen <nguyenmanhdung1710 at gmail dot com> ---
So I think you can savely close this issue if you cannot reproduce the bug on
your side. The root cause is probably due to my hardware specifics.

Thanks,
MD

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug general/25838] eu-readelf crashes due to a general protection fault

[mark at klomp dot org]

https://sourceware.org/bugzilla/show_bug.cgi?id=25838

Mark Wielaard <mark at klomp dot org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         Resolution|---                         |WORKSFORME
             Status|UNCONFIRMED                 |RESOLVED

--- Comment #6 from Mark Wielaard <mark at klomp dot org> ---
OK, closed for now. Thanks.

-- 
You are receiving this mail because:
You are on the CC list for the bug.