#440 infinite output caused by dump_attributes() in readelf.c

RELEASE_1_0
new
nobody
None
readelf
2014-03-07
2014-03-07
antiAgainst
No

Still the following is based on r2983 and built on Ubuntu 13.10 with GCC 4.8.1.

In summary, at line 3961 of readelf.c, sublen may be zero and causes p pointing back to sp again and endlessly reading the same subsection. A small program is attached to reveal the bug. The command is readelf -a readelf-5-192. The following are gdb outputs when ctrl+c the infinite loop:

#0  dump_attributes (re=0x7fffffffd4f0) at readelf.c:3952
#1  0x000000000040a7e0 in dump_arch_specific_info (re=0x7fffffffd4f0) at readelf.c:4157
#2  0x0000000000410c43 in dump_elf (re=0x7fffffffd4f0) at readelf.c:6224
#3  0x000000000041139a in dump_object (re=0x7fffffffd4f0) at readelf.c:6374
#4  0x00000000004123ea in main (argc=1, argv=0x7fffffffd6d8) at readelf.c:6841

p sp is (uint8_t *) 0x2aaaaaad221a "\002" and p sublen is 0. Dump of the test program:

......
34 0000210: 4100 0000 00ff ffff ff00 0200 0000 0080  A...............
35 0000220: 0000 0000 0000 0000 0000 0000 0000 0000  ................
......

sp is at offset 0x21a. sublen is the next 4 bytes starting from offset 0x21b.

1 Attachments

Discussion