#444 Divide by zero problem in dump_rel() of readelf.c

RELEASE_1_0
closed
Ed Maste
None
FIXED
readelf
2015-07-27
2014-03-10
antiAgainst
No

Based on r2983.

The problem is that at line 2862 of readelf.c, s->entsize is not checked against 0. So there could be a divide by zero fault. A test case is attached and command is readelf -a readelf-6-312-A. gdb output:

Program received signal SIGFPE, Arithmetic exception.
0x0000000000406a7b in dump_rel (re=0x7fffffffceb0, s=0x66f220, d=0x66f6b0) at readelf.c:2862
2862            len = d->d_size / s->entsize;

#0  0x0000000000406a7b in dump_rel (re=0x7fffffffceb0, s=0x66f220, d=0x66f6b0) at readelf.c:2862
#1  0x0000000000406fe1 in dump_reloc (re=0x7fffffffceb0) at readelf.c:2961
#2  0x0000000000410b83 in dump_elf (re=0x7fffffffceb0) at readelf.c:6210
#3  0x000000000041139a in dump_object (re=0x7fffffffceb0) at readelf.c:6374
#4  0x00000000004123ea in main (argc=1, argv=0x7fffffffd098) at readelf.c:6841
1 Attachments

Discussion

  • Ed Maste
    Ed Maste
    2015-07-27

    • status: new --> closed
    • assigned_to: Ed Maste
    • Resolution: --> FIXED
     
  • Ed Maste
    Ed Maste
    2015-07-27

    Fixed by [r3227]

     

    Related

    Commit: [r3227]