ELF Tool Chain / Tickets / #443 segmentation fault in dump

#443 segmentation fault in dump_phdr() of readelf.c

Milestone: RELEASE_1_0

Status: closed

Owner: Ed Maste

Labels: None

Resolution: FIXED

Component: readelf

Priority:

Version:

Type:

Updated: 2015-04-17

Created: 2014-03-10

Creator: antiAgainst

Private: No

Based on r2983.

In summary, at line 2426 of readelf.c, phdr.p_offset can be an very large number, so rawfile + phdr.p_offset is accessing some invalid memory address. A test case is attached and the command is readelf -a readelf-4-194-A. gdb output below:

Program received signal SIGSEGV, Segmentation fault.
0x00002aaaaad1cf90 in _IO_vfprintf_internal (s=<optimized out>, format=<optimized out>, ap=ap@entry=0x7fffffffd2a8) at vfprintf.c:1655
1655    vfprintf.c: No such file or directory.

#0  0x00002aaaaad1cf90 in _IO_vfprintf_internal (s=<optimized out>, format=<optimized out>, ap=ap@entry=0x7fffffffd2a8) at vfprintf.c:1655
#1  0x00002aaaaad23ff9 in __printf (format=<optimized out>) at printf.c:34
#2  0x0000000000405508 in dump_phdr (re=0x7fffffffd4f0) at readelf.c:2425
#3  0x0000000000410b31 in dump_elf (re=0x7fffffffd4f0) at readelf.c:6204
#4  0x000000000041139a in dump_object (re=0x7fffffffd4f0) at readelf.c:6374
#5  0x00000000004123ea in main (argc=1, argv=0x7fffffffd6d8) at readelf.c:6841

p rawfile is 0x2aaaaaad2000 "\177ELF"; p /x phdr.p_offset is 0xffffffff.

1 Attachments

readelf-4-194-A

Discussion

Ed Maste - 2015-04-17

status: new --> closed

assigned_to: Ed Maste

Resolution: --> FIXED
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Ed Maste - 2015-04-17

[r3188]

Related

Commit: [r3188]

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

segmentation fault in dump_phdr() of readelf.c

BSD licensed ELF toolchain

Milestone

Searches

Help

#443 segmentation fault in dump_phdr() of readelf.c

Discussion

Related