#443 segmentation fault in dump_phdr() of readelf.c

RELEASE_1_0
closed
Ed Maste
None
FIXED
readelf
2015-04-17
2014-03-10
antiAgainst
No

Based on r2983.

In summary, at line 2426 of readelf.c, phdr.p_offset can be an very large number, so rawfile + phdr.p_offset is accessing some invalid memory address. A test case is attached and the command is readelf -a readelf-4-194-A. gdb output below:

Program received signal SIGSEGV, Segmentation fault.
0x00002aaaaad1cf90 in _IO_vfprintf_internal (s=<optimized out>, format=<optimized out>, ap=ap@entry=0x7fffffffd2a8) at vfprintf.c:1655
1655    vfprintf.c: No such file or directory.

#0  0x00002aaaaad1cf90 in _IO_vfprintf_internal (s=<optimized out>, format=<optimized out>, ap=ap@entry=0x7fffffffd2a8) at vfprintf.c:1655
#1  0x00002aaaaad23ff9 in __printf (format=<optimized out>) at printf.c:34
#2  0x0000000000405508 in dump_phdr (re=0x7fffffffd4f0) at readelf.c:2425
#3  0x0000000000410b31 in dump_elf (re=0x7fffffffd4f0) at readelf.c:6204
#4  0x000000000041139a in dump_object (re=0x7fffffffd4f0) at readelf.c:6374
#5  0x00000000004123ea in main (argc=1, argv=0x7fffffffd6d8) at readelf.c:6841

p rawfile is 0x2aaaaaad2000 "\177ELF"; p /x phdr.p_offset is 0xffffffff.

1 Attachments

Discussion

  • Ed Maste

    Ed Maste - 2015-04-17
    • status: new --> closed
    • assigned_to: Ed Maste
    • Resolution: --> FIXED
     
  • Ed Maste

    Ed Maste - 2015-04-17
     

    Related

    Commit: [r3188]


Log in to post a comment.

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:





No, thanks