[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Bug binutils/21343] New: readelf: heap-based buffer overflow in byte_ge
From: |
ago at gentoo dot org |
Subject: |
[Bug binutils/21343] New: readelf: heap-based buffer overflow in byte_get_little_endian (elfcomm.c) |
Date: |
Sat, 01 Apr 2017 19:01:33 +0000 |
https://sourceware.org/bugzilla/show_bug.cgi?id=21343
Bug ID: 21343
Summary: readelf: heap-based buffer overflow in
byte_get_little_endian (elfcomm.c)
Product: binutils
Version: 2.28
Status: UNCONFIRMED
Severity: normal
Priority: P2
Component: binutils
Assignee: unassigned at sourceware dot org
Reporter: ago at gentoo dot org
Target Milestone: ---
Hello,
on binutils 2.28, compiled with clang-4:
# readelf -a $FILE
==20283==ERROR: AddressSanitizer: heap-buffer-overflow on address
0x602000000053 at pc 0x00000064c022 bp 0x7ffdc9b780d0 sp 0x7ffdc9b780c8
READ of size 1 at 0x602000000053 thread T0
#0 0x64c021 in byte_get_little_endian
/tmp/portage/sys-devel/binutils-2.28/work/binutils-2.28/binutils/elfcomm.c:150:26
Reproducer:
https://github.com/asarubbo/poc/blob/master/00257-binutils-readelf-heapoverflow-byte_get_little_endian
FTR: This bug is confirmed on master.
--
You are receiving this mail because:
You are on the CC list for the bug.
- [Bug binutils/21343] New: readelf: heap-based buffer overflow in byte_get_little_endian (elfcomm.c),
ago at gentoo dot org <=