[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug in readelf
From: |
romain |
Subject: |
bug in readelf |
Date: |
Fri, 4 Jul 2003 02:58:29 +0200 |
Hello,
I found a little bug in readelf.
If i put a big or negative value to the sh_size of the section .shtrtab,
readelf segfault when it try to read
the section headers.
$ cp /bin/ls ./
With hexedit i put 0xFFFFFFFF to the sh_size of the section .shtrtab.
$ hexedit ./ls
$ readelf -S ./ls
There are 26 section headers, starting at offset 0x10444:
readelf: Error: Out of memory allocating -1 bytes for string table
Erreur de segmentation
$
The malloc in get_data return the error and the error message:
0x804bedb <get_data+187>: call 0x8048aac <malloc>
0x804bee0 <get_data+192>: test eax,eax
0x804bee2 <get_data+194>: mov ebx,eax
0x804bee4 <get_data+196>: jne 0x804be73 <get_data+83>
0x804bee6 <get_data+198>: mov DWORD PTR [esp+8],0x5
0x804beee <get_data+206>: mov DWORD PTR [esp+4],0x806f900
0x804bef6 <get_data+214>: mov DWORD PTR [esp],0x0
0x804befd <get_data+221>: call 0x8048a4c <dcgettext>
0x804bf02 <get_data+226>: mov edx,DWORD PTR [ebp+24]
0x804bf05 <get_data+229>: mov DWORD PTR [esp+4],esi
0x804bf09 <get_data+233>: mov DWORD PTR [esp+8],edx
0x804bf0d <get_data+237>: mov DWORD PTR [esp],eax
0x804bf10 <get_data+240>: call 0x804bd40 <error>
But the segfault apen later:
0x8052961 <process_section_headers+2337>: repz cmps ds:[esi],es:[edi]
I'am sorry for my realy poor english :(
good bye.
Romain...
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- bug in readelf,
romain <=