bug in readelf

bug-gnu-utils

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug in readelf

From:	romain
Subject:	bug in readelf
Date:	Fri, 4 Jul 2003 02:58:29 +0200

Hello,
I found a little bug in readelf.

If i put a big or negative value to the sh_size of the section .shtrtab, 
readelf segfault when it try to read 
the section headers.


$ cp /bin/ls ./


With hexedit i put 0xFFFFFFFF to the sh_size of the section .shtrtab.

$ hexedit ./ls


$ readelf -S ./ls
There are 26 section headers, starting at offset 0x10444:
readelf: Error: Out of memory allocating -1 bytes for string table
Erreur de segmentation
$



The malloc in get_data return the error and the error message:

0x804bedb <get_data+187>:       call   0x8048aac <malloc>
0x804bee0 <get_data+192>:       test   eax,eax
0x804bee2 <get_data+194>:       mov    ebx,eax
0x804bee4 <get_data+196>:       jne    0x804be73 <get_data+83>
0x804bee6 <get_data+198>:       mov    DWORD PTR [esp+8],0x5
0x804beee <get_data+206>:       mov    DWORD PTR [esp+4],0x806f900
0x804bef6 <get_data+214>:       mov    DWORD PTR [esp],0x0
0x804befd <get_data+221>:       call   0x8048a4c <dcgettext>
0x804bf02 <get_data+226>:       mov    edx,DWORD PTR [ebp+24]
0x804bf05 <get_data+229>:       mov    DWORD PTR [esp+4],esi
0x804bf09 <get_data+233>:       mov    DWORD PTR [esp+8],edx
0x804bf0d <get_data+237>:       mov    DWORD PTR [esp],eax
0x804bf10 <get_data+240>:       call   0x804bd40 <error>




But the segfault apen later:

0x8052961 <process_section_headers+2337>:       repz cmps ds:[esi],es:[edi]




I'am sorry for my realy poor english :(


good bye.



Romain...

[Prev in Thread]

Current Thread

[Next in Thread]

bug in readelf, romain <=

Prev by Date: Mail delivery failed: returning message to sender
Next by Date: Returned mail--"mailing of error messages to document owners."
Previous by thread: problems with 0.12.1
Next by thread: Returned mail--"mailing of error messages to document owners."
Index(es):
- Date
- Thread