touch-packages team mailing list archive
-
touch-packages team
-
Mailing list archive
-
Message #93521
[Bug 1476790] Re: SIGSEGV in elf.c
After reading through the "strings / libbfd crasher
" thread (part of which can be found here: http://openwall.com/lists/oss-security/2014/10/23/4), a CVE was not assigned to this issue.
I don't see how it could be anything more than a simple crasher and I
don't believe it to be a real security concern. We will fix this in a
future Ubuntu release but won't likely fix it in stable releases unless
the impact is determined to be more severe.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to binutils in Ubuntu.
https://bugs.launchpad.net/bugs/1476790
Title:
SIGSEGV in elf.c
Status in binutils package in Ubuntu:
Triaged
Bug description:
-=Binary=-
size
-=Package=-
binutils 2.25-10ubuntu1
-=Title=-
Program received signal SIGSEGV, Segmentation fault.
-=Input file=-
root@exploitdev-wily:~/Desktop/Reported crashes/size# xxd size-SIGSEGV
00000000: 7f45 4c46 0101 0130 3030 3030 3030 3030 .ELF...000000000
00000010: 3030 3030 3030 3030 3030 3030 3030 3030 0000000000000000
00000020: 4000 0000 3030 3030 3030 3030 0000 3030 @...00000000..00
00000030: 0000 0400 3030 3030 3030 3030 3030 3030 ....000000000000
00000040: 3030 3030 3030 3030 3030 3030 3030 3030 0000000000000000
00000050: 3030 3030 0700 0000 3030 3030 3030 3030 0000....00000000
00000060: 3030 3030 3030 3030 3000 0000 3030 3030 000000000...0000
00000070: 3030 3030 3030 3030 3030 3030 3030 3030 0000000000000000
00000080: 0000 0000 3030 3030 3030 3030 3030 3030 ....000000000000
00000090: 3000 0000 3030 3030 3030 3030 3030 3030 0...000000000000
000000a0: 3030 3030 3030 3030 0000 0000 3030 3030 00000000....0000
000000b0: 3030 3030 3030 3030 3000 0000 3030 3030 000000000...0000
000000c0: 3030 3030 3030 3030 3030 3030 3030 3030 0000000000000000
000000d0: 0000 0000 3030 3030 3030 3030 3030 3030 ....000000000000
000000e0: 3000 0000 1100 0000 3030 3030 3030 3030 0.......00000000
000000f0: 0002 0000 3019 0000 0000 0000 3030 3030 ....0.......0000
00000100: 3030 3030 0400 0000 3030 3030 3030 3030 0000....00000000
00000110: 3030 3030 3030 3030 3030 3030 3030 3030 0000000000000000
00000120: 0000 0000 3030 3030 3030 3030 3030 3030 ....000000000000
00000130: 3030 3030 3030 3030 3030 3030 3030 3030 0000000000000000
00000140: 3030 3030 3030 3030 0000 0000 3030 3030 00000000....0000
00000150: 3030 3030 3030 3030 3030 3030 3030 3030 0000000000000000
....
....
....
00001b00: 3030 3030 3030 3030 3130 3030 3030 3030 0000000010000000
00001b10: 3030 3030 3030 3030 3030 3030 3030 3030 0000000000000000
00001b20: 3030 3030 3030 3030 3030 3030 efbe adde 000000000000....
-=happens here=-
bfd_section_from_shdr (abfd=0x811a9f0, shindex=4) at elf.c:2030
2030 && (s = idx->shdr->bfd_section) != NULL
-=stacktrace=-
(gdb) backtrace
#0 bfd_section_from_shdr (abfd=0x811a9f0, shindex=4) at elf.c:2030
#1 0x08070b39 in bfd_elf32_object_p (abfd=0x811a9f0) at elfcode.h:800
#2 0x08055742 in bfd_check_format_matches (abfd=0x811a9f0, format=bfd_object, matching=0xbffff338) at format.c:305
#3 0x0804a8f0 in display_bfd (abfd=abfd@entry=0x811a9f0) at size.c:302
#4 0x0804aaaf in display_file (filename=0xbffff5d2 "size-SIGSEGV") at size.c:398
#5 0x08049fd4 in main (argc=2, argv=0xbffff434) at size.c:239
-=registers=-
(gdb) i r
eax 0x64b 1611
ecx 0x811d5a8 135386536
edx 0xdeadbeef -559038737 <===== CONTROL OVER EDX .. LAST 4 BYTES OF INPUT FILE
ebx 0x811a9f0 135375344
esp 0xbffff130 0xbffff130
ebp 0x811b4c8 0x811b4c8
esi 0x811cc48 135384136
edi 0x811d5d8 135386584
eip 0x807f268 0x807f268 <bfd_section_from_shdr+2920>
eflags 0x10282 [ SF IF RF ]
cs 0x73 115
ss 0x7b 123
ds 0x7b 123
es 0x7b 123
fs 0x0 0
gs 0x33 51
(gdb)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1476790/+subscriptions
