We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
A invalid memory access issue was found in radare2 elf.c on 32bit linux when handling crafted efl file.
Build information:
ctf@ubuntu:/home/g$ /home/g/radare2/bin/radare2 -v radare2 2.1.0-git 16386 @ linux-x86-32 git.2.0.1-93-gcd8e103 commit: cd8e1037cd530560dfecdde224b5b0d0fafae31d build: 2017-10-24__20:30:19
Backtrace:
ctf@ubuntu:~/fuzz/radare2$ gdb -q /home/g/radare2/bin/radare2 Reading symbols from /home/g/radare2/bin/radare2...done. (gdb) r ./poc-radare2-invalid-memory-access-elf-758 Starting program: /home/g/radare2/bin/radare2 ./poc-radare2-invalid-memory-access-elf-758 [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/i386-linux-gnu/libthread_db.so.1". Warning: Cannot initialize program headers Warning: Cannot initialize strings table Warning: Cannot initialize dynamic strings Warning: Cannot initialize dynamic section Program received signal SIGSEGV, Segmentation fault. store_versioninfo_gnu_verdef (sz=<optimized out>, shdr=0x80154d08, bin=<optimized out>) at /home/ctf/source/radare2/libr/..//libr/bin/p/../format/elf/elf.c:758 758 aux.vda_name = READ32 (vstart, j) (gdb) bt #0 store_versioninfo_gnu_verdef (sz=<optimized out>, shdr=0x80154d08, bin=<optimized out>) at /home/ctf/source/radare2/libr/..//libr/bin/p/../format/elf/elf.c:758 #1 store_versioninfo (bin=0x8012bb60) at /home/ctf/source/radare2/libr/..//libr/bin/p/../format/elf/elf.c:991 #2 elf_init (bin=<optimized out>) at /home/ctf/source/radare2/libr/..//libr/bin/p/../format/elf/elf.c:1092 #3 0xb78b8f33 in Elf64_r_bin_elf_new_buf (buf=0x8012bb28, verbose=true) at /home/ctf/source/radare2/libr/..//libr/bin/p/../format/elf/elf.c:3073 #4 0xb788596b in load_bytes (arch=0x8012b7d8, buf=0x8013de10 "\177ELF\002\001\001", sz=10368, loadaddr=0, sdb=0x80140698) at /home/ctf/source/radare2/libr/..//libr/bin/p/bin_elf.c:53 #5 0xb77e29f7 in r_bin_object_new (binfile=binfile@entry=0x8012b7d8, plugin=plugin@entry=0x800c6190, baseaddr=18446744073709551615, loadaddr=0, offset=0, sz=10368) at bin.c:1335 #6 0xb77e4d76 in r_bin_file_new_from_bytes (xtrname=0x0, steal_ptr=true, offset=0, pluginname=0x0, fd=3, loadaddr=0, baseaddr=18446744073709551615, rawstr=<optimized out>, file_sz=10368, sz=10368, bytes=0x8013de10 "\177ELF\002\001\001", file=0x8012b668 "./poc-radare2-invalid-memory-access-elf-758", bin=<optimized out>) at bin.c:1562 #7 r_bin_load_io_at_offset_as_sz (bin=0x800c1968, fd=3, baseaddr=18446744073709551615, loadaddr=0, xtr_idx=0, offset=0, name=0x0, sz=10368) at bin.c:1113 #8 0xb77e5e77 in r_bin_load_io_at_offset_as (bin=0x800c1968, fd=3, baseaddr=18446744073709551615, loadaddr=0, xtr_idx=0, offset=0, name=0x0) at bin.c:1127 #9 0xb77e68a2 in r_bin_load_io (bin=0x800c1968, fd=3, baseaddr=18446744073709551615, loadaddr=0, xtr_idx=0) at bin.c:1020 #10 0xb7d940e6 in r_core_file_do_load_for_io_plugin (loadaddr=0, baseaddr=18446744073709551615, r=0x8000a2e0 <r>) at file.c:406 #11 r_core_bin_load (r=0x8000a2e0 <r>, filenameuri=0x8012b668 "./poc-radare2-invalid-memory-access-elf-758", baddr=18446744073709551615) at file.c:563 #12 0x80005098 in main (argc=2, argv=0xbffff6a4, envp=0xbffff6b0) at radare2.c:1007 (gdb) print vstart $1 = 0x3f3c56e6 <error: Cannot access memory at address 0x3f3c56e6> (gdb) print j $2 = 0 (gdb)
My enviroment:
ctf@ubuntu:/home/g$ uname -a Linux ubuntu 4.8.0-59-generic #64-Ubuntu SMP Thu Jun 29 19:37:59 UTC 2017 i686 i686 i686 GNU/Linux ctf@ubuntu:/home/g$ cat /etc/*lease DISTRIB_ID=Ubuntu DISTRIB_RELEASE=16.10 DISTRIB_CODENAME=yakkety DISTRIB_DESCRIPTION="Ubuntu 16.10" NAME="Ubuntu Kylin" VERSION="16.10 (Yakkety Yak)" ID=ubuntu ID_LIKE=debian PRETTY_NAME="Ubuntu Kylin 16.10" VERSION_ID="16.10" HOME_URL="http://www.ubuntu.com/" SUPPORT_URL="http://help.ubuntu.com/" BUG_REPORT_URL="http://bugs.launchpad.net/ubuntu/" PRIVACY_POLICY_URL="http://www.ubuntu.com/legal/terms-and-policies/privacy-policy" VERSION_CODENAME=yakkety UBUNTU_CODENAME=yakkety ctf@ubuntu:/home/g$
A POC file has been attached to reproduce this issue. poc-radare2-invalid-memory-access-elf-758.zip
The text was updated successfully, but these errors were encountered:
44ded3f
No branches or pull requests
A invalid memory access issue was found in radare2 elf.c on 32bit linux when handling crafted efl file.
Build information:
Backtrace:
My enviroment:
A POC file has been attached to reproduce this issue.
poc-radare2-invalid-memory-access-elf-758.zip
The text was updated successfully, but these errors were encountered: