You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
/data/openeuler/elfutils/elfutils-0.189/obj/bin/eu-readelf -a /data/openeuler/elfutils/elfutils-0.189/obj/out/default/crashes/id:000035,sig:04,src:002105+001516,time:191236049,execs:11073694,op:splice,rep:4
[AFL++ 4547ba12d0d6] /data/openeuler/elfutils/elfutils-0.189 # /data/openeuler/elfutils/elfutils-0.189/obj/bin/eu-readelf -a /data/openeuler/elfutils/elfutils-0.189/obj/out/default/crashes/id:000035,sig:04,src:002105+001516,time:191236049,execs:11073694,op:splice,rep:4
ELF Header:
Magic: 7f 45 4c 46 02 01 01 00 00 00 00 00 00 00 00 00
Class: ELF64
Data: 2's complement, little endian
Ident Version: 1 (current)
OS/ABI: UNIX - System V
ABI Version: 0
Type: DYN (Shared object file)
Machine: PowerPC64
Version: 0 (???)
Entry point address: 0x2e0
Start of program headers: 28 (bytes into file)
Start of section headers: 28 (bytes into file)
Flags: 0x1
Size of this header: 0 (bytes)
Size of program header entries: 0 (bytes)
Number of program headers entries: 1
Size of section header entries: 0 (bytes)
Number of section headers entries: 4
Section header string table index: 0
Section Headers:
[Nr] Name Type Addr Off Size ES Flags Lk Inf Al
[ 0] <corrupt> <unknown>: 28 0000000100000000 100000000 2a000000004 267386880 0 672 8982454337536
[ 1] <corrupt> GNU_verdef 107f000000000000 00000000 00000000 578721382704613384 0 -2147483648 0
[ 2] <corrupt> <unknown>: 1279622912 3e00030000faaaaa 2464c457f000100 00000101 1107296256 AXINE 50331648 -100651520 18073222381567
[ 3] <corrupt> <unknown>: 1179403647 3e00030000000000 6f4f4c457f000100 00000010 549760139264 WN 196608 -393170 70598524927
Program Headers:
Type Offset VirtAddr PhysAddr FileSiz MemSiz Flg Align
NULL 0x1c00000000 0x0000000100000000 0x0000000100000000 0x2a000000004 0x2a000000000 R 0x82b64000000
Section to Segment mapping:
Segment Sections...
00
Version definition section [ 1] '(null)' contains -2147483648 entries:
Addr: 0x107f000000000000 Offset: 00000000 Link to section: [ 0] '(null)'
Illegal instruction
[AFL++ 4547ba12d0d6] /data/openeuler/elfutils/elfutils-0.189 #
GDB info
gdb /data/openeuler/elfutils/elfutils-0.189/obj/bin/eu-readelf`
run -a /data/openeuler/elfutils/elfutils-0.189/obj/out/default/crashes/id:000035,sig:04,src:002105+001516,time:191236049,execs:11073694,op:splice,rep:4
results:
Reading symbols from /data/openeuler/elfutils/elfutils-0.189/obj/bin/eu-readelf...
(gdb) run -a /data/openeuler/elfutils/elfutils-0.189/obj/out/default/crashes/id:000035,sig:04,src:002105+001516,time:191236049,execs:11073694,op:splice,rep:4
Starting program: /data/openeuler/elfutils/elfutils-0.189/obj/bin/eu-readelf -a /data/openeuler/elfutils/elfutils-0.189/obj/out/default/crashes/id:000035,sig:04,src:002105+001516,time:191236049,execs:11073694,op:splice,rep:4
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
ELF Header:
Magic: 7f 45 4c 46 02 01 01 00 00 00 00 00 00 00 00 00
Class: ELF64
Data: 2's complement, little endian
Ident Version: 1 (current)
OS/ABI: UNIX - System V
ABI Version: 0
Type: DYN (Shared object file)
Machine: PowerPC64
Version: 0 (???)
Entry point address: 0x2e0
Start of program headers: 28 (bytes into file)
Start of section headers: 28 (bytes into file)
Flags: 0x1
Size of this header: 0 (bytes)
Size of program header entries: 0 (bytes)
Number of program headers entries: 1
Size of section header entries: 0 (bytes)
Number of section headers entries: 4
Section header string table index: 0
Section Headers:
[Nr] Name Type Addr Off Size ES Flags Lk Inf Al
[ 0] <corrupt> <unknown>: 28 0000000100000000 100000000 2a000000004 267386880 0 672 8982454337536
[ 1] <corrupt> GNU_verdef 107f000000000000 00000000 00000000 578721382704613384 0 -2147483648 0
[ 2] <corrupt> <unknown>: 1279622912 3e00030000faaaaa 2464c457f000100 00000101 1107296256 AXINE 50331648 -100651520 18073222381567
[ 3] <corrupt> <unknown>: 1179403647 3e00030000000000 6f4f4c457f000100 00000010 549760139264 WN 196608 -393170 70598524927
Program Headers:
Type Offset VirtAddr PhysAddr FileSiz MemSiz Flg Align
NULL 0x1c00000000 0x0000000100000000 0x0000000100000000 0x2a000000004 0x2a000000000 R 0x82b64000000
Section to Segment mapping:
Segment Sections...
00
Version definition section [ 1] '(null)' contains -2147483648 entries:
Addr: 0x107f000000000000 Offset: 00000000 Link to section: [ 0] '(null)'
Program received signal SIGILL, Illegal instruction.
0x00005555557c90a1 in handle_verdef (ebl=0x614000000840, scn=0x619000000728, shdr=<optimized out>) at readelf.c:2908
2908 for (int cnt = shdr->sh_info; --cnt >= 0; )
(gdb) bt
#0 0x00005555557c90a1 in handle_verdef (ebl=0x614000000840, scn=0x619000000728, shdr=<optimized out>) at readelf.c:2908
#1 print_verinfo (ebl=0x614000000840) at readelf.c:2756
#2 process_elf_file (dwflmod=0x614000000640, fd=<optimized out>) at readelf.c:1044
#3 0x00005555557b0c8d in process_dwflmod (dwflmod=<optimized out>, userdata=<optimized out>, name=<optimized out>, base=<optimized out>, arg=0x7fffffffde90) at readelf.c:818
#4 0x00007ffff7f727c1 in dwfl_getmodules () from /lib/x86_64-linux-gnu/libdw.so.1
#5 0x00005555557aecb5 in process_file (fd=3, fname=<optimized out>, only_one=<optimized out>) at readelf.c:926
#6 0x00005555557adfd6 in main (argc=<optimized out>, argv=<optimized out>) at readelf.c:395
(gdb)
Operating system
[AFL++ 4547ba12d0d6] /data/openeuler/elfutils/elfutils-0.189 # uname -a
Linux 4547ba12d0d6 5.15.0-91-generic #101-Ubuntu SMP Tue Nov 14 13:30:08 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux
[AFL++ 4547ba12d0d6] /data/openeuler/elfutils/elfutils-0.189 # cc --version
cc (Ubuntu 11.4.0-1ubuntu1~22.04) 11.4.0
Copyright (C) 2021 Free Software Foundation, Inc.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
[AFL++ 4547ba12d0d6] /data/openeuler/elfutils/elfutils-0.189 #
Expected behavior and actual behavior.
https://github.com/schsiung/fuzzer_issues/blob/main/elfutils-0.189/elfutils-0.189_POCs.tar.gz
Expect running without
Null Pointer deference.Steps to reproduce the problem.
/data/openeuler/elfutils/elfutils-0.189/obj/bin/eu-readelf -a /data/openeuler/elfutils/elfutils-0.189/obj/out/default/crashes/id:000035,sig:04,src:002105+001516,time:191236049,execs:11073694,op:splice,rep:4results:
Operating system
version
elfutils-0.189
From:
schsiung@qq.com
xiongshengchao@jyhlab.org.cn
The text was updated successfully, but these errors were encountered: