Re: RE: strings /libbfd crash

[mancha <mancha1 () zoho com>]

On Mon, Nov 03, 2014 at 09:56:30PM +0100, Hanno Böck wrote:
> Am Tue, 04 Nov 2014 05:21:42 +1100 schrieb Joshua Rogers
> <oss () internot info>:
>
> > I'd like to expand on this:
> > http://openwall.com/lists/oss-security/2014/10/27/4 and mention that
> > 'ihex.c' is also vulnerable to the same thing, as they share the
> > same code.
> >
> > > :10010000214601360121470136007EFE09D2190140
> > > :100110002146017E17C0001FF5F16002148011928
> > > :10012000194E79234623965778239EDA3F01B2CAA7
> > > :100130003F0156702B5E712B722B732146013421C7 :00000001Ff
> >
> > is an example of code that will crash it.
>
> I can't reproduce that, I just get BFD: test1.ihex:2: unexpected
> character `s' in Intel Hex file
>
> Can you upload the raw file somewhereß

The printable chars are all that's needed. There appears to be a stack
overflow in ihex_scan() but you might need an intrumented binary to see
it.

--mancha

Attachment: _bin
Description: