oss-sec mailing list archives

Fwd: out of bound write in libdwarf -20151114

From: Qixue Xiao <s2exqx () gmail com>
Date: Tue, 19 Jan 2016 20:48:10 +0800

we found  an out of bound write in libdwarf -20151114.

we run it with valgrind , the result as follows:

============================================
$ valgrind ./dwarfdump -ka aw.elf
==5358== Memcheck, a memory error detector
==5358== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al.
==5358== Using Valgrind-3.10.1 and LibVEX; rerun with -h for copyright info
==5358== Command: ../../llvm-codes/dwarf-20151114/dwarfdump/dwarfdump -ka aw.elf
==5358==
==5358== Invalid write of size 8
==5358==    at 0x40DA25: get_abbrev_array_info (in
/home/xqx/test/libdwarf-test/llvm-codes/dwarf-20151114/dwarfdump/dwarfdump)
==5358==    by 0x40FD92: print_one_die_section (in
/home/xqx/test/libdwarf-test/llvm-codes/dwarf-20151114/dwarfdump/dwarfdump)
==5358==    by 0x40ED22: print_infos (in
/home/xqx/test/libdwarf-test/llvm-codes/dwarf-20151114/dwarfdump/dwarfdump)
==5358==    by 0x4050DE: process_one_file (in
/home/xqx/test/libdwarf-test/llvm-codes/dwarf-20151114/dwarfdump/dwarfdump)
==5358==    by 0x403C1B: main (in
/home/xqx/test/libdwarf-test/llvm-codes/dwarf-20151114/dwarfdump/dwarfdump)
==5358==  Address 0x541fc00 is 18,352 bytes inside an unallocated
block of size 4,156,304 in arena "client"
==5358==

please see the attachment for the bug elf.

the vulnerability is found by Qixue Xiao at Tsinghua University.

Attachment: aw.elf
Description:

Current thread:

Fwd: out of bound write in libdwarf -20151114 Qixue Xiao (Jan 19)
- Re: Fwd: out of bound write in libdwarf -20151114 cve-assign (Jan 24)