[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Tue, 19 Jan 2016 20:48:10 +0800
From: Qixue Xiao <s2exqx@...il.com>
To: oss-security@...ts.openwall.com, cve-assign@...re.org
Subject: Fwd: out of bound write in libdwarf -20151114
we found an out of bound write in libdwarf -20151114.
we run it with valgrind , the result as follows:
============================================
$ valgrind ./dwarfdump -ka aw.elf
==5358== Memcheck, a memory error detector
==5358== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al.
==5358== Using Valgrind-3.10.1 and LibVEX; rerun with -h for copyright info
==5358== Command: ../../llvm-codes/dwarf-20151114/dwarfdump/dwarfdump -ka aw.elf
==5358==
==5358== Invalid write of size 8
==5358== at 0x40DA25: get_abbrev_array_info (in
/home/xqx/test/libdwarf-test/llvm-codes/dwarf-20151114/dwarfdump/dwarfdump)
==5358== by 0x40FD92: print_one_die_section (in
/home/xqx/test/libdwarf-test/llvm-codes/dwarf-20151114/dwarfdump/dwarfdump)
==5358== by 0x40ED22: print_infos (in
/home/xqx/test/libdwarf-test/llvm-codes/dwarf-20151114/dwarfdump/dwarfdump)
==5358== by 0x4050DE: process_one_file (in
/home/xqx/test/libdwarf-test/llvm-codes/dwarf-20151114/dwarfdump/dwarfdump)
==5358== by 0x403C1B: main (in
/home/xqx/test/libdwarf-test/llvm-codes/dwarf-20151114/dwarfdump/dwarfdump)
==5358== Address 0x541fc00 is 18,352 bytes inside an unallocated
block of size 4,156,304 in arena "client"
==5358==
please see the attachment for the bug elf.
the vulnerability is found by Qixue Xiao at Tsinghua University.
Download attachment "aw.elf" of type "application/octet-stream" (7875 bytes)
Powered by blists - more mailing lists
Please check out the
Open Source Software Security Wiki, which is counterpart to this
mailing list.
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.
