Submit #497538: GNU elfutils/eu-strip 0.192 illegal read accessinfo

TitleGNU elfutils/eu-strip 0.192 illegal read access
Description**Description** A segv can occur in eu-strip when using the --reloc-debug-sections-only options with a specially crafted input file. This issue leads to illegal memory access. **Affected Version** GNU eu-strip 0.192 **Steps to Reproduce** Build elfutils 0.192 with AddressSanitizer (e.g., CFLAGS="-g -fsanitize=address" ./configure && make -j). Run the following command: ./elfutils-0.192/bins/bin/eu-strip --reloc-debug-sections-only /tmp/poc AddressSanitizer:DEADLYSIGNAL ================================================================= ==2777947==ERROR: AddressSanitizer: SEGV on unknown address 0x00000e000007 (pc 0x7f9816ea0d19 bp 0x7ffff0d10c10 sp 0x7ffff0d10bf0 T0) ==2777947==The signal is caused by a READ memory access. #0 0x7f9816ea0d18 in validate_str ./elfutils-0.192/libelf/elf_strptr.c:60 #1 0x7f9816ea153a in elf_strptr ./elfutils-0.192/libelf/elf_strptr.c:206 #2 0x5629e2496a4e in remove_debug_relocations ./elfutils-0.192/src/strip.c:593 #3 0x5629e2498e29 in handle_debug_relocs ./elfutils-0.192/src/strip.c:914 #4 0x5629e249a51b in handle_elf ./elfutils-0.192/src/strip.c:1142 #5 0x5629e2498461 in process_file ./elfutils-0.192/src/strip.c:799 #6 0x5629e2494ba5 in main ./elfutils-0.192/src/strip.c:269 #7 0x7f9815ffc082 in __libc_start_main ../csu/libc-start.c:308 #8 0x5629e249432d in _start (./elfutils-0.192/bins/bin/eu-strip+0x4632d) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV ./elfutils-0.192/libelf/elf_strptr.c:60 in validate_str ==2777947==ABORTING ** Env ** Distributor ID: Ubuntu Description: Ubuntu 20.04.6 LTS Release: 20.04 Codename: focal
Source⚠️ https://sourceware.org/bugzilla/show_bug.cgi?id=32672
User
 wenjusun (UID 80422)
Submission02/10/2025 02:17 PM (3 months ago)
Moderation02/16/2025 08:52 PM (6 days later)
StatusAccepted
VulDB Entry295984 [GNU elfutils 0.192 eu-strip /libelf/elf_strptr.c elf_strptr denial of service]
Points20

PreviousOverviewNext

Want to stay up to date on a daily basis?

Enable the mail alert feature now!