View Issue Details

IDProjectCategoryView StatusLast Update
0000409filegeneralpublic2015-03-13 23:59
Reporterhanno 
Assigned ToChristos Zoulas 
PrioritynormalSeverityminorReproducibilityalways
Status resolvedResolutionfixed 
PlatformLinuxOSLinuxOS Version
Product Version5.21 
Target VersionFixed in Version5.22 
Summary0000409: Malformed elf file causes access to uninitialized memory
DescriptionSome fuzzing turned up this: A malformed elf file that causes file (5.21) to access invalid memory. valgrind output:

==20943== Syscall param pread64(offset) contains uninitialised byte(s)
==20943== at 0x512EF53: __pread_nocancel (in /lib64/libc-2.20.so)
==20943== by 0x4E3ABE3: pread (unistd.h:83)
==20943== by 0x4E3ABE3: doshn.part.5 (readelf.c:945)
==20943== by 0x4E45EA8: doshn (readelf.c:930)
==20943== by 0x4E45EA8: file_tryelf (elfclass.h:67)
==20943== by 0x4E47CED: file_buffer (funcs.c:246)
==20943== by 0x4E3B944: file_or_fd (magic.c:475)
==20943== by 0x402309: process (file.c:491)
==20943== by 0x401790: main (file.c:364)
==20943==
==20943== Conditional jump or move depends on uninitialised value(s)
==20943== at 0x4C2E54C: strcmp (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==20943== by 0x4E3AC05: doshn.part.5 (readelf.c:950)
==20943== by 0x4E45EA8: doshn (readelf.c:930)
==20943== by 0x4E45EA8: file_tryelf (elfclass.h:67)
==20943== by 0x4E47CED: file_buffer (funcs.c:246)
==20943== by 0x4E3B944: file_or_fd (magic.c:475)
==20943== by 0x402309: process (file.c:491)
==20943== by 0x401790: main (file.c:364)
==20943==
TagsNo tags attached.

Relationships

Activities

hanno

hanno

2014-12-17 12:01

reporter  

Christos Zoulas

Christos Zoulas

2014-12-18 19:35

manager   ~0000821

file has been changed to bail out when pread() returns partial buffers. Does this fix it for you?
hanno

hanno

2014-12-19 11:21

reporter   ~0000823

looks good

Issue History

Date Modified Username Field Change
2014-12-17 12:01 hanno New Issue
2014-12-17 12:01 hanno File Added: id:000000,sig:06,src:000001,op:flip1,pos:2596
2014-12-18 19:35 Christos Zoulas Assigned To => Christos Zoulas
2014-12-18 19:35 Christos Zoulas Status new => assigned
2014-12-18 19:35 Christos Zoulas Note Added: 0000821
2014-12-18 19:35 Christos Zoulas Status assigned => feedback
2014-12-19 11:21 hanno Note Added: 0000823
2014-12-19 11:21 hanno Status feedback => assigned
2015-03-13 23:59 Christos Zoulas Status assigned => resolved
2015-03-13 23:59 Christos Zoulas Fixed in Version => 5.22
2015-03-13 23:59 Christos Zoulas Resolution open => fixed