[ELF fuzzing] S command #2883

zonkzonk · 2015-07-03T19:52:25Z

morrn,

using Melkor fuzzer:
debian 32bit
e5bd85e
report: http://sprunge.us/FFFh
orc:

zlul@debian:~/src/Melkor_ELF_Fuzzer/orcs_seek-255$ gdb -q r2 core
Reading symbols from /usr/bin/r2...done.
[New LWP 9530]

warning: Can't read pathname for load map: Input/output error.
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/i386-linux-gnu/i686/cmov/libthread_db.so.1".
Core was generated by `r2 -q S orc_0919'.
Program terminated with signal 11, Segmentation fault.
#0  __memset_sse2 () at ../sysdeps/i386/i686/multiarch/memset-sse2.S:365
365     ../sysdeps/i386/i686/multiarch/memset-sse2.S: No such file or directory.
(gdb) bt
#0  __memset_sse2 () at ../sysdeps/i386/i686/multiarch/memset-sse2.S:365
#1  0xb7588231 in Elf32_r_bin_elf_init_strtab (bin=0x9eced18)
    at /home/zlul/gc/radare2/libr/..//libr/bin/p/../format/elf/elf.c:199
#2  0xb7588903 in Elf32_r_bin_elf_init (bin=0x9eced18)
    at /home/zlul/gc/radare2/libr/..//libr/bin/p/../format/elf/elf.c:335
#3  0xb758dc2c in Elf32_r_bin_elf_new_buf (buf=0x9ecd570)
    at /home/zlul/gc/radare2/libr/..//libr/bin/p/../format/elf/elf.c:1712
#4  0xb7584880 in load_bytes (arch=0x9ec8758,
    buf=0x9ec87e0 "\177ELF\001\001\001", sz=6012, loadaddr=0, sdb=0x9ec9f90)
    at /home/zlul/gc/radare2/libr/..//libr/bin/p/bin_elf.c:44
#5  0xb756fd9e in r_bin_object_new (binfile=0x9ec8758, plugin=0x9e8fb98,
    baseaddr=0, loadaddr=0, offset=0, sz=6012) at bin.c:913
#6  0xb7570573 in r_bin_file_new_from_bytes (bin=0x9e8bbb8,
    file=0x9ec6f28 "orc_0919", bytes=0x9ec6fd8 "\177ELF\001\001\001", sz=6012,
    file_sz=6012, rawstr=0, baseaddr=0, loadaddr=0, fd=6, pluginname=0x0,
    xtrname=0x0, offset=0) at bin.c:1058
#7  0xb756f11a in r_bin_load_io_at_offset_as_sz (bin=0x9e8bbb8,
    desc=0x9ecf838, baseaddr=0, loadaddr=0, xtr_idx=0, offset=0, name=0x0,
    sz=6012) at bin.c:646
#8  0xb756f21c in r_bin_load_io_at_offset_as (bin=0x9e8bbb8, desc=0x9ecf838,
    baseaddr=0, loadaddr=0, xtr_idx=0, offset=0, name=0x0) at bin.c:668
#9  0xb756eb42 in r_bin_load_io (bin=0x9e8bbb8, desc=0x9ecf838, baseaddr=0,
    loadaddr=0, xtr_idx=0) at bin.c:548
---Type <return> to continue, or q <return> to quit---
#10 0xb76dbee8 in r_core_file_do_load_for_io_plugin (r=0x804f680, baseaddr=0,
    loadaddr=0) at file.c:350
#11 0xb76dc305 in r_core_bin_load (r=0x804f680,
    filenameuri=0x9ec6f28 "orc_0919", baddr=0) at file.c:487
#12 0x0804beed in main (argc=4, argv=0xbffe9724, envp=0xbffe9738)
    at radare2.c:584
(gdb) i r
eax            0x0  0
ecx            0xfff3ffff   -786433
edx            0x9efaff0    166703088
ebx            0xa1200  659968
esp            0xbffe8bc8   0xbffe8bc8
ebp            0xbffe8c88   0xbffe8c88
esi            0x9ec87e0    166496224
edi            0x0  0
eip            0xb67667f8   0xb67667f8 <__memset_sse2+600>
eflags         0x210206 [ PF IF RF ID ]
cs             0x73 115
ss             0x7b 123
ds             0x7b 123
es             0x7b 123
fs             0x0  0
gs             0x33 51

Greetings
--zlul

The text was updated successfully, but these errors were encountered:

zonkzonk · 2015-07-03T19:58:32Z

(gdb) f 1
#1 0xb7588231 in Elf32_r_bin_elf_init_strtab (bin=0x9eced18)
at /home/zlul/gc/radare2/libr/..//libr/bin/p/../format/elf/elf.c:199
199 memset (bin->shstrtab, 0, bin->shstrtab_size);
(gdb) p bin->shstrtab
$1 = 0x9edc270 ""
(gdb) p bin->shstrtab_size
$2 = 4294967295

alvarofe self-assigned this Jul 5, 2015

alvarofe added a commit to alvarofe/radare2 that referenced this issue Jul 5, 2015

Fix radareorg#2883

8fbeb3a

alvarofe closed this as completed in 9dd078d Jul 5, 2015

radare unassigned alvarofe Sep 18, 2019

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[ELF fuzzing] S command #2883

[ELF fuzzing] S command #2883

zonkzonk commented Jul 3, 2015

zonkzonk commented Jul 3, 2015

[ELF fuzzing] S command #2883

[ELF fuzzing] S command #2883

Comments

zonkzonk commented Jul 3, 2015

zonkzonk commented Jul 3, 2015