1. 04 Oct, 2017 8 commits
    • alvaro's avatar
      Add crashes files · 5454dcb7
      alvaro authored
      5454dcb7
    • alvaro's avatar
      Fix more NULL dereferences · bc5f17b0
      alvaro authored
      Crash 7d695153fd8052529d480c2352d4ada33a44bada
      bc5f17b0
    • alvaro's avatar
      Fix NULL deference for no ELF files · abab9944
      alvaro authored
      Fix crash 060833f08dc14d1712428742b3cad7af17b36bb7
      abab9944
    • alvaro's avatar
      Check size for segment · bd5f2128
      alvaro authored
      Fix crash b82f05b0b25c8fdc98480e6d76b6d5f9164ae2bc
      
      Running: crash-b82f05b0b25c8fdc98480e6d76b6d5f9164ae2bc
      ==2850==WARNING: AddressSanitizer failed to allocate 0x400000004000001 bytes
      ==2850==AddressSanitizer's allocator is terminating the process instead of returning 0
      ==2850==If you don't like this behavior set allocator_may_return_null=1
      ==2850==AddressSanitizer CHECK failed: /home/alvaro/tools/llvm/llvm/projects/compiler-rt/lib/sanitizer_common/sanitizer_allocator.cc:22
      1 "((0)) != (0)" (0x0, 0x0)
      bd5f2128
    • alvaro's avatar
      Fix oob read terminating data with 0 · 1a3cb25a
      alvaro authored
      Fix crash e3c41070342cf84dea077356ddbb8ebf4326a601
      
      ==12073==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6110000003bb at pc 0x0000004c234c bp 0x7fcf6359ec30 sp 0x7fcf6359e3
      e0
      READ of size 11 at 0x6110000003bb thread T0
          #0 0x4c234b in __interceptor_strlen.part.30 /home/alvaro/tools/llvm/llvm/projects/compiler-rt/lib/asan/../sanitizer_common/sanitize
      r_common_interceptors.inc:301
          #1 0x7165e6579d87 in std::char_traits<char>::length(char const*) /build/gcc-multilib/src/gcc-build/x86_64-pc-linux-gnu/libstdc++-v3
      /include/bits/char_traits.h:269
          #2 0x7165e6579d87 in std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::basic_string(char const*, std
      ::allocator<char> const&) /build/gcc-multilib/src/gcc-build/x86_64-pc-linux-gnu/libstdc++-v3/include/bits/basic_string.h:495
          #3 0x5c3333 in ELFIO::elfio::load_sections(std::istream&) /home/alvaro/fuzzers/elfio/ELFIO/examples/libfuzzer/../../elfio/elfio.hpp
      :413:44
      1a3cb25a
    • alvaro's avatar
      Added stream_size into section · 39f8614f
      alvaro authored
      This will allow to perform some security checks when reading size values
      from ELF file
      
      Fix crash e1ce7cecf01cf800397a4302854d9d76fa19763c
      39f8614f
    • Vašek Potoček's avatar
      Better support for read-only ELF access · 972f89e0
      Vašek Potoček authored
      972f89e0
    • Vašek Potoček's avatar
      More 386 relocation types · ced83b14
      Vašek Potoček authored
      ced83b14
  2. 27 Mar, 2017 1 commit
  3. 06 Mar, 2017 8 commits
  4. 18 Feb, 2017 2 commits
  5. 16 Jan, 2017 6 commits
  6. 20 Dec, 2016 1 commit
  7. 06 Oct, 2016 1 commit
    • Tobias Klauser's avatar
      elfio_note: fix MSVC compiler warning · 446e0c21
      Tobias Klauser authored
      Fix the following MSVC compiler warning:
      
      elfio/elfio_note.hpp(77): warning C4267: 'initializing' : conversion from 'size_t' to 'ELFIO::Elf_Word', possible loss of data
      
      by changing the type of max_name_sizei to Elf_Xword, as
      note_secton->get_size() returns Elf_Xword and note_start_positions also
      contains members of type Elf_Xword.
      446e0c21
  8. 22 Sep, 2016 1 commit
    • Tobias Klauser's avatar
      elfio: don't cast away const qualifiers · af4140a1
      Tobias Klauser authored
      Don't cast away const qualifiers when accessing const data (e.g. section
      data). This fixes the warnings such as the following when compiling with
      GCC and the -Wcast-qual flag set:
      
      warning: cast from type ‘const char*’ to type ‘ELFIO::Elf_Word* {aka unsigned int*}’ casts away qualifiers [-Wcast-qual]
      af4140a1
  9. 18 Sep, 2016 1 commit
  10. 10 Jul, 2016 4 commits
  11. 02 Jul, 2016 1 commit
    • Kevin Klues's avatar
      Fixed off-by-one error in 'name' of add_note() function. · e3e0d6db
      Kevin Klues authored
      Previously, when assigning 'name' as a string, it's length was specified
      using the full length of 'namesz'. However, this length includes the
      trailing '\0' of the underlying char[]. This ultimately causes the C++
      string that is created to (incorrectly) contain the '\0' character as
      well. This leads to problems where e.g. the following will return false,
      even when 'name' itself actually contains the string "GNU\0":
      
        if (name == "GNU") {
          return true;
        }
        return false;
      
      To fix this, we should only include the length of the string minus the
      trailing '\0'.
      e3e0d6db
  12. 23 Apr, 2016 4 commits
  13. 26 Sep, 2015 2 commits