From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 22641 invoked by alias); 1 Jul 2007 22:12:44 -0000 Received: (qmail 22633 invoked by uid 22791); 1 Jul 2007 22:12:44 -0000 X-Spam-Check-By: sourceware.org Received: from ns2.uludag.org.tr (HELO uludag.org.tr) (193.140.100.220) by sourceware.org (qpsmtpd/0.31) with ESMTP; Sun, 01 Jul 2007 22:12:41 +0000 Received: from garbage.local (unknown [85.101.42.127]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by uludag.org.tr (Postfix) with ESMTP id A682F608439C; Mon, 2 Jul 2007 01:12:29 +0300 (EEST) From: Ismail =?iso-8859-1?q?D=F6nmez?= To: Daniel Jacobowitz Subject: Re: [rfc] Do not crash reading UPX binaries Date: Sun, 01 Jul 2007 22:12:00 -0000 User-Agent: KMail/1.9.7 Cc: gdb-patches@sourceware.org References: <20070701215549.GA26528@caradoc.them.org> In-Reply-To: <20070701215549.GA26528@caradoc.them.org> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart1996058.UZBPk7CElF"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <200707020112.31603.ismail@pardus.org.tr> Mailing-List: contact gdb-patches-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: gdb-patches-owner@sourceware.org X-SW-Source: 2007-07/txt/msg00016.txt.bz2 --nextPart1996058.UZBPk7CElF Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Content-length: 742 On Monday 02 July 2007 00:55:49 Daniel Jacobowitz wrote: > This patch issues an error instead of a segfault on the testcase > in PR 2280. UPX is a binary compression system; it's infamous for > producing very strange files, which are only "just valid enough". > In this case, it claims that the symbol table is at a large offset > in a very small file. > > I don't think it's worth supporting files this modified. Does anyone > think we need to do better, or shall I check in the attached? Please not that attached gdbupx is from a security advisory [0] [1] but it= =20 looks like a simple DoS. [0] http://blog.xwings.net/?p=3D71 [1] http://blogs.securiteam.com/index.php/archives/922 Regards, ismail --=20 Perfect is the enemy of good --nextPart1996058.UZBPk7CElF Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part. Content-length: 827 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4 (GNU/Linux) iQIVAwUARogmz0e9qviWcMsnAQLCFRAAw92aVncT0lZIQfUJt0ov2eynSjn6fUGd hDGC6Oe1PPijT+nK/7VcRZGHvIqRgjNjiLmcVIwYLDj/4Qw8ZJ8SRO78Qpke56/u E0J9+v5/NX0XYE6aurDMfEZKbmEfUUqvUCuNttVS9K16oNRnTDktui+VhS2lApFE Gwzpt1I60ksHNOULnDh+q7fYl8Dk4JmfiVDJkfQt1uuv1Mp+kfpYwdHx9YEiCyMt 5rmMfOd40vm9FOzh4UPvueyLmgiaOSMO4B+OkIpgNIVN4WqjF0EyQCXqBedSkPNv 7L37ElRJW0nCn/KbgZBIWdUNe8xguOFYO+pFN6ToEwSJdPcTrYXSdyw7t7IOd1jz OjFTuPYYr8uft5r6PpnBtlpLaDa2UrQZQnrcMvINF6vY3IUm5pA0rsvt+Rn+S0sK 9CosdQuQFxMi141XI3ANDD9OFX2wHX/W4WXnzKUd0DfEEFZEyW54CVmJHf+R44as 2fKV13YkFn6oFL8Z+DiwHjkJkG8HTmHReeKgO97bMT0p+Y4UUHoK4NnawufXC2EF X3Ry8b8ku+KHRH1CecWf9h1XG9mVP4YAC7Uib7X0dRt3FNboHR92uyRay6RamLBA etV3L1Ger9BPeN6tpaFxl6S1H2oRZZ8XxYu6m6pMsklWB+t3ItW57FIZZ7TMmzFg JeuyK9gHgWg= =maPx -----END PGP SIGNATURE----- --nextPart1996058.UZBPk7CElF--