I found an out of bounds read in dumpelf. Reproducible with "dumpelf $FILE" unknown-crash on address 0x7fc30f701000 at pc 0x000000520111 bp 0x7ffdc3db8eb0 sp 0x7ffdc3db8ea8 READ of size 1 at 0x7fc30f701000 thread T0 #0 dump_notes (B=B@entry=64, memory=memory@entry=0x7ffff7ff428c, memory_end=0x7ffff7ff42ac, elf=0x60d8e0, elf=0x60d8e0) at dumpelf.c:245 #1 0x0000000000405636 in dump_phdr (elf=elf@entry=0x60d8e0, phdr_void=phdr_void@entry=0x7ffff7ff4158, phdr_cnt=phdr_cnt@entry=5) at dumpelf.c:324 #2 0x0000000000401dd9 in dumpelf (file_cnt=0, filename=<optimized out>) at dumpelf.c:91 #3 parseargs (argv=0x7fffffffe1a8, argc=2) at dumpelf.c:557 #4 main (argc=2, argv=0x7fffffffe1a8) at dumpelf.c:566 Reproducer: https://github.com/asarubbo/poc/blob/master/00142-pax-utils-dumpelf-oob1
should be fixed here: https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=10a9643d90a1ba6058a66066803fac6cf43f6917 not planning on doing an update right away since dumpelf is a programming tool that no one really runs directly
to confirm, git describe --tags 10a9643d90a1ba6058a66066803fac6cf43f6917 v1.2.2-3-g10a9643
This is fixed in app-misc/pax-utils-1.2.3 and newer.
