Bug 608764

Summary:	app-misc/pax-utils: dumpelf: multiple misaligned address error
Product:	Gentoo Linux	Reporter:	Agostino Sarubbo <ago>
Component:	Current packages	Assignee:	Gentoo Toolchain Maintainers <toolchain>
Status:	CONFIRMED ---
Severity:	normal
Priority:	Normal
Version:	unspecified
Hardware:	All
OS:	Linux
Whiteboard:
Package list:		Runtime testing required:	---

Description Agostino Sarubbo gentoo-dev

2017-02-09 15:18:15 UTC

Found with UBSAN.
All issues are reproducibile with "dumpelf $FILE"
Tested on 1.2.2

1)
dumpelf.c:117:3: runtime error: member access within misaligned address 0x7f05d65120f6 for type 'const Elf32_Shdr', which requires 4 byte alignment

Reproducer:
https://github.com/asarubbo/poc/blob/master/00162-pax-utils-dumpelf-misalignedadd1


2)
dumpelf.c:118:3: runtime error: member access within misaligned address 0x7f03e43cb7e1 for type 'const Elf64_Shdr', which requires 8 byte alignment

Reproducer:
https://github.com/asarubbo/poc/blob/master/00163-pax-utils-dumpelf-misalignedadd2


3)
dumpelf.c:228:12: runtime error: member access within misaligned address 0x7efc7ecc426d for type 'const Elf32_Nhdr', which requires 4 byte alignment

Reproducer:
https://github.com/asarubbo/poc/blob/master/00164-pax-utils-dumpelf-misalignedadd3


4)
dumpelf.c:323:2: runtime error: member access within misaligned address 0x7f305b9830fa for type 'const Elf32_Phdr', which requires 4 byte alignment

Reproducer:
https://github.com/asarubbo/poc/blob/master/00165-pax-utils-dumpelf-misalignedadd4


5)
dumpelf.c:324:2: runtime error: member access within misaligned address 0x7f01c1be204b for type 'const Elf64_Phdr', which requires 8 byte alignment

Reproducer:
https://github.com/asarubbo/poc/blob/master/00166-pax-utils-dumpelf-misalignedadd5


6)
dumpelf.c:485:2: runtime error: member access within misaligned address 0x7f1cb0efb001 for type 'const Elf32_Dyn', which requires 4 byte alignment

Reproducer:
https://github.com/asarubbo/poc/blob/master/00167-pax-utils-dumpelf-misalignedadd6


7)
dumpelf.c:486:2: runtime error: member access within misaligned address 0x7f0d4ee54e7f for type 'const Elf64_Dyn', which requires 8 byte alignment

Reproducer:
https://github.com/asarubbo/poc/blob/master/00168-pax-utils-dumpelf-misalignedadd7

Comment 1 SpanKY gentoo-dev

2017-02-09 20:13:36 UTC

misaligned accesses are not security issues

Comment 2 Agostino Sarubbo gentoo-dev

2017-02-10 08:21:42 UTC

(In reply to SpanKY from comment #1)
> misaligned accesses are not security issues

The misaligned access error can cause an undefined behavior, but if you think it is different, for me is fine as-is. Thanks.

Comment 3 SpanKY gentoo-dev

2017-02-10 21:08:11 UTC

(In reply to Agostino Sarubbo from comment #2)

it isn't undefined behavior.  that is a very specific term in the C/C++ language space.

unaligned accesses are not a problem on most arches (like x86, although i'm ignoring newer sse optimization requirements as they don't apply here).  on many of the rest (like older arm systems), the kernel will fix them up on the fly so userspace doesn't notice.  if the access isn't handled (by hardware or software), the result is an immediate crash (e.g. SIGBUS), not undefined behavior.

search bugzilla history.  we've never treated unaligned accesses as a security problem.  i don't see a reason to start now.