https://sourceware.org/bugzilla/show_bug.cgi?id=20605
Bug ID: 20605 Summary: SEGFAULT in objdump.c on fuzzed PE32 executable Product: binutils Version: 2.27 Status: UNCONFIRMED Severity: normal Priority: P2 Component: binutils Assignee: unassigned at sourceware dot org Reporter: scottgriffy at gmail dot com Target Milestone: --- Created attachment 9511 --> https://sourceware.org/bugzilla/attachment.cgi?id=9511&action=edit The problem file I fuzzed a file and came up with 'crash.exe' which segfaults when passed to 'objdump -x' using the latest build I could find: GNU objdump (GNU Binutils) 2.27.51.20160913 Here's a log of running gdb with it: $ gdb ~/checkout/binutils-gdb/binutils/objdump GNU gdb (Ubuntu 7.11.1-0ubuntu1~16.04) 7.11.1 ... Reading symbols from /home/grifball/checkout/binutils-gdb/binutils/objdump...done. (gdb) set args -x crash.exe (gdb) r Starting program: /home/grifball/checkout/binutils-gdb/binutils/objdump -x crash.exe Program received signal SIGSEGV, Segmentation fault. bfd_getl32 (p=0x85a000) at libbfd.c:552 552 return v; (gdb) where #0 bfd_getl32 (p=0x85a000) at libbfd.c:552 #1 0x00000000004acaea in _bfd_pei_swap_debugdir_in (abfd=abfd@entry=0x83a1c0, ext1=0x85a000, in1=in1@entry=0x7fffffffcfa0) at peigen.c:1116 #2 0x00000000004a89dc in pe_bfd_read_buildid (abfd=0x83a1c0) at peicode.h:1342 #3 pe_bfd_object_p (abfd=0x83a1c0) at peicode.h:1486 #4 0x000000000044913d in bfd_check_format_matches (abfd=abfd@entry=0x83a1c0, format=format@entry=bfd_object, matching=matching@entry=0x7fffffffded0) at format.c:308 #5 0x0000000000408888 in display_object_bfd (abfd=0x83a1c0) at ./objdump.c:3461 #6 display_any_bfd (file=file@entry=0x83a1c0, level=level@entry=0) at ./objdump.c:3552 #7 0x000000000040a9a3 in display_file (filename=0x7fffffffe2f0 "crash.exe", target=<optimized out>) at ./objdump.c:3573 #8 0x0000000000404cca in main (argc=3, argv=0x7fffffffe078) at ./objdump.c:3856 (gdb) I built objdump from the git repo here: git://sourceware.org/git/binutils-gdb.git by cd'ing into "./binutils/" then running "./configure" and "make objdump" I created the offending exe following a tutorial: https://fuzzing-project.org/tutorial1.html and found that this will create the exe (after you've downloaded the win9x.exe from the site): zzuf -r 0.004 -s 16915 < win9x.exe > crash.exe Let me know if you have any question or want me to run any tests. I used zzuf version 0.15 to fuzz it. -- You are receiving this mail because: You are on the CC list for the bug. _______________________________________________ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils