[Bug binutils/23770] New: An Invalid memory address dereference was discovered in function read_reloc in raloc.c in program objdump.

Sat, 13 Oct 2018 01:41:11 -0700 

https://sourceware.org/bugzilla/show_bug.cgi?id=23770

            Bug ID: 23770
           Summary: An Invalid memory address dereference was discovered
                    in function read_reloc in raloc.c in program objdump.
           Product: binutils
           Version: 2.31
            Status: UNCONFIRMED
          Severity: normal
          Priority: P2
         Component: binutils
          Assignee: unassigned at sourceware dot org
          Reporter: wcventure at 126 dot com
  Target Milestone: ---

Created attachment 11322
  --> https://sourceware.org/bugzilla/attachment.cgi?id=11322&action=edit
POC

Hi, there.

We are doing research on Fuzz testing. Our fuzzer caught an An Invalid memory
address dereference problem in program objdump of the latest binutils(v2.31.1)
code base, The POC file I gave can cause the segment faults and I have
confirmed them with address sanitizer too.

Please use the "./objdump -xg -W $POC" to reproduce the bug. If you have any
questions, please let me know.


The ASAN dumps the stack trace as follows:
ASAN:DEADLYSIGNAL
=================================================================
==17439==ERROR: AddressSanitizer: SEGV on unknown address 0x612208051814 (pc
0x0000021a0ef0 bp 0x7ffcdefe0820 sp 0x7ffcdefe0800 T0)
    #0 0x21a0eef in read_reloc /binutils_gdb/bfd/reloc.c:557:14
    #1 0x21a44ff in _bfd_clear_contents /binutils_gdb/bfd/reloc.c:1516:7
    #2 0x21ac758 in bfd_generic_get_relocated_section_contents /binutils_gdb/bf
    #3 0xa373c7 in bfd_get_relocated_section_contents /binutils_gdb/bfd/bfd.c:1
    #4 0xb45b58 in bfd_simple_get_relocated_section_contents /binutils_gdb/bfd/
    #5 0x4ee41c in load_specific_debug_section /binutils_gdb/binutils/./objdump
    #6 0x520386 in dump_dwarf_section /binutils_gdb/binutils/./objdump.c:2691:6
    #7 0xb3cfb7 in bfd_map_over_sections /binutils_gdb/bfd/section.c:1374:5
    #8 0x513470 in dump_dwarf /binutils_gdb/binutils/./objdump.c:2774:3
    #9 0x50155f in dump_bfd /binutils_gdb/binutils/./objdump.c:3627:5
    #10 0x4fa7d3 in display_object_bfd /binutils_gdb/binutils/./objdump.c:3714:
    #11 0x4fa7d3 in display_any_bfd /binutils_gdb/binutils/./objdump.c:3783
    #12 0x4f6c61 in display_file /binutils_gdb/binutils/./objdump.c:3804:3
    #13 0x4f6c61 in main /binutils_gdb/binutils/./objdump.c:4106
    #14 0x7fe049d8b82f in __libc_start_main
/build/glibc-Cl5G7W/glibc-2.23/csu/../csu/libc-start.c:291
    #15 0x4194d8 in _start (/binutils_gdb/build/bin/objdump+0x4194d8)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /binutils_gdb/bfd/reloc.c:557:14 in read_reloc
==17439==ABORTING
Aborted

-- 
You are receiving this mail because:
You are on the CC list for the bug.
_______________________________________________
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils

Reply via email to