https://sourceware.org/bugzilla/show_bug.cgi?id=24273
Bug ID: 24273 Summary: An out-of-bounds read in bfd_hash_hash() Product: binutils Version: 2.33 (HEAD) Status: UNCONFIRMED Severity: normal Priority: P2 Component: binutils Assignee: unassigned at sourceware dot org Reporter: mgcho.minic at gmail dot com Target Milestone: --- Created attachment 11652 --> https://sourceware.org/bugzilla/attachment.cgi?id=11652&action=edit Poc to trigger bug Triggered by "./objdump -x $POC" Tested on Ubuntu 16.04 (x86) An out-of-bounds read occurred when processing malformed ELF file. ASAN output: ==256772==ERROR: AddressSanitizer: heap-buffer-overflow on address 0xf3f038e0 at pc 0x082e228e bp 0xffcafc58 sp 0xffcafc4c READ of size 1 at 0xf3f038e0 thread T0 #0 0x82e228d in bfd_hash_hash /home/seclab/binutils-gdb/bfd/hash.c:442:15 #1 0x82e1aa8 in bfd_hash_lookup /home/seclab/binutils-gdb/bfd/hash.c:468:10 #2 0x82f6763 in bfd_make_section_anyway_with_flags /home/seclab/binutils-gdb/bfd/section.c:1166:8 #3 0x82f69e2 in bfd_make_section_anyway /home/seclab/binutils-gdb/bfd/section.c:1213:10 #4 0x83d7ecf in _bfd_elf_make_section_from_shdr /home/seclab/binutils-gdb/bfd/elf.c:1008:13 #5 0x83fbaca in bfd_section_from_shdr /home/seclab/binutils-gdb/bfd/elf.c:2494:11 #6 0x83baada in bfd_elf64_object_p /home/seclab/binutils-gdb/bfd/./elfcode.h:818:7 #7 0x82ddd12 in bfd_check_format_matches /home/seclab/binutils-gdb/bfd/format.c:315:14 #8 0x817038c in display_object_bfd /home/seclab/binutils-gdb/binutils/./objdump.c:3957:7 #9 0x81702ad in display_any_bfd /home/seclab/binutils-gdb/binutils/./objdump.c:4049:5 #10 0x816f8a0 in display_file /home/seclab/binutils-gdb/binutils/./objdump.c:4070:3 #11 0x816efb2 in main /home/seclab/binutils-gdb/binutils/./objdump.c:4380:6 #12 0xf7570636 in __libc_start_main (/lib/i386-linux-gnu/libc.so.6+0x18636) #13 0x806c967 in _start (/tmp/binutils-master/bin/objdump+0x806c967) Credits: Mingi Cho, Seoyoung Kim, and Taekyoung Kwon of the Information Security Lab, Yonsei University. -- You are receiving this mail because: You are on the CC list for the bug. _______________________________________________ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils