[Bug ld/24337] New: An Invalid Memory Address Dereference problem was discovered in function _bfd_elf_rela_local_sym in elf.c in bfd

Thu, 14 Mar 2019 05:41:24 -0700 

https://sourceware.org/bugzilla/show_bug.cgi?id=24337

            Bug ID: 24337
           Summary: An Invalid Memory Address Dereference problem was
                    discovered in function _bfd_elf_rela_local_sym in
                    elf.c in bfd
           Product: binutils
           Version: 2.32
            Status: UNCONFIRMED
          Severity: normal
          Priority: P2
         Component: ld
          Assignee: unassigned at sourceware dot org
          Reporter: wcventure at 126 dot com
  Target Milestone: ---

Created attachment 11676
  --> https://sourceware.org/bugzilla/attachment.cgi?id=11676&action=edit
POC

Hi, there.

An Invalid Memory Address Dereference problem was discovered in function
_bfd_elf_rela_local_sym in elf.c in bfd of binutils 2.32 the latest code base.
A crafted ELF input can cause segment faults and I have confirmed them with
address sanitizer too.

Please use the "./ld -E $POC" to reproduce the bug.


The ASAN dumps the stack trace as follows:
> =================================================================
> ==20800==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000068 (pc 
> 0x0000008030d4 bp 0x0fff88b06c30 sp 0x7ffc458360f0 T0)
>     #0 0x8030d3 in _bfd_elf_rela_local_sym 
> /home/hjwang/Fuzzing_Objects/binutils_2.32_ASAN/bfd/elf.c:11776:22
>     #1 0x71e812 in elf_x86_64_relocate_section 
> /home/hjwang/Fuzzing_Objects/binutils_2.32_ASAN/bfd/elf64-x86-64.c:2459:17
>     #2 0x874c6c in elf_link_input_bfd 
> /home/hjwang/Fuzzing_Objects/binutils_2.32_ASAN/bfd/elflink.c:10856:10
>     #3 0x874c6c in bfd_elf_final_link 
> /home/hjwang/Fuzzing_Objects/binutils_2.32_ASAN/bfd/elflink.c:12183
>     #4 0x59a4dc in ldwrite 
> /home/hjwang/Fuzzing_Objects/binutils_2.32_ASAN/ld/ldwrite.c:581:8
>     #5 0x58fe8c in main 
> /home/hjwang/Fuzzing_Objects/binutils_2.32_ASAN/ld/./ldmain.c:456:3
>     #6 0x7f8083d9e82f in __libc_start_main 
> /build/glibc-LK5gWL/glibc-2.23/csu/../csu/libc-start.c:291
>     #7 0x4195f8 in _start 
> (/home/hjwang/Fuzzing_Objects/binutils_2.32_ASAN/build/bin/ld+0x4195f8)
> 
> AddressSanitizer can not provide additional info.
> SUMMARY: AddressSanitizer: SEGV 
> /home/hjwang/Fuzzing_Objects/binutils_2.32_ASAN/bfd/elf.c:11776:22 in 
> _bfd_elf_rela_local_sym
> ==20800==ABORTING
> Aborted

-- 
You are receiving this mail because:
You are on the CC list for the bug.
_______________________________________________
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils

Reply via email to