[Bug binutils/33211] New: NULL-pointer-arithmetic in nm-new on malformed COFF

231220168 at smail dot nju.edu.cn Thu, 24 Jul 2025 13:57:05 -0700

https://sourceware.org/bugzilla/show_bug.cgi?id=33211


            Bug ID: 33211
           Summary: NULL-pointer-arithmetic in nm-new on malformed COFF
           Product: binutils
           Version: 2.40
            Status: UNCONFIRMED
          Severity: normal
          Priority: P2
         Component: binutils
          Assignee: unassigned at sourceware dot org
          Reporter: 231220168 at smail dot nju.edu.cn
  Target Milestone: ---

A NULL-pointer-arithmetic vulnerability exists in nm-new when processing
malformed COFF objects.  
Discovered via AFL++ fuzzing with -fsanitize=undefined.

Environment  
- binutils 2.40  
- Ubuntu 22.04 x86_64  
- Build flags: CFLAGS="-fsanitize=undefined -g"

Sanitizer Output  
../../bfd/coffcode.h:946:18: runtime error: applying zero offset to null
pointer  
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior
../../bfd/coffcode.h:946:18 in

Reproduction Steps  
1. Save the attached crash.coff (hex-restore):
   xxd -r -p > crash.coff <<'EOF'
   1dfd010000000054000000000100000000000000000056000000120000000000
   3b0100000000ffe2e4ff0937000004000000790000666666665e6666666666
   EOF
2. Run:  ./binutils/nm-new -C crash.coff
   The sanitizer report appears immediately.

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug binutils/33211] New: NULL-pointer-arithmetic in nm-new on malformed COFF

Reply via email to