https://sourceware.org/bugzilla/show_bug.cgi?id=28862
Bug ID: 28862 Summary: heap-buffer-overflow in parse_stab_string Product: binutils Version: 2.38 Status: UNCONFIRMED Severity: normal Priority: P2 Component: binutils Assignee: unassigned at sourceware dot org Reporter: wyxaidai at gmail dot com Target Milestone: --- Created attachment 13956 --> https://sourceware.org/bugzilla/attachment.cgi?id=13956&action=edit poc ~/fuzzing/binutils/binutils-gdb/binutils/objdump -g poc poc: file format elf64-x86-64 /home/aidai/fuzzing/binutils/binutils-gdb/binutils/objdump: poc: invalid string offset 3774873600 >= 6 for section `.strtab' ================================================================= ==3453842==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x603000000150 at pc 0x5565159b86b3 bp 0x7ffe0db99410 sp 0x7ffe0db99400 READ of size 1 at 0x603000000150 thread T0 #0 0x5565159b86b2 in parse_stab_string /home/aidai/fuzzing/binutils/binutils-gdb/binutils/stabs.c:1132 #1 0x5565159b6a24 in parse_stab /home/aidai/fuzzing/binutils/binutils-gdb/binutils/stabs.c:670 #2 0x5565159a5214 in read_section_stabs_debugging_info /home/aidai/fuzzing/binutils/binutils-gdb/binutils/rddbg.c:243 #3 0x5565159a44de in read_debugging_info /home/aidai/fuzzing/binutils/binutils-gdb/binutils/rddbg.c:56 #4 0x556515946d45 in dump_bfd objdump.c:5169 #5 0x556515946fec in display_object_bfd objdump.c:5225 #6 0x55651594737b in display_any_bfd objdump.c:5315 #7 0x5565159473f5 in display_file objdump.c:5336 #8 0x556515948ab7 in main objdump.c:5708 #9 0x7fe3b8eab0b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2) #10 0x55651592e39d in _start (/home/aidai/fuzzing/binutils/binutils-gdb/binutils/objdump+0x13539d) 0x603000000150 is located 0 bytes to the right of 32-byte region [0x603000000130,0x603000000150) allocated by thread T0 here: #0 0x7fe3b9189bc8 in malloc (/lib/x86_64-linux-gnu/libasan.so.5+0x10dbc8) #1 0x556515d10543 in xmalloc xmalloc.c:149 #2 0x5565159a49ad in read_section_stabs_debugging_info /home/aidai/fuzzing/binutils/binutils-gdb/binutils/rddbg.c:140 #3 0x5565159a44de in read_debugging_info /home/aidai/fuzzing/binutils/binutils-gdb/binutils/rddbg.c:56 #4 0x556515946d45 in dump_bfd objdump.c:5169 #5 0x556515946fec in display_object_bfd objdump.c:5225 #6 0x55651594737b in display_any_bfd objdump.c:5315 #7 0x5565159473f5 in display_file objdump.c:5336 #8 0x556515948ab7 in main objdump.c:5708 #9 0x7fe3b8eab0b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2) SUMMARY: AddressSanitizer: heap-buffer-overflow /home/aidai/fuzzing/binutils/binutils-gdb/binutils/stabs.c:1132 in parse_stab_string Shadow bytes around the buggy address: 0x0c067fff7fd0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c067fff7fe0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c067fff7ff0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c067fff8000: fa fa 00 00 00 fa fa fa 00 00 00 00 fa fa 00 00 0x0c067fff8010: 00 fa fa fa fd fd fd fa fa fa fd fd fd fa fa fa =>0x0c067fff8020: 00 00 00 fa fa fa 00 00 00 00[fa]fa 00 00 02 fa 0x0c067fff8030: fa fa 00 00 02 fa fa fa 00 00 00 fa fa fa 00 00 0x0c067fff8040: 00 fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c067fff8050: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c067fff8060: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c067fff8070: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb Shadow gap: cc ==3453842==ABORTING -- You are receiving this mail because: You are on the CC list for the bug.