[Bug binutils/17512] New: segfault in PE parser / _bfd_pei_swap_aouthdr_in

[hanno at hboeck dot de]

https://sourceware.org/bugzilla/show_bug.cgi?id=17512

            Bug ID: 17512
           Summary: segfault in PE parser / _bfd_pei_swap_aouthdr_in
           Product: binutils
           Version: 2.24
            Status: NEW
          Severity: normal
          Priority: P2
         Component: binutils
          Assignee: unassigned at sourceware dot org
          Reporter: hanno at hboeck dot de

Created attachment 7849
  --> https://sourceware.org/bugzilla/attachment.cgi?id=7849&action=edit
maxvals.exe

Running strings, nm or objdump on one of the attached files will segfault.

Here is a stack trace from address sanitizer:
==10552== ERROR: AddressSanitizer: stack-buffer-overflow on address
0x7fffb5979be0 at pc 0x5a2d34 bp 0x7fffb5979890 sp 0x7fffb5979888
WRITE of size 8 at 0x7fffb5979be0 thread T0
    #0 0x5a2d33 in _bfd_pei_swap_aouthdr_in
/tmp/binutils-2.24.90/bfd/peigen.c:513:0
    #1 0x591bf2 in pe_bfd_object_p /tmp/binutils-2.24.90/bfd/peicode.h:1339:0
    #2 0x41f10b in bfd_check_format_matches
/tmp/binutils-2.24.90/bfd/format.c:305:0
    #3 0x41e28f in bfd_check_format /tmp/binutils-2.24.90/bfd/format.c:94:0
    #4 0x4038ed in strings_object_file
/tmp/binutils-2.24.90/binutils/strings.c:389:0
    #5 0x403b29 in strings_file /tmp/binutils-2.24.90/binutils/strings.c:432:0
    #6 0x4034f2 in main /tmp/binutils-2.24.90/binutils/strings.c:299:0
    #7 0x7f25477b6a64 in __libc_start_main ??:0:0
    #8 0x402d58 in _start ??:0:0

These samples come from here:
https://github.com/radare/radare2-regressions/tree/master/bins/pe

I tested those after reading this comment:
http://lcamtuf.blogspot.de/2014/10/psa-dont-run-strings-on-untrusted-files.html?showComment=1414290018616&m=1#c6670003407817856261

However I'm not sure if this bug is the same as the one the commenter there is
mentioning.

-- 
You are receiving this mail because:
You are on the CC list for the bug.