bug-binutils
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Bug binutils/17512] segfault in PE parser / _bfd_pei_swap_aouthdr_in


From: hanno at hboeck dot de
Subject: [Bug binutils/17512] segfault in PE parser / _bfd_pei_swap_aouthdr_in
Date: Wed, 29 Oct 2014 23:20:11 +0000

https://sourceware.org/bugzilla/show_bug.cgi?id=17512

--- Comment #30 from Hanno Boeck <hanno at hboeck dot de> ---
Created attachment 7862
  --> https://sourceware.org/bugzilla/attachment.cgi?id=7862&action=edit
fuzzed objdump-pe-crasher

Hi Nick, thanks for the fixes.

However, further fuzzing turned up another asan-detected issue. This is
actually a fuzzed version of the objdump-pe-crasher binary (attachment 7854):

==2937== ERROR: AddressSanitizer: heap-buffer-overflow on address
0x60080000b834 at pc 0x4d0c67 bp 0x7fffdd272be0 sp 0x7fffdd272bd8
READ of size 1 at 0x60080000b834 thread T0
    #0 0x4d0c66 in bfd_getl32
/data/binutils/binutils-gdb-asan/bfd/libbfd.c:619:0
    #1 0x650684 in _bfd_pei_swap_aux_in
/data/binutils/binutils-gdb-asan/bfd/peigen.c:314:0
    #2 0x4c9ab1 in coff_get_normalized_symtab
/data/binutils/binutils-gdb-asan/bfd/coffgen.c:1781:0
    #3 0x64c021 in coff_slurp_symbol_table
/data/binutils/binutils-gdb-asan/bfd/coffcode.h:4663:0
    #4 0x4c0b5c in coff_get_symtab_upper_bound
/data/binutils/binutils-gdb-asan/bfd/coffgen.c:410:0
    #5 0x4044ab in slurp_symtab
/data/binutils/binutils-gdb-asan/binutils/./objdump.c:563:0
    #6 0x4123ee in dump_bfd
/data/binutils/binutils-gdb-asan/binutils/./objdump.c:3227:0
    #7 0x41285d in display_object_bfd
/data/binutils/binutils-gdb-asan/binutils/./objdump.c:3315:0
    #8 0x412b85 in display_any_bfd
/data/binutils/binutils-gdb-asan/binutils/./objdump.c:3389:0
    #9 0x412bf6 in display_file
/data/binutils/binutils-gdb-asan/binutils/./objdump.c:3410:0
    #10 0x41370e in main
/data/binutils/binutils-gdb-asan/binutils/./objdump.c:3692:0
    #11 0x7f0eb1633a64 in __libc_start_main ??:0:0
    #12 0x402f78 in _start ??:0:0
0x60080000b834 is located 0 bytes to the right of 36-byte region
[0x60080000b810,0x60080000b834)
allocated by thread T0 here:
    #0 0x7f0eb1de4dda in malloc ??:0:0
    #1 0x4d01ed in bfd_malloc
/data/binutils/binutils-gdb-asan/bfd/libbfd.c:181:0
    #2 0x4c8d02 in _bfd_coff_get_external_symbols
/data/binutils/binutils-gdb-asan/bfd/coffgen.c:1619:0
    #3 0x4c973f in coff_get_normalized_symtab
/data/binutils/binutils-gdb-asan/bfd/coffgen.c:1752:0
    #4 0x64c021 in coff_slurp_symbol_table
/data/binutils/binutils-gdb-asan/bfd/coffcode.h:4663:0
    #5 0x4c0b5c in coff_get_symtab_upper_bound
/data/binutils/binutils-gdb-asan/bfd/coffgen.c:410:0
    #6 0x4044ab in slurp_symtab
/data/binutils/binutils-gdb-asan/binutils/./objdump.c:563:0
    #7 0x4123ee in dump_bfd
/data/binutils/binutils-gdb-asan/binutils/./objdump.c:3227:0
    #8 0x41285d in display_object_bfd
/data/binutils/binutils-gdb-asan/binutils/./objdump.c:3315:0
    #9 0x412b85 in display_any_bfd
/data/binutils/binutils-gdb-asan/binutils/./objdump.c:3389:0
    #10 0x412bf6 in display_file
/data/binutils/binutils-gdb-asan/binutils/./objdump.c:3410:0
    #11 0x41370e in main
/data/binutils/binutils-gdb-asan/binutils/./objdump.c:3692:0
    #12 0x7f0eb1633a64 in __libc_start_main ??:0:0

-- 
You are receiving this mail because:
You are on the CC list for the bug.



reply via email to

[Prev in Thread] Current Thread [Next in Thread]