[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Bug binutils/17512] segfault in PE parser / _bfd_pei_swap_aouthdr_in
|
From: |
hanno at hboeck dot de |
|
Subject: |
[Bug binutils/17512] segfault in PE parser / _bfd_pei_swap_aouthdr_in |
|
Date: |
Thu, 30 Oct 2014 16:20:01 +0000 |
https://sourceware.org/bugzilla/show_bug.cgi?id=17512
--- Comment #33 from Hanno Boeck <hanno at hboeck dot de> ---
Created attachment 7869
--> https://sourceware.org/bugzilla/attachment.cgi?id=7869&action=edit
ihex stack overflow
Hi Nick, thanks. One fixed, one more fuzzed :-)
==25054== ERROR: AddressSanitizer: stack-buffer-overflow on address
0x7fffdcc2b2d8 at pc 0x4fa49a bp 0x7fffdcc2b1e0 sp 0x7fffdcc2b1d8
READ of size 1 at 0x7fffdcc2b2d8 thread T0
#0 0x4fa499 in ihex_scan /data/binutils/binutils-gdb-asan/bfd/ihex.c:324:0
#1 0x4fc449 in ihex_object_p
/data/binutils/binutils-gdb-asan/bfd/ihex.c:526:0
#2 0x4cf130 in bfd_check_format_matches
/data/binutils/binutils-gdb-asan/bfd/format.c:305:0
#3 0x41284d in display_object_bfd
/data/binutils/binutils-gdb-asan/binutils/./objdump.c:3313:0
#4 0x412b85 in display_any_bfd
/data/binutils/binutils-gdb-asan/binutils/./objdump.c:3389:0
#5 0x412bf6 in display_file
/data/binutils/binutils-gdb-asan/binutils/./objdump.c:3410:0
#6 0x41370e in main
/data/binutils/binutils-gdb-asan/binutils/./objdump.c:3692:0
#7 0x7f7d7cc57a64 in __libc_start_main ??:0:0
#8 0x402f78 in _start ??:0:0
Address 0x7fffdcc2b2d8 is located at offset 104 in frame <ihex_scan> of T0's
stack:
This frame has 3 object(s):
[32, 36) 'error'
[96, 104) 'hdr'
[160, 180) 'secbuf'
HINT: this may be a false positive if your program uses some custom stack
unwind mechanism or swapcontext
(longjmp and C++ exceptions *are* supported)
Shadow bytes around the buggy address:
0x10007b97d600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10007b97d610: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10007b97d620: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10007b97d630: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10007b97d640: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1
=>0x10007b97d650: f1 f1 04 f4 f4 f4 f2 f2 f2 f2 00[f4]f4 f4 f2 f2
0x10007b97d660: f2 f2 00 00 04 f4 00 00 00 00 00 00 00 00 00 00
0x10007b97d670: 00 00 00 00 f1 f1 f1 f1 00 01 f4 f4 00 00 00 00
0x10007b97d680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10007b97d690: 00 00 00 00 00 00 f1 f1 f1 f1 00 00 00 00 00 00
0x10007b97d6a0: 00 00 00 00 00 00 f3 f3 f3 f3 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap righ redzone: fb
Freed Heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
ASan internal: fe
==25054== ABORTING
--
You are receiving this mail because:
You are on the CC list for the bug.
- [Bug binutils/17512] segfault in PE parser / _bfd_pei_swap_aouthdr_in, (continued)
- [Bug binutils/17512] segfault in PE parser / _bfd_pei_swap_aouthdr_in, cvs-commit at gcc dot gnu.org, 2014/10/29
- [Bug binutils/17512] segfault in PE parser / _bfd_pei_swap_aouthdr_in, nickc at redhat dot com, 2014/10/29
- [Bug binutils/17512] segfault in PE parser / _bfd_pei_swap_aouthdr_in, hanno at hboeck dot de, 2014/10/29
- [Bug binutils/17512] segfault in PE parser / _bfd_pei_swap_aouthdr_in, hanno at hboeck dot de, 2014/10/31
- [Bug binutils/17512] segfault in PE parser / _bfd_pei_swap_aouthdr_in, hanno at hboeck dot de, 2014/10/31
- [Bug binutils/17512] segfault in PE parser / _bfd_pei_swap_aouthdr_in, hanno at hboeck dot de, 2014/10/31
- [Bug binutils/17512] segfault in PE parser / _bfd_pei_swap_aouthdr_in, hanno at hboeck dot de, 2014/10/31
- [Bug binutils/17512] segfault in PE parser / _bfd_pei_swap_aouthdr_in, cvs-commit at gcc dot gnu.org, 2014/10/31
- [Bug binutils/17512] segfault in PE parser / _bfd_pei_swap_aouthdr_in, nickc at redhat dot com, 2014/10/31
- [Bug binutils/17512] segfault in PE parser / _bfd_pei_swap_aouthdr_in, cvs-commit at gcc dot gnu.org, 2014/10/31
- [Bug binutils/17512] segfault in PE parser / _bfd_pei_swap_aouthdr_in,
hanno at hboeck dot de <=
- [Bug binutils/17512] segfault in PE parser / _bfd_pei_swap_aouthdr_in, cvs-commit at gcc dot gnu.org, 2014/10/31
- [Bug binutils/17512] segfault in PE parser / _bfd_pei_swap_aouthdr_in, nickc at redhat dot com, 2014/10/31
- [Bug binutils/17512] segfault in PE parser / _bfd_pei_swap_aouthdr_in, cvs-commit at gcc dot gnu.org, 2014/10/31
- [Bug binutils/17512] segfault in PE parser / _bfd_pei_swap_aouthdr_in, nickc at redhat dot com, 2014/10/31
- [Bug binutils/17512] segfault in PE parser / _bfd_pei_swap_aouthdr_in, hanno at hboeck dot de, 2014/10/31
- [Bug binutils/17512] segfault in PE parser / _bfd_pei_swap_aouthdr_in, cvs-commit at gcc dot gnu.org, 2014/10/31
- [Bug binutils/17512] segfault in PE parser / _bfd_pei_swap_aouthdr_in, nickc at redhat dot com, 2014/10/31
- [Bug binutils/17512] segfault in PE parser / _bfd_pei_swap_aouthdr_in, hanno at hboeck dot de, 2014/10/31
- [Bug binutils/17512] segfault in PE parser / _bfd_pei_swap_aouthdr_in, hanno at hboeck dot de, 2014/10/31
- [Bug binutils/17512] segfault in PE parser / _bfd_pei_swap_aouthdr_in, hanno at hboeck dot de, 2014/10/31