Hello,
I found a crash bug which causes segmentation fault when objdump -x tries to print
header information of the attached file. This bug was found by CONCERT, an automated
unit testing generation tool developed by my colleague and me.
*** Configuration and build option ***
$ ./configure CFLAGS="-fsanitize=address" && make -j4
I am using Debian 8.1 on x64 and gcc 4.9.2.
*** Command that causes a crash ***
$ ~/binutils-2.25.1/binutils/objdump -x objdump_crash
objdump_crash: file format elf64-x86-64
objdump_crash
architecture: i386:x86-64, flags 0x00000112:
EXEC_P, HAS_SYMS, D_PAGED
start address 0x00000000004003c0
Program Header:
... omitted program header
Version definitions:
Segmentation fault
Segmentation fault happens at 'fprintf' called at bfd/elf.c:1397
bfd/elf.c
1395 for (t = elf_tdata (abfd)->verdef; t != NULL; t = t->vd_nextdef)
1396 {
1397 fprintf (f, "%d 0x%2.2x 0x%8.8lx %s\n", t->vd_ndx,
1398 t->vd_flags, t->vd_hash,
1399 t->vd_nodename ? t->vd_nodename : "<corrupt>");
t->vd_nodename (line 1399) has a suspect memory address, This is because t->vd_nodename
is not initialized at the function _bfd_elf_slurp_version_tables() (in elf.c) when the 2nd parameter
of _bfd_elf_slurp_version_tables is given as false and iverdef->vd_cnt is 0 at elf.c:7561
If you need more details or any other information, please let me know.
Thanks.
--
Best Regards,
Yunho Kim
---------------------------------------------
Yunho Kim, Ph.D candidate
Rm# 2438 CS Dept. KAIST
373-1 Guseong-dong, Yuseong-gu
Daejeon, South Korea (305-701)
Phone:+82-42-350-7743
Fax:+82-42-350-3510
---------------------------------------------
objdump_crash