[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Bug binutils/20605] New: SEGFAULT in objdump.c on fuzzed PE32 executabl

From: scottgriffy at gmail dot com
Subject: [Bug binutils/20605] New: SEGFAULT in objdump.c on fuzzed PE32 executable
Date: Tue, 13 Sep 2016 22:44:59 +0000


            Bug ID: 20605
           Summary: SEGFAULT in objdump.c on fuzzed PE32 executable
           Product: binutils
           Version: 2.27
            Status: UNCONFIRMED
          Severity: normal
          Priority: P2
         Component: binutils
          Assignee: unassigned at sourceware dot org
          Reporter: scottgriffy at gmail dot com
  Target Milestone: ---

Created attachment 9511
  --> https://sourceware.org/bugzilla/attachment.cgi?id=9511&action=edit
The problem file

I fuzzed a file and came up with 'crash.exe' which segfaults when passed to
'objdump -x' using the latest build I could find: GNU objdump (GNU Binutils)

Here's a log of running gdb with it:
$ gdb ~/checkout/binutils-gdb/binutils/objdump
GNU gdb (Ubuntu 7.11.1-0ubuntu1~16.04) 7.11.1
Reading symbols from
(gdb) set args -x crash.exe
(gdb) r
Starting program: /home/grifball/checkout/binutils-gdb/binutils/objdump -x

Program received signal SIGSEGV, Segmentation fault.
bfd_getl32 (p=0x85a000) at libbfd.c:552
552       return v;
(gdb) where
#0  bfd_getl32 (p=0x85a000) at libbfd.c:552
#1  0x00000000004acaea in _bfd_pei_swap_debugdir_in (address@hidden,
ext1=0x85a000, address@hidden) at peigen.c:1116
#2  0x00000000004a89dc in pe_bfd_read_buildid (abfd=0x83a1c0) at peicode.h:1342
#3  pe_bfd_object_p (abfd=0x83a1c0) at peicode.h:1486
#4  0x000000000044913d in bfd_check_format_matches (address@hidden,
address@hidden, address@hidden) at
#5  0x0000000000408888 in display_object_bfd (abfd=0x83a1c0) at
#6  display_any_bfd (address@hidden, address@hidden) at
#7  0x000000000040a9a3 in display_file (filename=0x7fffffffe2f0 "crash.exe",
target=<optimized out>) at ./objdump.c:3573
#8  0x0000000000404cca in main (argc=3, argv=0x7fffffffe078) at

I built objdump from the git repo here:
by cd'ing into "./binutils/" then running "./configure" and "make objdump"

I created the offending exe following a tutorial:
and found that this will create the exe (after you've downloaded the win9x.exe
from the site):
zzuf -r 0.004 -s 16915 < win9x.exe > crash.exe

Let me know if you have any question or want me to run any tests. I used zzuf
version 0.15 to fuzz it.

You are receiving this mail because:
You are on the CC list for the bug.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]