[Bug gas/20898] New: AS: Buffer Overflow when scrubing chars

bug-binutils

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Bug gas/20898] New: AS: Buffer Overflow when scrubing chars

From:	boehme.marcel at gmail dot com
Subject:	[Bug gas/20898] New: AS: Buffer Overflow when scrubing chars
Date:	Thu, 01 Dec 2016 14:08:03 +0000

https://sourceware.org/bugzilla/show_bug.cgi?id=20898

            Bug ID: 20898
           Summary: AS: Buffer Overflow when scrubing chars
           Product: binutils
           Version: 2.28 (HEAD)
            Status: UNCONFIRMED
          Severity: normal
          Priority: P2
         Component: gas
          Assignee: unassigned at sourceware dot org
          Reporter: boehme.marcel at gmail dot com
  Target Milestone: ---

Dear all,

The following bug was found with AFLFast, a fork of AFL, in a 24 hour fuzzing
session on Binutils. Thanks also to Van-Thuan Pham.

There is a global buffer overflow (write of size 1) in the assembler for the
following execution on Ubuntu 14.04 x86_64 for Binutils v2.26 and in trunk.
Interestingly, it does not seg-fault on my machine.

$ printf "/" > test
$ ./as test

ASAN says:
==141249==ERROR: AddressSanitizer: global-buffer-overflow on address
0x00000143fdbf at pc 0x000000407db7 bp 0x7ffd85bdacb0 sp 0x7ffd85bdaca8
WRITE of size 1 at 0x00000143fdbf thread T0
    #0 0x407db6 in do_scrub_chars ../../gas/app.c:1193
    #1 0x44351b in input_file_give_next_buffer ../../gas/input-file.c:243
    #2 0x444a05 in input_scrub_next_buffer ../../gas/input-scrub.c:356
    #3 0x460204 in read_a_source_file ../../gas/read.c:835
    #4 0x40c417 in perform_an_assembly_pass ../../gas/as.c:1172
    #5 0x40c86c in main ../../gas/as.c:1296
    #6 0x7fb7630e5f44 in __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
    #7 0x403858 
(/home/ubuntu/subjects/binutils-gdb/obj-asan/gas/as-new+0x403858)

0x00000143fdbf is located 55 bytes to the right of global variable
'saved_input_len' defined in '../../gas/app.c:218:15' (0x143fd80) of size 8
0x00000143fdbf is located 1 bytes to the left of global variable 'input_buffer'
defined in '../../gas/app.c:219:13' (0x143fdc0) of size 32768
SUMMARY: AddressSanitizer: global-buffer-overflow ../../gas/app.c:1193 in
do_scrub_chars

Valgrind does not complain.

Best regards,
- Marcel

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Prev in Thread]

Current Thread

[Next in Thread]

[Bug gas/20898] New: AS: Buffer Overflow when scrubing chars, boehme.marcel at gmail dot com <=
- [Bug gas/20898] AS: Buffer Overflow when scrubing chars, cvs-commit at gcc dot gnu.org, 2016/12/01
- [Bug gas/20898] AS: Buffer Overflow when scrubing chars, nickc at redhat dot com, 2016/12/01

Prev by Date: [Bug gas/20897] New: AS: dumping stats in folder leads to a crash
Next by Date: [Bug binutils/20880] [LD] [Bug] Wrong Hint Value For ImportLib IDATA6
Previous by thread: [Bug gas/20897] New: AS: dumping stats in folder leads to a crash
Next by thread: [Bug gas/20898] AS: Buffer Overflow when scrubing chars
Index(es):
- Date
- Thread