[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Bug binutils/21417] New: heap buffer overflow in ar

From: dungnguy at comp dot nus.edu.sg
Subject: [Bug binutils/21417] New: heap buffer overflow in ar
Date: Sat, 22 Apr 2017 06:42:29 +0000


            Bug ID: 21417
           Summary: heap buffer overflow in ar
           Product: binutils
           Version: 2.28
            Status: UNCONFIRMED
          Severity: normal
          Priority: P2
         Component: binutils
          Assignee: unassigned at sourceware dot org
          Reporter: dungnguy at comp dot nus.edu.sg
  Target Milestone: ---

Dear All,

This bug was found with AFLGo, a directed version of AFL/AFLFast. Thanks also
to Marcel Böhme and Van-Thuan Pham.

This bug was found on Ubuntu 14.04 64-bit & binutils was checked out from main
repository at git://sourceware.org/git/binutils-gdb.git. Its commit is
a6c21d4a553de184562fd8409a5bcd3f2cc2561a (Wed Apr 19 13:16:05 2017).

binutils was built with ASAN using gcc-6.2 and clang-3.4. The configure command

CC=clang CFLAGS="-DFORTIFY_SOURCE=2 -fstack-protector-all
-fsanitize=undefined,address -fno-omit-frame-pointer -g -Wno-error"
../configure --disable-shared --disable-gdb --disable-libdecnumber
--disable-readline --disable-sim

To reproduce:
ar d

ASAN says:
==148384==ERROR: AddressSanitizer: heap-buffer-overflow on address
0x60300000ef98 at pc 0x0000004e7efc bp 0x7ffe38a5e8f0 sp 0x7ffe38a5e8e8
READ of size 8 at 0x60300000ef98 thread T0
    #0 0x4e7efb in main
    #1 0x7f0f4a636f44 in __libc_start_main
    #2 0x4c9fbc in _start

==148386== Invalid read of size 8
==148386==    at 0x405F88: main (ar.c:792)
==148386==  Address 0x5401838 is 0 bytes after a block of size 24 alloc'd
==148386==    at 0x4C2AB80: malloc (in
==148386==    by 0x50F27E: xmalloc (xmalloc.c:147)
==148386==    by 0x4056FA: decode_options (ar.c:451)
==148386==    by 0x405D73: main (ar.c:731)
==148386== Syscall param stat(file_name) points to unaddressable byte(s)
==148386==    at 0x5126045: _xstat (xstat.c:35)
==148386==    by 0x40619D: open_inarch (ar.c:872)
==148386==    by 0x405FD5: main (ar.c:797)
==148386==  Address 0x0 is not stack'd, malloc'd or (recently) free'd

You are receiving this mail because:
You are on the CC list for the bug.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]