[Bug binutils/23148] New: Heap buffer overflow in pe_print

bug-binutils

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Bug binutils/23148] New: Heap buffer overflow in pe_print_edata

From:	mgcho.minic at gmail dot com
Subject:	[Bug binutils/23148] New: Heap buffer overflow in pe_print_edata
Date:	Mon, 07 May 2018 14:36:28 +0000

https://sourceware.org/bugzilla/show_bug.cgi?id=23148

            Bug ID: 23148
           Summary: Heap buffer overflow in pe_print_edata
           Product: binutils
           Version: 2.31 (HEAD)
            Status: UNCONFIRMED
          Severity: normal
          Priority: P2
         Component: binutils
          Assignee: unassigned at sourceware dot org
          Reporter: mgcho.minic at gmail dot com
  Target Milestone: ---

Created attachment 10999
  --> https://sourceware.org/bugzilla/attachment.cgi?id=10999&action=edit
POC to trigger bug

Triggered by "./objdump -x -W $POC"
Tested on Ubuntu 16.04 (x86)


Heap buffer overread occurred when processing malformed PE file.

The GDB debugging information is as follows:

ASAN output:

==25616==ERROR: AddressSanitizer: heap-buffer-overflow on address 0xb5000a34 at
pc 0x08293f7a bp 0xbf8c66f8 sp 0xbf8c66ec
READ of size 1 at 0xb5000a34 thread T0
    #0 0x8293f79 in bfd_getl32
/home/min/fuzzing/src/binutils/binutils-gdb/bfd/libbfd.c:635:23
    #1 0x8527434 in pe_print_edata
/home/min/fuzzing/src/binutils/binutils-gdb/bfd/peigen.c:1705:22
    #2 0x852359a in _bfd_pe_print_private_bfd_data_common
/home/min/fuzzing/src/binutils/binutils-gdb/bfd/peigen.c:2906:3
    #3 0x84ed8f4 in pe_print_private_bfd_data
/home/min/fuzzing/src/binutils/binutils-gdb/bfd/./peicode.h:336:8
    #4 0x814737f in dump_bfd_private_header
/home/min/fuzzing/src/binutils/binutils-gdb/binutils/./objdump.c:2996:3
    #5 0x8145d10 in dump_bfd
/home/min/fuzzing/src/binutils/binutils-gdb/binutils/./objdump.c:3589:5
    #6 0x8145539 in display_object_bfd
/home/min/fuzzing/src/binutils/binutils-gdb/binutils/./objdump.c:3688:7
    #7 0x8145425 in display_any_bfd
/home/min/fuzzing/src/binutils/binutils-gdb/binutils/./objdump.c:3777:5
    #8 0x8144e8b in display_file
/home/min/fuzzing/src/binutils/binutils-gdb/binutils/./objdump.c:3798:3
    #9 0x814457b in main
/home/min/fuzzing/src/binutils/binutils-gdb/binutils/./objdump.c:4100:6
    #10 0xb74c3636 in __libc_start_main
/build/glibc-mUak1Y/glibc-2.23/csu/../csu/libc-start.c:291
    #11 0x806ca37 in _start
(/home/min/fuzzing/program/binutils-2.30-21432/bin/objdump+0x806ca37)


Credits:

Mingi Cho and Taekyoung Kwon of the Information Security Lab, Yonsei
University.

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Prev in Thread]

Current Thread

[Next in Thread]

[Bug binutils/23148] New: Heap buffer overflow in pe_print_edata, mgcho.minic at gmail dot com <=
- [Bug binutils/23148] Heap buffer overflow in pe_print_edata, cvs-commit at gcc dot gnu.org, 2018/05/09
- [Bug binutils/23148] Heap buffer overflow in pe_print_edata, amodra at gmail dot com, 2018/05/09

Prev by Date: [Bug binutils/23147] New: Heap buffer overflow in pe_print_idata
Next by Date: [Bug binutils/22809] Segmentation fault in bfd_section_from_shdr
Previous by thread: [Bug binutils/23147] New: Heap buffer overflow in pe_print_idata
Next by thread: [Bug binutils/23148] Heap buffer overflow in pe_print_edata
Index(es):
- Date
- Thread