[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Bug binutils/23942] New: Heap overflow bug in bfd_elf32_swap_phdr_in
|
From: |
ds3619 at columbia dot edu |
|
Subject: |
[Bug binutils/23942] New: Heap overflow bug in bfd_elf32_swap_phdr_in |
|
Date: |
Fri, 30 Nov 2018 17:38:15 +0000 |
https://sourceware.org/bugzilla/show_bug.cgi?id=23942
Bug ID: 23942
Summary: Heap overflow bug in bfd_elf32_swap_phdr_in
Product: binutils
Version: 2.30
Status: UNCONFIRMED
Severity: normal
Priority: P2
Component: binutils
Assignee: unassigned at sourceware dot org
Reporter: ds3619 at columbia dot edu
Target Milestone: ---
Created attachment 11423
--> https://sourceware.org/bugzilla/attachment.cgi?id=11423&action=edit
malicious input that trigger the heap overflow
A heap overflow bug in 32bit version nm-new.
=================================================================
==12375==ERROR: AddressSanitizer: heap-buffer-overflow on address 0xf3c038e3 at
pc 0x083308a6 bp 0xffe81b48 sp 0xffe81b3c
WRITE of size 8 at 0xf3c038e3 thread T0
#0 0x83308a5 in bfd_elf32_swap_phdr_in
/home/dongdong/binutils_exp/binutils-2.30/bfd/./elfcode.h:367:20
#1 0x83308a5 in bfd_elf32_object_p
/home/dongdong/binutils_exp/binutils-2.30/bfd/./elfcode.h:792
#2 0x81a4d64 in bfd_check_format_matches
/home/dongdong/binutils_exp/binutils-2.30/bfd/format.c:311:14
#3 0x8182def in display_file
/home/dongdong/binutils_exp/binutils-2.30/binutils/nm.c:1321:12
#4 0x8182140 in main
/home/dongdong/binutils_exp/binutils-2.30/binutils/nm.c:1799:12
#5 0xf758f636 in __libc_start_main (/lib/i386-linux-gnu/libc.so.6+0x18636)
#6 0x806d480 in _start
(/home/dongdong/binutils_exp/binutils-2.30_32/binutils/nm-new+0x806d480)
0xf3c038e3 is located 3 bytes to the right of 4064-byte region
[0xf3c02900,0xf3c038e0)
allocated by thread T0 here:
#0 0x813dfbf in malloc
/local/dongdong/llvm/llvm/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:146
#1 0x85246a9 in objalloc_create
/home/dongdong/binutils_exp/binutils-2.30/libiberty/./objalloc.c:95:23
#2 0x8182140 in main
/home/dongdong/binutils_exp/binutils-2.30/binutils/nm.c:1799:12
#3 0xf758f636 in __libc_start_main (/lib/i386-linux-gnu/libc.so.6+0x18636)
SUMMARY: AddressSanitizer: heap-buffer-overflow
/home/dongdong/binutils_exp/binutils-2.30/bfd/./elfcode.h:367:20 in
bfd_elf32_swap_phdr_in
Shadow bytes around the buggy address:
0x3e7806c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x3e7806d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x3e7806e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x3e7806f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x3e780700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x3e780710: 00 00 00 00 00 00 00 00 00 00 00 00[fa]fa fa fa
0x3e780720: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x3e780730: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x3e780740: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x3e780750: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x3e780760: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
==12375==ABORTING
--
You are receiving this mail because:
You are on the CC list for the bug.
- [Bug binutils/23942] New: Heap overflow bug in bfd_elf32_swap_phdr_in,
ds3619 at columbia dot edu <=