[Bug binutils/24374] New: segement fault in bfd

bug-binutils

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Bug binutils/24374] New: segement fault in bfd_getl32 in libbfd.c

From:	92wyunchao at gmail dot com
Subject:	[Bug binutils/24374] New: segement fault in bfd_getl32 in libbfd.c
Date:	Fri, 22 Mar 2019 02:38:08 +0000

https://sourceware.org/bugzilla/show_bug.cgi?id=24374

            Bug ID: 24374
           Summary: segement fault in bfd_getl32 in libbfd.c
           Product: binutils
           Version: 2.32
            Status: UNCONFIRMED
          Severity: normal
          Priority: P2
         Component: binutils
          Assignee: unassigned at sourceware dot org
          Reporter: 92wyunchao at gmail dot com
  Target Milestone: ---

Created attachment 11693
  --> https://sourceware.org/bugzilla/attachment.cgi?id=11693&action=edit
poc to reproduce the crash

There exists one segemnt fault issue in  in bfd_getl32 in libbfd.c in binutils
2.32(http://ftp.gnu.org/gnu/binutils/), which could allows attacker to cause a
denial-of-service through a crafted pe file.

$ objdump -x poc

ASAN:SIGSEGV
=================================================================
==6538==ERROR: AddressSanitizer: SEGV on unknown address 0x1b344803 (pc
0x0841cc9b sp 0xbfe94940 bp 0x1696074c T0)
    #0 0x841cc9a in bfd_getl32 /home/rookie/asan/binutils-2.32/bfd/libbfd.c:695
    #1 0x886208b in rsrc_print_resource_directory
/home/rookie/asan/binutils-2.32/bfd/peigen.c:2478
    #2 0x8864036 in rsrc_print_resource_entries
/home/rookie/asan/binutils-2.32/bfd/peigen.c:2415
    #3 0x8862536 in rsrc_print_resource_directory
/home/rookie/asan/binutils-2.32/bfd/peigen.c:2502
    #4 0x883fed6 in rsrc_print_section
/home/rookie/asan/binutils-2.32/bfd/peigen.c:2563
    #5 0x883fed6 in _bfd_pe_print_private_bfd_data_common
/home/rookie/asan/binutils-2.32/bfd/peigen.c:2917
    #6 0x8802e1f in pe_print_private_bfd_data
/home/rookie/asan/binutils-2.32/bfd/./peicode.h:336
    #7 0x80e52a5 in dump_bfd_private_header
/home/rookie/asan/binutils-2.32/binutils/./objdump.c:3181
    #8 0x80e52a5 in dump_bfd
/home/rookie/asan/binutils-2.32/binutils/./objdump.c:3782
    #9 0x80e192b in display_object_bfd
/home/rookie/asan/binutils-2.32/binutils/./objdump.c:3883
    #10 0x80e192b in display_any_bfd
/home/rookie/asan/binutils-2.32/binutils/./objdump.c:3973
    #11 0x80de550 in display_file
/home/rookie/asan/binutils-2.32/binutils/./objdump.c:3994
    #12 0x80de550 in main
/home/rookie/asan/binutils-2.32/binutils/./objdump.c:4304
    #13 0xb755eaf2 (/lib/i386-linux-gnu/libc.so.6+0x19af2)
    #14 0x80d6574 in _start
(/home/rookie/asan/binutils-2.32/build/bin/objdump+0x80d6574)

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Prev in Thread]

Current Thread

[Next in Thread]

[Bug binutils/24374] New: segement fault in bfd_getl32 in libbfd.c, 92wyunchao at gmail dot com <=
- [Bug binutils/24374] segement fault in bfd_getl32 in libbfd.c, nickc at redhat dot com, 2019/03/26

Prev by Date: [Bug binutils/24365] Crash due to RISC-V relocation
Next by Date: [Bug gold/24290] LTO with gold: "undefined reference to __cpu_model"
Previous by thread: [Bug ld/24373] New: Arm Cortex-A53 Errata 843419 workaround inserts 4K stub even when unnecessary
Next by thread: [Bug binutils/24374] segement fault in bfd_getl32 in libbfd.c
Index(es):
- Date
- Thread