[Bug binutils/24922] New: An out-of-bounds read in pex64_xdata_print

bug-binutils

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Bug binutils/24922] New: An out-of-bounds read in pex64_xdata_print_uwd

From:	mgcho.minic at gmail dot com
Subject:	[Bug binutils/24922] New: An out-of-bounds read in pex64_xdata_print_uwd_codes
Date:	Tue, 20 Aug 2019 21:03:55 +0000

https://sourceware.org/bugzilla/show_bug.cgi?id=24922

            Bug ID: 24922
           Summary: An out-of-bounds read in pex64_xdata_print_uwd_codes
           Product: binutils
           Version: 2.33 (HEAD)
            Status: UNCONFIRMED
          Severity: normal
          Priority: P2
         Component: binutils
          Assignee: unassigned at sourceware dot org
          Reporter: mgcho.minic at gmail dot com
  Target Milestone: ---

Created attachment 11956
  --> https://sourceware.org/bugzilla/attachment.cgi?id=11956&action=edit
Poc to trigger bug

Triggered by "./objdump -x $POC"
Tested on Ubuntu 16.04

An out-of-bounds read occurred when processing malformed input.

configuration: 

CC=clang-5.0 CFLAGS="-m32 -Wextra -Wno-missing-field-initializers
-fsanitize=address -fno-omit-frame-pointer -g" CXX=clang++-5.0 CXXFLAGS="-m32"
./configure --disable-gdb --disable-gold --disable-gas --disable-gprof


ASAN output:

==108913==ERROR: AddressSanitizer: heap-buffer-overflow on address 0xf2a028af
at pc 0x0832aa07 bp 0xffd22f58 sp 0xffd22f4c
READ of size 1 at 0xf2a028af thread T0
    #0 0x832aa06 in bfd_getl32 /home/seclab/binutils-gdb/bfd/libbfd.c:698:24
    #1 0x873c1a5 in pex64_xdata_print_uwd_codes
/home/seclab/binutils-gdb/bfd/pei-x86_64.c:244:14
    #2 0x8738e6e in pex64_dump_xdata
/home/seclab/binutils-gdb/bfd/pei-x86_64.c:441:5
    #3 0x872ad92 in pex64_bfd_print_pdata_section
/home/seclab/binutils-gdb/bfd/pei-x86_64.c:757:8
    #4 0x8726c5e in pex64_bfd_print_pdata
/home/seclab/binutils-gdb/bfd/pei-x86_64.c:793:12
    #5 0x877ba9d in _bfd_pex64_print_private_bfd_data_common
/home/seclab/binutils-gdb/bfd/pex64igen.c:2917:5
    #6 0x873595a in pe_print_private_bfd_data
/home/seclab/binutils-gdb/bfd/./peicode.h:336:8
    #7 0x8174bd4 in dump_bfd_private_header
/home/seclab/binutils-gdb/binutils/./objdump.c:3352:8
    #8 0x817312f in dump_bfd
/home/seclab/binutils-gdb/binutils/./objdump.c:3992:5
    #9 0x8171f56 in display_object_bfd
/home/seclab/binutils-gdb/binutils/./objdump.c:4132:7
    #10 0x8171e54 in display_any_bfd
/home/seclab/binutils-gdb/binutils/./objdump.c:4222:5
    #11 0x81714a0 in display_file
/home/seclab/binutils-gdb/binutils/./objdump.c:4243:3
    #12 0x8170bed in main /home/seclab/binutils-gdb/binutils/./objdump.c:4561:6
    #13 0xf74bf636 in __libc_start_main
/build/glibc-GoSbp4/glibc-2.23/csu/../csu/libc-start.c:291
    #14 0x806e677 in _start
(/home/seclab/fuzzing-experiment/fuzzing/program/x86/binutils-triage-clang/master/bin/objdump+0x806e677)

Credits:

Mingi Cho, Seoyoung Kim, and Taekyoung Kwon of the Information Security Lab,
Yonsei University.

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Prev in Thread]

Current Thread

[Next in Thread]

[Bug binutils/24922] New: An out-of-bounds read in pex64_xdata_print_uwd_codes, mgcho.minic at gmail dot com <=
- [Bug binutils/24922] An out-of-bounds read in pex64_xdata_print_uwd_codes, cvs-commit at gcc dot gnu.org, 2019/08/22
- [Bug binutils/24922] An out-of-bounds read in pex64_xdata_print_uwd_codes, nickc at redhat dot com, 2019/08/22

Prev by Date: [Bug binutils/24921] New: A floating point exception in process_cu_tu_index
Next by Date: [Bug binutils/24829] readelf: multi interger overflow in readelf.c and dwarf.c
Previous by thread: [Bug binutils/24921] New: A floating point exception in process_cu_tu_index
Next by thread: [Bug binutils/24922] An out-of-bounds read in pex64_xdata_print_uwd_codes
Index(es):
- Date
- Thread