[Bug binutils/27792] New: [nm] heap buffer overflow found in bfd/som.c:4

bug-binutils

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Bug binutils/27792] New: [nm] heap buffer overflow found in bfd/som.c:4

From:	dkcjd2000 at gmail dot com
Subject:	[Bug binutils/27792] New: [nm] heap buffer overflow found in bfd/som.c:4805
Date:	Thu, 29 Apr 2021 15:26:46 +0000

https://sourceware.org/bugzilla/show_bug.cgi?id=27792

            Bug ID: 27792
           Summary: [nm] heap buffer overflow found in bfd/som.c:4805
           Product: binutils
           Version: 2.37 (HEAD)
            Status: UNCONFIRMED
          Severity: normal
          Priority: P2
         Component: binutils
          Assignee: unassigned at sourceware dot org
          Reporter: dkcjd2000 at gmail dot com
  Target Milestone: ---

Created attachment 13404
  --> https://sourceware.org/bugzilla/attachment.cgi?id=13404&action=edit
crash test case

Hello,
I report a heap buffer overflow detected by address sanitizer.
I found this test input by a fuzz testing.

The stack traces is as follows:
==8812==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60c00000d694
at pc 0x00000057991d bp 0x7ffffff
fdc60 sp 0x7fffffffd400
READ of size 1 at 0x60c00000d694 thread T0
    #0 0x57991c in strncmp (.../afl++/subjects_friend/nm/nm.san+0x57991c)
    #1 0x6a0682 in startswith .../subjects/binutils-gdb/bfd/./bfd.h:547:10
    #2 0x6a0682 in som_slurp_symbol_table
.../subjects/binutils-gdb/bfd/som.c:4805:16
    #3 0x697b9c in som_get_symtab_upper_bound
.../subjects/binutils-gdb/bfd/som.c:4594:8
    #4 0x63a723 in _bfd_generic_read_minisymbols
.../subjects/binutils-gdb/bfd/syms.c:805:15
    #5 0xe7d8bd in display_rel_file
.../subjects/binutils-gdb/binutils/nm.c:1177:14
    #6 0xe7cdde in display_file .../subjects/binutils-gdb/binutils/nm.c:1446:7
    #7 0xe7bfac in main .../subjects/binutils-gdb/binutils/nm.c:1965:12
    #8 0x7ffff6e22bf6 in __libc_start_main
/build/glibc-S9d2JN/glibc-2.27/csu/../csu/libc-start.c:310
    #9 0x5661a9 in _start (.../afl++/subjects_friend/nm/nm.san+0x5661a9)

You can reproduce the bug by executing
./nm -C <test input>

I tested the subject on the latest version uploaded on git,
build with --disable-shared --disable-gdb --disable-libdecnumber --disable-ld
--enable-targets=all
configure options.

Thanks

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Prev in Thread]

Current Thread

[Next in Thread]

[Bug binutils/27792] New: [nm] heap buffer overflow found in bfd/som.c:4805, dkcjd2000 at gmail dot com <=
- [Bug binutils/27792] [nm] heap buffer overflow found in bfd/som.c:4805, nickc at redhat dot com, 2021/04/29
- [Bug binutils/27792] [nm] heap buffer overflow found in bfd/som.c:4805, cvs-commit at gcc dot gnu.org, 2021/04/29
- [Bug binutils/27792] [nm] heap buffer overflow found in bfd/som.c:4805, nickc at redhat dot com, 2021/04/29

Prev by Date: [Bug binutils/27594] build processes broken by changed space handling
Next by Date: [Bug binutils/27793] New: [nm] segv in bfd.h:1233
Previous by thread: [Bug binutils/27594] build processes broken by changed space handling
Next by thread: [Bug binutils/27792] [nm] heap buffer overflow found in bfd/som.c:4805
Index(es):
- Date
- Thread