[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Bug binutils/27792] New: [nm] heap buffer overflow found in bfd/som.c:4
From: |
dkcjd2000 at gmail dot com |
Subject: |
[Bug binutils/27792] New: [nm] heap buffer overflow found in bfd/som.c:4805 |
Date: |
Thu, 29 Apr 2021 15:26:46 +0000 |
https://sourceware.org/bugzilla/show_bug.cgi?id=27792
Bug ID: 27792
Summary: [nm] heap buffer overflow found in bfd/som.c:4805
Product: binutils
Version: 2.37 (HEAD)
Status: UNCONFIRMED
Severity: normal
Priority: P2
Component: binutils
Assignee: unassigned at sourceware dot org
Reporter: dkcjd2000 at gmail dot com
Target Milestone: ---
Created attachment 13404
--> https://sourceware.org/bugzilla/attachment.cgi?id=13404&action=edit
crash test case
Hello,
I report a heap buffer overflow detected by address sanitizer.
I found this test input by a fuzz testing.
The stack traces is as follows:
==8812==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60c00000d694
at pc 0x00000057991d bp 0x7ffffff
fdc60 sp 0x7fffffffd400
READ of size 1 at 0x60c00000d694 thread T0
#0 0x57991c in strncmp (.../afl++/subjects_friend/nm/nm.san+0x57991c)
#1 0x6a0682 in startswith .../subjects/binutils-gdb/bfd/./bfd.h:547:10
#2 0x6a0682 in som_slurp_symbol_table
.../subjects/binutils-gdb/bfd/som.c:4805:16
#3 0x697b9c in som_get_symtab_upper_bound
.../subjects/binutils-gdb/bfd/som.c:4594:8
#4 0x63a723 in _bfd_generic_read_minisymbols
.../subjects/binutils-gdb/bfd/syms.c:805:15
#5 0xe7d8bd in display_rel_file
.../subjects/binutils-gdb/binutils/nm.c:1177:14
#6 0xe7cdde in display_file .../subjects/binutils-gdb/binutils/nm.c:1446:7
#7 0xe7bfac in main .../subjects/binutils-gdb/binutils/nm.c:1965:12
#8 0x7ffff6e22bf6 in __libc_start_main
/build/glibc-S9d2JN/glibc-2.27/csu/../csu/libc-start.c:310
#9 0x5661a9 in _start (.../afl++/subjects_friend/nm/nm.san+0x5661a9)
You can reproduce the bug by executing
./nm -C <test input>
I tested the subject on the latest version uploaded on git,
build with --disable-shared --disable-gdb --disable-libdecnumber --disable-ld
--enable-targets=all
configure options.
Thanks
--
You are receiving this mail because:
You are on the CC list for the bug.
- [Bug binutils/27792] New: [nm] heap buffer overflow found in bfd/som.c:4805,
dkcjd2000 at gmail dot com <=