[Bug binutils/28403] New: segv in objdump at disassemble

bug-binutils

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Bug binutils/28403] New: segv in objdump at disassemble_bytes (objdump.

From:	irfanariq at kaist dot ac.kr
Subject:	[Bug binutils/28403] New: segv in objdump at disassemble_bytes (objdump.c:3055)
Date:	Thu, 30 Sep 2021 20:34:40 +0000

https://sourceware.org/bugzilla/show_bug.cgi?id=28403

            Bug ID: 28403
           Summary: segv in objdump at disassemble_bytes (objdump.c:3055)
           Product: binutils
           Version: unspecified
            Status: UNCONFIRMED
          Severity: normal
          Priority: P2
         Component: binutils
          Assignee: unassigned at sourceware dot org
          Reporter: irfanariq at kaist dot ac.kr
  Target Milestone: ---

Created attachment 13690
  --> https://sourceware.org/bugzilla/attachment.cgi?id=13690&action=edit
poc and full stack trace

Hello,

We are currently working on fuzz testing feature, and we found a **SEGV** on
`objudmp`.

The stack traces are as follow:
```
==29560==ERROR: AddressSanitizer: SEGV on unknown address 0x00000000000d (pc
0x7fc403774e22 bp 0x7ffdb4b14de0 sp 0x7ffdb4b144f8 T0)
==29560==The signal is caused by a READ memory access.
==29560==Hint: address points to the zero page.
    #0 0x7fc403774e21  (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xfce21)
    #1 0x7fc4036ec31f  (/usr/lib/x86_64-linux-gnu/libasan.so.4+0x7431f)
    #2 0x7fc4036ecdad in vprintf
(/usr/lib/x86_64-linux-gnu/libasan.so.4+0x74dad)
    #3 0x7fc4036ece9e in __interceptor_printf
(/usr/lib/x86_64-linux-gnu/libasan.so.4+0x74e9e)
    #4 0x55a8f375de5f in disassemble_bytes objdump.c:3055
    #5 0x55a8f3760342 in disassemble_section objdump.c:3455
    #6 0x55a8f3c2b3c0 in bfd_map_over_sections
.../binutils-git/bfd/section.c:1383
    #7 0x55a8f3761293 in disassemble_data objdump.c:3599
    #8 0x55a8f37686cc in dump_bfd objdump.c:5006
    #9 0x55a8f3768994 in display_object_bfd objdump.c:5068
    #10 0x55a8f3768d2f in display_any_bfd objdump.c:5158
    #11 0x55a8f3768cd9 in display_any_bfd objdump.c:5139
    #12 0x55a8f3768da6 in display_file objdump.c:5179
    #13 0x55a8f376a15a in main objdump.c:5529
```
Here is the full stack trace : [link]()

**Step to reproduce**

We configured `objudmp` using 

`CFLAGS="-g -O0 -fsanitize=address" ./configure --prefix=$(pwd)/
--disable-shared --enable-targets=all` 

and build it using `make -j 10`, and run it with:

```
./objdump data16 -marm i8086 64 -Ttext --headers <attached file> ppcps
--debugging --wide --demangle 440 --dwarf --file-offsets --line-numbers
--disassemble nm -d -Wa
```

The input file is attached.

**Environment**
- OS: Ubuntu 18.04.5 LTS
- GCC version: gcc 7.5.0
- binutils version: commit (98ca73a) of master branch on sourceware git
([link](https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=98ca73afe51e1e921915c37f242c88d4d445841c))

Thank you.

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Prev in Thread]

Current Thread

[Next in Thread]

[Bug binutils/28403] New: segv in objdump at disassemble_bytes (objdump.c:3055), irfanariq at kaist dot ac.kr <=

Prev by Date: [Bug binutils/28402] New: fail to allocate error in objdump at objalloc.c:143
Previous by thread: [Bug binutils/28402] New: fail to allocate error in objdump at objalloc.c:143
Index(es):
- Date
- Thread