[Bug binutils/28415] New: stack-buffer-overflow in objdump at disassembl

bug-binutils

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Bug binutils/28415] New: stack-buffer-overflow in objdump at disassembl

From:	irfanariq at kaist dot ac.kr
Subject:	[Bug binutils/28415] New: stack-buffer-overflow in objdump at disassemble_bytes (objdump.c:2905)
Date:	Mon, 04 Oct 2021 15:08:33 +0000

https://sourceware.org/bugzilla/show_bug.cgi?id=28415

            Bug ID: 28415
           Summary: stack-buffer-overflow in objdump at disassemble_bytes
                    (objdump.c:2905)
           Product: binutils
           Version: unspecified
            Status: UNCONFIRMED
          Severity: normal
          Priority: P2
         Component: binutils
          Assignee: unassigned at sourceware dot org
          Reporter: irfanariq at kaist dot ac.kr
  Target Milestone: ---

Created attachment 13697
  --> https://sourceware.org/bugzilla/attachment.cgi?id=13697&action=edit
poc and full stack trace

Hello,

We are currently working on fuzz testing feature, and we found a
**stack-buffer-overflow** error on `objdump`.

The stack traces are as follow:
```
==30107==ERROR: AddressSanitizer: stack-buffer-overflow on address
0x7ffc4a702a32 at pc 0x563009ade296 bp 0x7ffc4a702830 sp 0x7ffc4a702820
WRITE of size 1 at 0x7ffc4a702a32 thread T0
    #0 0x563009ade295 in disassemble_bytes objdump.c:2905
    #1 0x563009ae1342 in disassemble_section objdump.c:3455
    #2 0x563009fac3c0 in bfd_map_over_sections
.../binutils-git/bfd/section.c:1383
    #3 0x563009ae2293 in disassemble_data objdump.c:3599
    #4 0x563009ae96cc in dump_bfd objdump.c:5006
    #5 0x563009ae9994 in display_object_bfd objdump.c:5068
    #6 0x563009ae9d2f in display_any_bfd objdump.c:5158
    #7 0x563009ae9da6 in display_file objdump.c:5179
    #8 0x563009aeb15a in main objdump.c:5529
```
The full stack trace is attached.

**Step to reproduce**

We configured `objdump` using 

`CFLAGS="-g -O0 -fsanitize=address" ./configure --prefix=$(pwd)/
--disable-shared --enable-targets=all`

and build it using `make -j 10`, and run it with:

```
./objdump --source addr16 -z booke -t ppcps -Wf intel-mnemonic suffix <attached
file> -Ttext -x
```
The input file is attached.

**Environment**
- OS: Ubuntu 18.04.5 LTS
- GCC version: gcc 7.5.0
- binutils version: commit (98ca73a) of master branch on sourceware git
([link](https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=98ca73afe51e1e921915c37f242c88d4d445841c))

Thank you.

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Prev in Thread]

Current Thread

[Next in Thread]

[Bug binutils/28415] New: stack-buffer-overflow in objdump at disassemble_bytes (objdump.c:2905), irfanariq at kaist dot ac.kr <=
- [Bug binutils/28415] stack-buffer-overflow in objdump at disassemble_bytes (objdump.c:2905), guillermo.e.martinez at oracle dot com, 2021/10/06
- [Bug binutils/28415] stack-buffer-overflow in objdump at disassemble_bytes (objdump.c:2905), amodra at gmail dot com, 2021/10/07
- [Bug binutils/28415] stack-buffer-overflow in objdump at disassemble_bytes (objdump.c:2905), cvs-commit at gcc dot gnu.org, 2021/10/08
- [Bug binutils/28415] stack-buffer-overflow in objdump at disassemble_bytes (objdump.c:2905), amodra at gmail dot com, 2021/10/08

Prev by Date: [Bug binutils/28414] New: SEGV in objdump at bfd/reloc.c:8423
Next by Date: [Bug binutils/28416] New: SEGV in objdump at bfd_getl32 (bfd/libbfd.c:727)
Previous by thread: [Bug binutils/28414] New: SEGV in objdump at bfd/reloc.c:8423
Next by thread: [Bug binutils/28415] stack-buffer-overflow in objdump at disassemble_bytes (objdump.c:2905)
Index(es):
- Date
- Thread