[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Bug binutils/28422] New: use-after-free in objdump at get_build_id (./b
|
From: |
irfanariq at kaist dot ac.kr |
|
Subject: |
[Bug binutils/28422] New: use-after-free in objdump at get_build_id (./bfd/opncls.c:1864) |
|
Date: |
Tue, 05 Oct 2021 17:44:42 +0000 |
https://sourceware.org/bugzilla/show_bug.cgi?id=28422
Bug ID: 28422
Summary: use-after-free in objdump at get_build_id
(./bfd/opncls.c:1864)
Product: binutils
Version: unspecified
Status: UNCONFIRMED
Severity: normal
Priority: P2
Component: binutils
Assignee: unassigned at sourceware dot org
Reporter: irfanariq at kaist dot ac.kr
Target Milestone: ---
Created attachment 13705
--> https://sourceware.org/bugzilla/attachment.cgi?id=13705&action=edit
poc and full stack trace
Hello,
We are currently working on fuzz testing feature, and we found a
**use-after-free** on `objdump`.
The stack traces are as follow:
```st
==4270==ERROR: AddressSanitizer: heap-use-after-free on address 0x62100000b910
at pc 0x55636bb42284 bp 0x7ffd4bf612d0 sp 0x7ffd4bf612c0
READ of size 8 at 0x62100000b910 thread T0
#0 0x55636bb42283 in get_build_id .../binutils-git/bfd/opncls.c:1864
#1 0x55636bb4285f in get_build_id_name .../binutils-git/bfd/opncls.c:1972
#2 0x55636bb413b6 in find_separate_debug_file
.../binutils-git/bfd/opncls.c:1463
#3 0x55636bb42cd1 in bfd_follow_build_id_debuglink
.../binutils-git/bfd/opncls.c:2087
#4 0x55636bc8b15d in _bfd_dwarf2_slurp_debug_info dwarf2.c:4684
#5 0x55636bc8c722 in _bfd_dwarf2_find_nearest_line dwarf2.c:4985
#6 0x55636bf1fbec in _bfd_mips_elf_find_nearest_line
.../binutils-git/bfd/elfxx-mips.c:13061
#7 0x55636b6705fa in show_line objdump.c:1784
#8 0x55636b675478 in disassemble_bytes objdump.c:2770
#9 0x55636b679342 in disassemble_section objdump.c:3455
#10 0x55636bb443c0 in bfd_map_over_sections
.../binutils-git/bfd/section.c:1383
```
The full stack trace is attached.
**Step to reproduce**
We configured `objdump` using `CFLAGS="-g -O0 -fsanitize=address" ./configure
--prefix=$(pwd)/ --disable-shared --enable-targets=all` and build it using
`make -j 10`, and run it with:
```
.../binutils-git/install_asan/bin/objdump -S <attached file>
```
The input file is attached.
**Environment**
- OS: Ubuntu 18.04.5 LTS
- GCC version: gcc 7.5.0
- binutils version: commit (98ca73a) of master branch on sourceware git
([link](https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=98ca73afe51e1e921915c37f242c88d4d445841c))
Thank you.
--
You are receiving this mail because:
You are on the CC list for the bug.
- [Bug binutils/28422] New: use-after-free in objdump at get_build_id (./bfd/opncls.c:1864),
irfanariq at kaist dot ac.kr <=
- [Bug binutils/28422] use-after-free in objdump at get_build_id (./bfd/opncls.c:1864), amodra at gmail dot com, 2021/10/06
- [Bug binutils/28422] use-after-free in objdump at get_build_id (./bfd/opncls.c:1864), cvs-commit at gcc dot gnu.org, 2021/10/06
- [Bug binutils/28422] use-after-free in objdump at get_build_id (./bfd/opncls.c:1864), cvs-commit at gcc dot gnu.org, 2021/10/07
- [Bug binutils/28422] use-after-free in objdump at get_build_id (./bfd/opncls.c:1864), cvs-commit at gcc dot gnu.org, 2021/10/07
- [Bug binutils/28422] use-after-free in objdump at get_build_id (./bfd/opncls.c:1864), amodra at gmail dot com, 2021/10/07