[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Bug binutils/28540] New: Buffer Overflow on Dwarf.c
From: |
petryx78 at gmail dot com |
Subject: |
[Bug binutils/28540] New: Buffer Overflow on Dwarf.c |
Date: |
Wed, 03 Nov 2021 22:46:27 +0000 |
https://sourceware.org/bugzilla/show_bug.cgi?id=28540
Bug ID: 28540
Summary: Buffer Overflow on Dwarf.c
Product: binutils
Version: 2.37
Status: UNCONFIRMED
Severity: critical
Priority: P2
Component: binutils
Assignee: unassigned at sourceware dot org
Reporter: petryx78 at gmail dot com
Target Milestone: ---
Created attachment 13755
--> https://sourceware.org/bugzilla/attachment.cgi?id=13755&action=edit
Crash File
Hi binutils Team,
I was recently doing security tests with AFL-Fuzz, and I ended up discovering a
buffer overflow in the binutils-2.37 package, more specifically in the objdump
binary.
I already requested a CVE ID, but have not received it yet.
Reproduce:
$ binutils-2.37/binutils/objdump -D -T -x crash_2.37
[1] 8585 segmentation fault (core dumped) binutils-2.37/binutils/objdump -D
-T -x crash_2.37
Backtrace
#0 0x0000000000000000 in ?? ()
#1 0x000000000044c263 in parse_gnu_debuglink (section=section@entry=0xf65ac0
<debug_displays+4160>, data=data@entry=0x7fffffffdef0) at dwarf.c:10874
#2 0x00000000004517fa in load_separate_debug_info
(main_filename=main_filename@entry=0x62100001cd10 "crash_2.37",
xlink=xlink@entry=0xf65ac0 <debug_displays+4160>,
parse_func=parse_func@entry=0x44c130 <parse_gnu_debuglink>,
check_func=check_func@entry=0x44c4f0 <check_gnu_debuglink>,
func_data=func_data@entry=0x7fffffffdef0, file=0x61200000bec0) at dwarf.c:11022
#3 0x0000000000452654 in check_for_and_load_links
(file=file@entry=0x61200000bec0, filename=filename@entry=0x62100001cd10
"crash_2.37") at dwarf.c:11346
#4 0x00000000004c84d3 in load_separate_debug_files
(file=file@entry=0x61200000bec0, filename=0x62100001cd10 "crash_2.37") at
dwarf.c:11462
#5 0x0000000000430a0d in dump_bfd (abfd=abfd@entry=0x61200000bec0,
is_mainfile=is_mainfile@entry=0x1) at ./objdump.c:4874
#6 0x000000000043361d in display_object_bfd (abfd=0x61200000bec0) at
./objdump.c:5060
#7 display_any_bfd (file=file@entry=0x61200000bec0, level=level@entry=0x0) at
./objdump.c:5150
#8 0x0000000000411c24 in display_file (last_file=0x1, target=<optimized out>,
filename=0x7fffffffe727 "crash_2.37") at ./objdump.c:5171
#9 main (argc=0x5, argv=0x7fffffffe488) at ./objdump.c:5521
--
You are receiving this mail because:
You are on the CC list for the bug.
- [Bug binutils/28540] New: Buffer Overflow on Dwarf.c,
petryx78 at gmail dot com <=