[Bug binutils/21618] New: heap-buffer-overflow in bfd

bug-binutils

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Bug binutils/21618] New: heap-buffer-overflow in bfd_getl32

From:	aadamski at quarkslab dot com
Subject:	[Bug binutils/21618] New: heap-buffer-overflow in bfd_getl32
Date:	Sun, 18 Jun 2017 10:37:26 +0000

https://sourceware.org/bugzilla/show_bug.cgi?id=21618

            Bug ID: 21618
           Summary: heap-buffer-overflow in bfd_getl32
           Product: binutils
           Version: 2.29 (HEAD)
            Status: UNCONFIRMED
          Severity: normal
          Priority: P2
         Component: binutils
          Assignee: unassigned at sourceware dot org
          Reporter: aadamski at quarkslab dot com
  Target Milestone: ---

Hello there,

I have been fuzzing objdump with American Fuzzy Lop + ASAN/UBSAN.

Please find attached the minimized file causing the issue ("Input") and the
ASAN report log ("Output"). Below is the reduced stacktrace with links to the
corresponding source lines on a GitHub mirror.

The configuration settings used were `--enable-targets=all --disable-shared`.
The compilation flags used were `-g -O2 -fno-omit-frame-pointer
-fsanitize=address -fno-sanitize-recover=all`. The command used was `objdump
-afpxDSsgetTrR <file>`.

Let me know if there is any additional information I can provide.

--

Input: c6f371402ab3326e29cccbbf1c255de2.2a5be83b2308abbdf71a08a2304025f9.min
Output: c6f371402ab3326e29cccbbf1c255de2.2a5be83b2308abbdf71a08a2304025f9.txt

Error in "bfd_getl32": heap-buffer-overflow
  in bfd_getl32 at bfd/libbfd.c:560
    (see
https://github.com/bminor/binutils-gdb/blob/291e62953900e0f4998224127bc56239e421cda9/bfd/libbfd.c#L560)
  in evax_bfd_print_eeom at bfd/vms-alpha.c:5683
    (see
https://github.com/bminor/binutils-gdb/blob/291e62953900e0f4998224127bc56239e421cda9/bfd/vms-alpha.c#L5683)
  in evax_bfd_print_eobj at bfd/vms-alpha.c:6367
    (see
https://github.com/bminor/binutils-gdb/blob/291e62953900e0f4998224127bc56239e421cda9/bfd/vms-alpha.c#L6367)
  in vms_bfd_print_private_bfd_data at bfd/vms-alpha.c:7952
    (see
https://github.com/bminor/binutils-gdb/blob/291e62953900e0f4998224127bc56239e421cda9/bfd/vms-alpha.c#L7952)
  in dump_bfd_private_header at binutils/objdump.c:2924
    (see
https://github.com/bminor/binutils-gdb/blob/291e62953900e0f4998224127bc56239e421cda9/binutils/objdump.c#L2924)
  in dump_bfd at binutils/objdump.c:3508
    (see
https://github.com/bminor/binutils-gdb/blob/291e62953900e0f4998224127bc56239e421cda9/binutils/objdump.c#L3508)
  in display_file at binutils/objdump.c:3717
    (see
https://github.com/bminor/binutils-gdb/blob/291e62953900e0f4998224127bc56239e421cda9/binutils/objdump.c#L3717)
  in main at binutils/objdump.c:4019
    (see
https://github.com/bminor/binutils-gdb/blob/291e62953900e0f4998224127bc56239e421cda9/binutils/objdump.c#L4019)

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Prev in Thread]

Current Thread

[Next in Thread]

[Bug binutils/21618] New: heap-buffer-overflow in bfd_getl32, aadamski at quarkslab dot com <=
- [Bug binutils/21618] heap-buffer-overflow in bfd_getl32, aadamski at quarkslab dot com, 2017/06/18
- [Bug binutils/21618] heap-buffer-overflow in bfd_getl32, aadamski at quarkslab dot com, 2017/06/18
- [Bug binutils/21618] heap-buffer-overflow in bfd_getl32, cvs-commit at gcc dot gnu.org, 2017/06/19
- [Bug binutils/21618] heap-buffer-overflow in bfd_getl32, nickc at redhat dot com, 2017/06/19

Prev by Date: [Bug binutils/21617] heap-buffer-overflow in add_symbol
Next by Date: [Bug binutils/21618] heap-buffer-overflow in bfd_getl32
Previous by thread: [Bug binutils/21617] New: heap-buffer-overflow in add_symbol
Next by thread: [Bug binutils/21618] heap-buffer-overflow in bfd_getl32
Index(es):
- Date
- Thread