[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Bug binutils/30230] New: objdump: heap-buffer-overflow in get_sym_code_
From: |
youngseok.main at gmail dot com |
Subject: |
[Bug binutils/30230] New: objdump: heap-buffer-overflow in get_sym_code_type |
Date: |
Tue, 14 Mar 2023 07:19:36 +0000 |
https://sourceware.org/bugzilla/show_bug.cgi?id=30230
Bug ID: 30230
Summary: objdump: heap-buffer-overflow in get_sym_code_type
Product: binutils
Version: 2.40
Status: UNCONFIRMED
Severity: normal
Priority: P2
Component: binutils
Assignee: unassigned at sourceware dot org
Reporter: youngseok.main at gmail dot com
Target Milestone: ---
Created attachment 14749
--> https://sourceware.org/bugzilla/attachment.cgi?id=14749&action=edit
poc_file used in command input
We found a heap overflow bug in objdump by fuzzing.
Command to reproduce:
objdump poc_file --archit=arm -S
poc_file is attached.
Sanitizer dump:
==11829==ERROR: AddressSanitizer: heap-buffer-overflow on address
0x60f000000688 at pc 0x5555564399e4 bp 0x7fffffffd2d0 sp 0x7fffffffd2c0
READ of size 1 at 0x60f000000688 thread T0
#0 0x5555564399e3 in get_sym_code_type
/home/youngseok/latest-subjects/binutils-gdb/opcodes/arm-dis.c:12452
#1 0x55555643a3db in mapping_symbol_for_insn
/home/youngseok/latest-subjects/binutils-gdb/opcodes/arm-dis.c:12582
#2 0x55555643b8f6 in print_insn
/home/youngseok/latest-subjects/binutils-gdb/opcodes/arm-dis.c:12771
#3 0x55555643ced5 in print_insn_little_arm
/home/youngseok/latest-subjects/binutils-gdb/opcodes/arm-dis.c:12969
#4 0x5555563567df in disassemble_bytes objdump.c:3433
#5 0x55555635a02e in disassemble_section objdump.c:4050
#6 0x5555568468f1 in bfd_map_over_sections
/home/youngseok/latest-subjects/binutils-gdb/bfd/section.c:1366
#7 0x55555635afff in disassemble_data objdump.c:4199
#8 0x555556362a74 in dump_bfd objdump.c:5683
#9 0x555556362d40 in display_object_bfd objdump.c:5746
#10 0x555556363089 in display_any_bfd objdump.c:5833
#11 0x5555563630ff in display_file objdump.c:5854
#12 0x555556364a8b in main objdump.c:6265
#13 0x7ffff6844c86 in __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x21c86)
#14 0x555556348ad9 in _start
(/home/youngseok/latest-subjects/binutils-gdb/binutils/objdump+0xdf4ad9)
0x60f000000688 is located 4 bytes to the right of 164-byte region
[0x60f0000005e0,0x60f000000684)
allocated by thread T0 here:
#0 0x7ffff6ef6b40 in __interceptor_malloc
(/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdeb40)
#1 0x55555683d539 in bfd_malloc
/home/youngseok/latest-subjects/binutils-gdb/bfd/libbfd.c:289
#2 0x55555683d653 in bfd_zmalloc
/home/youngseok/latest-subjects/binutils-gdb/bfd/libbfd.c:411
#3 0x55555689b480 in _bfd_x86_elf_get_synthetic_symtab
/home/youngseok/latest-subjects/binutils-gdb/bfd/elfxx-x86.c:3577
#4 0x5555569be6cf in elf_i386_get_synthetic_symtab
/home/youngseok/latest-subjects/binutils-gdb/bfd/elf32-i386.c:4404
#5 0x5555563628fa in dump_bfd objdump.c:5654
#6 0x555556362d40 in display_object_bfd objdump.c:5746
#7 0x555556363089 in display_any_bfd objdump.c:5833
#8 0x5555563630ff in display_file objdump.c:5854
#9 0x555556364a8b in main objdump.c:6265
#10 0x7ffff6844c86 in __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x21c86)
*Environment*
- OS: Ubuntu 18.04
- gcc: 7.5.0
- binutils: 2.40.50.20230314
binutils is built it address sanitizer. Here is the build script:
CFLAGS="-fsanitize=address -g -O0" CXXFLAGS="-fsanitize=address -g -O0" \
./configure --enable-targets=all
--
You are receiving this mail because:
You are on the CC list for the bug.
- [Bug binutils/30230] New: objdump: heap-buffer-overflow in get_sym_code_type,
youngseok.main at gmail dot com <=