Summary: | Segment fault on objdump -S | ||
---|---|---|---|
Product: | binutils | Reporter: | Shaohua Li <shaohua.li> |
Component: | binutils | Assignee: | Nick Clifton <nickc> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | nickc |
Priority: | P2 | ||
Version: | 2.37 | ||
Target Milestone: | --- | ||
Host: | Target: | ||
Build: | Last reconfirmed: | 2021-07-02 00:00:00 | |
Attachments: | poc |
under investigation.... The master branch has been updated by Nick Clifton <nickc@sourceware.org>: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=49910fd88dcd2ec3d0d9e56120ceb56a6a64b7b8 commit 49910fd88dcd2ec3d0d9e56120ceb56a6a64b7b8 Author: Nick Clifton <nickc@redhat.com> Date: Fri Jul 2 14:56:36 2021 +0100 Fix an illegal memory access triggered by an attempt to parse a corrupt input file. PR 28046 * dwarf2.c (read_ranges): Check that range_ptr does not exceed range_end. Hi Shaohua, Thanks for reporting this bug. I have checked in a small patch to fix it. Cheers Nick |
Created attachment 13524 [details] poc Hi there, I crashed `objdump -S` with a fuzzer. - Compiler: clang12 - Platform: Ubuntu 18.04.5 LTS, x86_64 - Reproduce: run `objdump -S poc` AddressSanitizer output: ================================================================= ==56007==ERROR: AddressSanitizer: SEGV on unknown address 0x604000f8010f (pc 0x00000093caef bp 0x7ffef046fe90 sp 0x7ffef046fd30 T0) ==56007==The signal is caused by a READ memory access. #0 0x93caef in bfd_getl32 /objdump/repo/bfd/libbfd.c:727:23 #1 0xa8e42d in read_ranges /objdump/repo/bfd/./dwarf2.c:3110:16 #2 0xa8e42d in read_rangelist /objdump/repo/bfd/./dwarf2.c:3213:12 #3 0xa851c7 in parse_comp_unit /objdump/repo/bfd/./dwarf2.c:3802:9 #4 0xa851c7 in stash_comp_unit /objdump/repo/bfd/./dwarf2.c:4832:32 #5 0xa80186 in _bfd_dwarf2_find_nearest_line /objdump/repo/bfd/./dwarf2.c:5139:18 #6 0x9df408 in _bfd_elf_find_nearest_line /objdump/repo/bfd/elf.c:9199:7 #7 0x4dabf7 in show_line /objdump/repo/binutils/./objdump.c:1784:9 #8 0x4dabf7 in disassemble_bytes /objdump/repo/binutils/./objdump.c:2770:6 #9 0x4dabf7 in disassemble_section /objdump/repo/binutils/./objdump.c:3455:4 #10 0x9465eb in bfd_map_over_sections /objdump/repo/bfd/section.c:1383:5 #11 0x4ce8a3 in disassemble_data /objdump/repo/binutils/./objdump.c:3599:3 #12 0x4ce8a3 in dump_bfd /objdump/repo/binutils/./objdump.c:4998:5 #13 0x4cb567 in display_object_bfd /objdump/repo/binutils/./objdump.c #14 0x4cb567 in display_any_bfd /objdump/repo/binutils/./objdump.c:5150:5 #15 0x4ca1c6 in display_file /objdump/repo/binutils/./objdump.c:5171:3 #16 0x4ca1c6 in main /objdump/repo/binutils/./objdump.c:5521:6 #17 0x7f41b5ad2bf6 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21bf6) #18 0x41c4d9 in _start (/out_bin/objdump+0x41c4d9) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV /objdump/repo/bfd/libbfd.c:727:23 in bfd_getl32 ==56007==ABORTING