Summary: | objdump SEGV in display_debug_lines_decoded dwarf.c:5524 | ||
---|---|---|---|
Product: | binutils | Reporter: | 曾思維 <13579and24680> |
Component: | binutils | Assignee: | Alan Modra <amodra> |
Status: | RESOLVED FIXED | ||
Severity: | normal | ||
Priority: | P2 | ||
Version: | 2.39 | ||
Target Milestone: | 2.40 | ||
Host: | Target: | ||
Build: | Last reconfirmed: | 2022-12-11 00:00:00 | |
Attachments: | Generated by my fuzzer and afl-tmin |
The master branch has been updated by Alan Modra <amodra@sourceware.org>: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=f2f58a399cf3f946983398cdfe52d0eaa72bf877 commit f2f58a399cf3f946983398cdfe52d0eaa72bf877 Author: Alan Modra <amodra@gmail.com> Date: Sun Dec 11 14:47:57 2022 +1030 PR29870, objdump SEGV in display_debug_lines_decoded dwarf.c:5524 DWARF5 directory and file table allow more opportunity for fuzzers to break things. There are likely other places in dwarf.c that should be fixed too. PR 29870 * dwarf.c (display_debug_lines_decoded): Handle NULL file_table name entry. Fixed for 2.40 |
Created attachment 14490 [details] Generated by my fuzzer and afl-tmin # version $ ./binutils-gdb/binutils/objdump --version GNU objdump (GNU Binutils) 2.39.50.20221210 Copyright (C) 2022 Free Software Foundation, Inc. This program is free software; you may redistribute it under the terms of the GNU General Public License version 3 or (at your option) any later version. This program has absolutely no warranty. --------------------------------------------------------------------- # make $ git clone git://sourceware.org/git/binutils-gdb.git $ cd binutils-gdb $ ./configure $ make --------------------------------------------------------------------- # crash $ ./binutils-gdb/binutils/objdump -WL poc ./binutils-gdb/binutils/objdump: warning: poc has a section extending past end of file poc: file format elf64-little Contents of the .debug_line section: ./binutils-gdb/binutils/objdump: Warning: Unrecognized form: 0x30 ./binutils-gdb/binutils/objdump: Warning: Unrecognized form: 0x30 ./binutils-gdb/binutils/objdump: Warning: Unrecognized form: 0x30 ./binutils-gdb/binutils/objdump: Warning: Unrecognized form: 0x30 ./binutils-gdb/binutils/objdump: Warning: Unrecognized form: 0x30 ./binutils-gdb/binutils/objdump: Warning: Unrecognized form: 0x30 ./binutils-gdb/binutils/objdump: Warning: Unrecognized form: 0x30 ./binutils-gdb/binutils/objdump: Warning: Unrecognized form: 0x30 ./binutils-gdb/binutils/objdump: Warning: Unrecognized form: 0x30 (null): File name Line number Starting address View Stmt fish: Job 1, './binutils-gdb/binutils/objdump…' terminated by signal SIGSEGV (Address boundary error) --------------------------------------------------------------------- # ASAN report $ ./binutils-gdb_asan_no_fuzz/binutils/objdump -WL poc ./binutils-gdb_asan_no_fuzz/binutils/objdump: warning: poc has a section extending past end of file poc: file format elf64-little Contents of the .debug_line section: ./binutils-gdb_asan_no_fuzz/binutils/objdump: Warning: Unrecognized form: 0x30 ./binutils-gdb_asan_no_fuzz/binutils/objdump: Warning: Unrecognized form: 0x30 ./binutils-gdb_asan_no_fuzz/binutils/objdump: Warning: Unrecognized form: 0x30 ./binutils-gdb_asan_no_fuzz/binutils/objdump: Warning: Unrecognized form: 0x30 ./binutils-gdb_asan_no_fuzz/binutils/objdump: Warning: Unrecognized form: 0x30 ./binutils-gdb_asan_no_fuzz/binutils/objdump: Warning: Unrecognized form: 0x30 ./binutils-gdb_asan_no_fuzz/binutils/objdump: Warning: Unrecognized form: 0x30 ./binutils-gdb_asan_no_fuzz/binutils/objdump: Warning: Unrecognized form: 0x30 ./binutils-gdb_asan_no_fuzz/binutils/objdump: Warning: Unrecognized form: 0x30 (null): File name Line number Starting address View Stmt AddressSanitizer:DEADLYSIGNAL ================================================================= ==2950647==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7fe9cffcc6e5 bp 0x7fffa374a870 sp 0x7fffa3749fe8 T0) ==2950647==The signal is caused by a READ memory access. ==2950647==Hint: address points to the zero page. #0 0x7fe9cffcc6e4 (/lib/x86_64-linux-gnu/libc.so.6+0x1886e4) #1 0x7fe9d00a390b in __interceptor_strlen ../../../../src/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:352 #2 0x555ec916594d in display_debug_lines_decoded dwarf.c:5524 #3 0x555ec9166061 in display_debug_lines dwarf.c:5655 #4 0x555ec913b8c4 in dump_dwarf_section objdump.c:4396 #5 0x555ec928a15d in bfd_map_over_sections /home/a13579/fuzz_binutils-gdb/binutils-gdb_asan_no_fuzz/bfd/section.c:1366 #6 0x555ec913baf3 in dump_dwarf objdump.c:4434 #7 0x555ec9142110 in dump_bfd objdump.c:5636 #8 0x555ec91424e5 in display_object_bfd objdump.c:5715 #9 0x555ec9142816 in display_any_bfd objdump.c:5801 #10 0x555ec9142890 in display_file objdump.c:5822 #11 0x555ec91441b9 in main objdump.c:6230 #12 0x7fe9cfe68082 in __libc_start_main ../csu/libc-start.c:308 #13 0x555ec912839d in _start (/home/a13579/fuzz_binutils-gdb/binutils-gdb_asan_no_fuzz/binutils/objdump+0x13b39d) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV (/lib/x86_64-linux-gnu/libc.so.6+0x1886e4) ==2950647==ABORTING