Bug 21840 - Undefined behavior round 3
Summary: Undefined behavior round 3
Status: RESOLVED FIXED
Alias: None
Product: binutils
Classification: Unclassified
Component: binutils (show other bugs)
Version: 2.30
: P2 normal
Target Milestone: ---
Assignee: Not yet assigned to anyone
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2017-07-26 17:01 UTC by Ned Williamson
Modified: 2017-08-29 20:02 UTC (History)
2 users (show)

See Also:
Host:
Target:
Build:
Last reconfirmed:


Attachments
Testcases and ASAN output (4.12 KB, application/x-xz)
2017-07-26 17:01 UTC, Ned Williamson
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Ned Williamson 2017-07-26 17:01:43 UTC
Created attachment 10285 [details]
Testcases and ASAN output

I have found 5 more testcases revealing crashes or undefined behavior in the
current objdump. These can be detected with a recent ASAN running under
`objdump -x`.

See the attached file for the testcases and ASAN output.

Thanks so much for addressing previous reports with high quality patches.
Comment 1 Sourceware Commits 2017-07-27 11:06:03 UTC
The master branch has been updated by Nick Clifton <nickc@sourceware.org>:

https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=8bdf0be19d2777565a8b1c88347f65d6a4b8c5fc

commit 8bdf0be19d2777565a8b1c88347f65d6a4b8c5fc
Author: Nick Clifton <nickc@redhat.com>
Date:   Thu Jul 27 12:04:50 2017 +0100

    Fix address violation issues encountered when parsing corrupt binaries.
    
    	PR 21840
    	* mach-o.c (bfd_mach_o_read_symtab_strtab): Fail if the symtab
    	size is -1.
    	* nlmcode.h (nlm_swap_auxiliary_headers_in): Replace assertion
    	with error return.
    	* section.c (bfd_make_section_with_flags): Fail if the name or bfd
    	are NULL.
    	* vms-alpha.c (bfd_make_section_with_flags): Correct computation
    	of end pointer.
    	(evax_bfd_print_emh): Check for invalid string lengths.
Comment 2 Nick Clifton 2017-07-27 11:17:42 UTC
Hi Ned,

  Thanks for the bug report and test files.

  I have checked in a patch which should take care of all of the problems.

Cheers
  Nick
Comment 3 Randy Macleod 2017-08-29 02:31:42 UTC
Will this fix be backported to 2.29?
It would not be a huge issue if it were not, I'm just trying to understand your workflow.
Comment 4 Nick Clifton 2017-08-29 11:42:48 UTC
The patch is now checked in to the 2.29 branch as well.
Comment 5 Randy Macleod 2017-08-29 20:02:06 UTC
Super. Thanks Nick.