Bug 22170 - heap-based buffer overflow in _bfd_x86_elf_get_synthetic_symtab (elfxx-x86.c)
Summary: heap-based buffer overflow in _bfd_x86_elf_get_synthetic_symtab (elfxx-x86.c)
Status: RESOLVED FIXED
Alias: None
Product: binutils
Classification: Unclassified
Component: binutils (show other bugs)
Version: 2.30
: P2 normal
Target Milestone: 2.30
Assignee: Not yet assigned to anyone
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2017-09-21 13:20 UTC by Agostino Sarubbo
Modified: 2017-09-22 21:40 UTC (History)
0 users

See Also:
Host:
Target:
Build:
Last reconfirmed:


Attachments
stacktrace (1.03 KB, text/plain)
2017-09-21 13:20 UTC, Agostino Sarubbo
Details
testcase (3.71 KB, application/x-executable)
2017-09-21 13:21 UTC, Agostino Sarubbo
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo 2017-09-21 13:20:35 UTC
Created attachment 10444 [details]
stacktrace

On master compiled today.
# nm -V
GNU nm (Gentoo git) 2.29.51.20170921


Command to reproduce:
# nm -A -a -l -S -s --special-syms --synthetic --with-symbol-versions -D $FILE
Comment 1 Agostino Sarubbo 2017-09-21 13:21:06 UTC
Created attachment 10445 [details]
testcase
Comment 2 cvs-commit@gcc.gnu.org 2017-09-22 21:21:40 UTC
The master branch has been updated by H.J. Lu <hjl@sourceware.org>:

https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=61e3bf5f83f7e505b6bc51ef65426e5b31e6e360

commit 61e3bf5f83f7e505b6bc51ef65426e5b31e6e360
Author: H.J. Lu <hjl.tools@gmail.com>
Date:   Fri Sep 22 14:15:40 2017 -0700

    x86: Guard against corrupted PLT
    
    There should be only one entry in PLT for a given symbol.  Set howto to
    NULL after processing a PLT entry to guard against corrupted PLT so that
    the duplicated PLT entries are skipped.
    
    	PR binutils/22170
    	* elfxx-x86.c (_bfd_x86_elf_get_synthetic_symtab): Guard against
    	corrupted PLT.
Comment 3 cvs-commit@gcc.gnu.org 2017-09-22 21:39:19 UTC
The binutils-2_29-branch branch has been updated by H.J. Lu <hjl@sourceware.org>:

https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=56933f9e3e90eebf1018ed7417d6c1184b91db6b

commit 56933f9e3e90eebf1018ed7417d6c1184b91db6b
Author: H.J. Lu <hjl.tools@gmail.com>
Date:   Fri Sep 22 14:15:40 2017 -0700

    x86: Guard against corrupted PLT
    
    There should be only one entry in PLT for a given symbol.  Set howto to
    NULL after processing a PLT entry to guard against corrupted PLT so that
    the duplicated PLT entries are skipped.
    
    	PR binutils/22170
    	 * elf32-i386.c (elf_i386_get_synthetic_symtab): Guard against
    	 corrupted PLT.
    	 * elf64-x86-64.c (elf_x86_64_get_synthetic_symtab): Likewise.
    
    (cherry picked from commit 61e3bf5f83f7e505b6bc51ef65426e5b31e6e360)
Comment 4 H.J. Lu 2017-09-22 21:40:17 UTC
Fixed for master and 2.29 branch.