Bug 22741 - objcopy segfault
Summary: objcopy segfault
Status: RESOLVED FIXED
Alias: None
Product: binutils
Classification: Unclassified
Component: binutils (show other bugs)
Version: 2.31
: P2 normal
Target Milestone: 2.31
Assignee: Alan Modra
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2018-01-24 06:11 UTC by Kang
Modified: 2018-03-31 12:42 UTC (History)
1 user (show)

See Also:
Host:
Target:
Build:
Last reconfirmed: 2018-01-26 00:00:00


Attachments
input that cause objcopy to segfault (215 bytes, application/x-ms-dos-executable)
2018-01-24 06:11 UTC, Kang
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Kang 2018-01-24 06:11:49 UTC
Created attachment 10758 [details]
input that cause objcopy to segfault

objcopy segfault on the given input files.

# ------------
# Cmdline: 
$ objcopy /tmp/objcopy_crash.input 
Segmentation fault

# ------------
# gdb output
Program received signal SIGSEGV, Segmentation fault.
0x00000000004ea2f9 in coff_mangle_symbols (bfd_ptr=0x7a92f0) at ../../bfd/coffgen.c:843
843                         a->u.auxent.x_sym.x_tagndx.p->offset;
(gdb) where
#0  0x00000000004ea2f9 in coff_mangle_symbols (bfd_ptr=0x7a92f0) at ../../bfd/coffgen.c:843
#1  0x00000000004d3c7d in coff_write_object_contents (abfd=0x7a92f0) at ../../bfd/coffcode.h:4231
#2  0x0000000000441c80 in bfd_close (abfd=0x7a92f0) at ../../bfd/opncls.c:731
#3  0x00000000004091cb in copy_file (input_filename=0x7fffffffe82a "/tmp/objcopy_crash.input", output_filename=0x7a5f00 "/tmp/st2DszA7", input_target=0x0, output_target=0x55aad7 "pei-i386", input_arch=0x0)
    at ../../binutils/objcopy.c:3530
#4  0x000000000040d017 in copy_main (argc=2, argv=0x7fffffffe5b8) at ../../binutils/objcopy.c:5478
#5  0x000000000040d363 in main (argc=2, argv=0x7fffffffe5b8) at ../../binutils/objcopy.c:5582



# ------------------------------
# Tested on the following two objcopy versions

# 1.
From git://sourceware.org/git/binutils-gdb.git 
cloned on Jan 24, 2018
commit 0984958bd1d20245e4d42888a697b6015dc6172f

Ubuntu 14.04.5 LTS, 
$ uname -a
Linux 3.19.0-74-generic #82~14.04.1-Ubuntu SMP Fri Oct 21 15:43:47 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux


# 2
GNU objcopy (GNU Binutils for Ubuntu) 2.26.1
Ubuntu 16.04.3 LTS
Linux 4.4.0-101-generic #124-Ubuntu SMP Fri Nov 10 18:29:59 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux
Comment 1 cvs-commit@gcc.gnu.org 2018-01-29 05:30:35 UTC
The master branch has been updated by Alan Modra <amodra@sourceware.org>:

https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=eb77f6a4621795367a39cdd30957903af9dbb815

commit eb77f6a4621795367a39cdd30957903af9dbb815
Author: Alan Modra <amodra@gmail.com>
Date:   Sat Jan 27 08:19:33 2018 +1030

    PR22741, objcopy segfault on fuzzed COFF object
    
    	PR 22741
    	* coffgen.c (coff_pointerize_aux): Ensure auxent tagndx is in
    	range before converting to a symbol table pointer.
Comment 2 Alan Modra 2018-01-29 05:39:36 UTC
Fixed