Bug 26069 - strip user controllable memory leak + misaligned memory access bugs
Summary: strip user controllable memory leak + misaligned memory access bugs
Status: RESOLVED FIXED
Alias: None
Product: binutils
Classification: Unclassified
Component: binutils (show other bugs)
Version: 2.30
: P2 normal
Target Milestone: 2.35
Assignee: Alan Modra
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2020-06-02 17:57 UTC by as5258
Modified: 2020-06-03 22:58 UTC (History)
0 users

See Also:
Host:
Target:
Build:
Last reconfirmed:


Attachments
bug reproducibility folder (2.24 KB, application/zip)
2020-06-02 17:57 UTC, as5258
Details

Note You need to log in before you can comment on or make changes to this bug.
Description as5258 2020-06-02 17:57:59 UTC
Created attachment 12580 [details]
bug reproducibility folder

Hi, I came across a few bugs in the strip program.
1) Memory leaks controllable by user input and potentially a security vulnerability.
2) Misaligned memory accesses by the program

Please see the attachment for a more detailed summary. Inside of it, there lives a file called summary.txt which provides a description of how the POCs trigger the issues as well as environment/build configurations. 


Thanks!
Comment 1 cvs-commit@gcc.gnu.org 2020-06-03 08:42:31 UTC
The master branch has been updated by Alan Modra <amodra@sourceware.org>:

https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=4a32244804f942a54960039c7968b1df2a177b4d

commit 4a32244804f942a54960039c7968b1df2a177b4d
Author: Alan Modra <amodra@gmail.com>
Date:   Wed Jun 3 16:55:39 2020 +0930

    PR26069, strip/objcopy memory leaks
    
            PR 26069
            * objcopy.c (copy_relocations_in_section): Free relpp on error.
            Don't accidentally free isection->orelocation.
Comment 2 cvs-commit@gcc.gnu.org 2020-06-03 08:42:36 UTC
The master branch has been updated by Alan Modra <amodra@sourceware.org>:

https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=675800364bfdbc29ee034681339e4b4a137bb2f5

commit 675800364bfdbc29ee034681339e4b4a137bb2f5
Author: Alan Modra <amodra@gmail.com>
Date:   Wed Jun 3 16:58:55 2020 +0930

    PR26069, strip/objcopy misaligned address accesses
    
            PR 26069
            PR 18758
            * peicode.h (pe_ILF_make_a_section): Align data for compilers
            other than gcc.
            (pe_ILF_build_a_bfd): Likewise.
Comment 3 as5258 2020-06-03 16:51:28 UTC
Thanks for the prompt response! Can I request a CVE for the denial of service (memory consumption leak) bug?

using the form here: http://cve.mitre.org/cve/request_id.html ?
Comment 4 Alan Modra 2020-06-03 22:58:23 UTC
git commit 0ed18fa17785 also applied against this bug but with a wrong pr number in the log.  I don't see any need for a CVE.