[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Bug binutils/21633] New: SEGV on unknown address in ieee_archive_p
From: |
aadamski at quarkslab dot com |
Subject: |
[Bug binutils/21633] New: SEGV on unknown address in ieee_archive_p |
Date: |
Tue, 20 Jun 2017 16:01:08 +0000 |
https://sourceware.org/bugzilla/show_bug.cgi?id=21633
Bug ID: 21633
Summary: SEGV on unknown address in ieee_archive_p
Product: binutils
Version: 2.29 (HEAD)
Status: UNCONFIRMED
Severity: critical
Priority: P2
Component: binutils
Assignee: unassigned at sourceware dot org
Reporter: aadamski at quarkslab dot com
Target Milestone: ---
> library = read_id (&(ieee->h));
> if (strcmp (library, "LIBRARY") != 0)
> goto got_wrong_format_error;
In some cases, read_id will return NULL. Passing NULL to strcmp is undefined
behavior, but will most likely result in NULL pointer dereferencing.
--
Hello there,
I have been fuzzing objdump with American Fuzzy Lop + ASAN/UBSAN.
Please find attached the minimized file causing the issue ("Input") and the
ASAN report log ("Output"). Below is the reduced stacktrace with links to the
corresponding source lines on a GitHub mirror.
The configuration settings used were `--enable-targets=all --disable-shared`.
The compilation flags used were `-g -O2 -fno-omit-frame-pointer
-fsanitize=address -fno-sanitize-recover=all`. The command used
was `objdump -afpxDSsgetTrR <file>`.
Let me know if there is any additional information I can provide.
--
Input: 48434ef89a43c1c651f2ae1f119f66d5.ad838a36e394493801cb2b3c3b191dc2.min
Output: 48434ef89a43c1c651f2ae1f119f66d5.ad838a36e394493801cb2b3c3b191dc2.txt
Error in "ieee_archive_p": SEGV on unknown address 0x000000000000 (pc
0x00000048a7bd bp 0x7fffffffe0e0 sp 0x7fffffffd850 T0)
in ieee_archive_p at bfd/ieee.c:1398
(see
https://github.com/bminor/binutils-gdb/blob/a6cab9afd2c81465265c8d09569e3e6ef43d2954/bfd/ieee.c#L1398)
in bfd_check_format_matches at bfd/format.c:311
(see
https://github.com/bminor/binutils-gdb/blob/a6cab9afd2c81465265c8d09569e3e6ef43d2954/bfd/format.c#L311)
in display_any_bfd at binutils/objdump.c:3651
(see
https://github.com/bminor/binutils-gdb/blob/a6cab9afd2c81465265c8d09569e3e6ef43d2954/binutils/objdump.c#L3651)
in display_file at binutils/objdump.c:3720
(see
https://github.com/bminor/binutils-gdb/blob/a6cab9afd2c81465265c8d09569e3e6ef43d2954/binutils/objdump.c#L3720)
in main at binutils/objdump.c:4024
(see
https://github.com/bminor/binutils-gdb/blob/a6cab9afd2c81465265c8d09569e3e6ef43d2954/binutils/objdump.c#L4024)
--
You are receiving this mail because:
You are on the CC list for the bug.
- [Bug binutils/21633] New: SEGV on unknown address in ieee_archive_p,
aadamski at quarkslab dot com <=