[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Bug binutils/17512] segfault in PE parser / _bfd_pei_swap_aouthdr_in
From: |
hanno at hboeck dot de |
Subject: |
[Bug binutils/17512] segfault in PE parser / _bfd_pei_swap_aouthdr_in |
Date: |
Wed, 29 Oct 2014 23:20:11 +0000 |
https://sourceware.org/bugzilla/show_bug.cgi?id=17512
--- Comment #30 from Hanno Boeck <hanno at hboeck dot de> ---
Created attachment 7862
--> https://sourceware.org/bugzilla/attachment.cgi?id=7862&action=edit
fuzzed objdump-pe-crasher
Hi Nick, thanks for the fixes.
However, further fuzzing turned up another asan-detected issue. This is
actually a fuzzed version of the objdump-pe-crasher binary (attachment 7854):
==2937== ERROR: AddressSanitizer: heap-buffer-overflow on address
0x60080000b834 at pc 0x4d0c67 bp 0x7fffdd272be0 sp 0x7fffdd272bd8
READ of size 1 at 0x60080000b834 thread T0
#0 0x4d0c66 in bfd_getl32
/data/binutils/binutils-gdb-asan/bfd/libbfd.c:619:0
#1 0x650684 in _bfd_pei_swap_aux_in
/data/binutils/binutils-gdb-asan/bfd/peigen.c:314:0
#2 0x4c9ab1 in coff_get_normalized_symtab
/data/binutils/binutils-gdb-asan/bfd/coffgen.c:1781:0
#3 0x64c021 in coff_slurp_symbol_table
/data/binutils/binutils-gdb-asan/bfd/coffcode.h:4663:0
#4 0x4c0b5c in coff_get_symtab_upper_bound
/data/binutils/binutils-gdb-asan/bfd/coffgen.c:410:0
#5 0x4044ab in slurp_symtab
/data/binutils/binutils-gdb-asan/binutils/./objdump.c:563:0
#6 0x4123ee in dump_bfd
/data/binutils/binutils-gdb-asan/binutils/./objdump.c:3227:0
#7 0x41285d in display_object_bfd
/data/binutils/binutils-gdb-asan/binutils/./objdump.c:3315:0
#8 0x412b85 in display_any_bfd
/data/binutils/binutils-gdb-asan/binutils/./objdump.c:3389:0
#9 0x412bf6 in display_file
/data/binutils/binutils-gdb-asan/binutils/./objdump.c:3410:0
#10 0x41370e in main
/data/binutils/binutils-gdb-asan/binutils/./objdump.c:3692:0
#11 0x7f0eb1633a64 in __libc_start_main ??:0:0
#12 0x402f78 in _start ??:0:0
0x60080000b834 is located 0 bytes to the right of 36-byte region
[0x60080000b810,0x60080000b834)
allocated by thread T0 here:
#0 0x7f0eb1de4dda in malloc ??:0:0
#1 0x4d01ed in bfd_malloc
/data/binutils/binutils-gdb-asan/bfd/libbfd.c:181:0
#2 0x4c8d02 in _bfd_coff_get_external_symbols
/data/binutils/binutils-gdb-asan/bfd/coffgen.c:1619:0
#3 0x4c973f in coff_get_normalized_symtab
/data/binutils/binutils-gdb-asan/bfd/coffgen.c:1752:0
#4 0x64c021 in coff_slurp_symbol_table
/data/binutils/binutils-gdb-asan/bfd/coffcode.h:4663:0
#5 0x4c0b5c in coff_get_symtab_upper_bound
/data/binutils/binutils-gdb-asan/bfd/coffgen.c:410:0
#6 0x4044ab in slurp_symtab
/data/binutils/binutils-gdb-asan/binutils/./objdump.c:563:0
#7 0x4123ee in dump_bfd
/data/binutils/binutils-gdb-asan/binutils/./objdump.c:3227:0
#8 0x41285d in display_object_bfd
/data/binutils/binutils-gdb-asan/binutils/./objdump.c:3315:0
#9 0x412b85 in display_any_bfd
/data/binutils/binutils-gdb-asan/binutils/./objdump.c:3389:0
#10 0x412bf6 in display_file
/data/binutils/binutils-gdb-asan/binutils/./objdump.c:3410:0
#11 0x41370e in main
/data/binutils/binutils-gdb-asan/binutils/./objdump.c:3692:0
#12 0x7f0eb1633a64 in __libc_start_main ??:0:0
--
You are receiving this mail because:
You are on the CC list for the bug.
- [Bug binutils/17512] segfault in PE parser / _bfd_pei_swap_aouthdr_in, (continued)
- [Bug binutils/17512] segfault in PE parser / _bfd_pei_swap_aouthdr_in, cvs-commit at gcc dot gnu.org, 2014/10/28
- [Bug binutils/17512] segfault in PE parser / _bfd_pei_swap_aouthdr_in, nickc at redhat dot com, 2014/10/28
- [Bug binutils/17512] segfault in PE parser / _bfd_pei_swap_aouthdr_in, cvs-commit at gcc dot gnu.org, 2014/10/28
- [Bug binutils/17512] segfault in PE parser / _bfd_pei_swap_aouthdr_in, hanno at hboeck dot de, 2014/10/28
- [Bug binutils/17512] segfault in PE parser / _bfd_pei_swap_aouthdr_in, nickc at redhat dot com, 2014/10/29
- [Bug binutils/17512] segfault in PE parser / _bfd_pei_swap_aouthdr_in, hanno at hboeck dot de, 2014/10/29
- [Bug binutils/17512] segfault in PE parser / _bfd_pei_swap_aouthdr_in, nickc at redhat dot com, 2014/10/29
- [Bug binutils/17512] segfault in PE parser / _bfd_pei_swap_aouthdr_in, hanno at hboeck dot de, 2014/10/29
- [Bug binutils/17512] segfault in PE parser / _bfd_pei_swap_aouthdr_in, cvs-commit at gcc dot gnu.org, 2014/10/29
- [Bug binutils/17512] segfault in PE parser / _bfd_pei_swap_aouthdr_in, nickc at redhat dot com, 2014/10/29
- [Bug binutils/17512] segfault in PE parser / _bfd_pei_swap_aouthdr_in,
hanno at hboeck dot de <=
- [Bug binutils/17512] segfault in PE parser / _bfd_pei_swap_aouthdr_in, hanno at hboeck dot de, 2014/10/31
- [Bug binutils/17512] segfault in PE parser / _bfd_pei_swap_aouthdr_in, hanno at hboeck dot de, 2014/10/31
- [Bug binutils/17512] segfault in PE parser / _bfd_pei_swap_aouthdr_in, hanno at hboeck dot de, 2014/10/31
- [Bug binutils/17512] segfault in PE parser / _bfd_pei_swap_aouthdr_in, hanno at hboeck dot de, 2014/10/31
- [Bug binutils/17512] segfault in PE parser / _bfd_pei_swap_aouthdr_in, cvs-commit at gcc dot gnu.org, 2014/10/31
- [Bug binutils/17512] segfault in PE parser / _bfd_pei_swap_aouthdr_in, nickc at redhat dot com, 2014/10/31
- [Bug binutils/17512] segfault in PE parser / _bfd_pei_swap_aouthdr_in, cvs-commit at gcc dot gnu.org, 2014/10/31
- [Bug binutils/17512] segfault in PE parser / _bfd_pei_swap_aouthdr_in, hanno at hboeck dot de, 2014/10/31
- [Bug binutils/17512] segfault in PE parser / _bfd_pei_swap_aouthdr_in, cvs-commit at gcc dot gnu.org, 2014/10/31
- [Bug binutils/17512] segfault in PE parser / _bfd_pei_swap_aouthdr_in, nickc at redhat dot com, 2014/10/31