[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Bug binutils/23316] New: Segmentation fault in get_build_id()
From: |
mgcho.minic at gmail dot com |
Subject: |
[Bug binutils/23316] New: Segmentation fault in get_build_id() |
Date: |
Wed, 20 Jun 2018 11:54:14 +0000 |
https://sourceware.org/bugzilla/show_bug.cgi?id=23316
Bug ID: 23316
Summary: Segmentation fault in get_build_id()
Product: binutils
Version: 2.30
Status: UNCONFIRMED
Severity: normal
Priority: P2
Component: binutils
Assignee: unassigned at sourceware dot org
Reporter: mgcho.minic at gmail dot com
Target Milestone: ---
Created attachment 11089
--> https://sourceware.org/bugzilla/attachment.cgi?id=11089&action=edit
POC to trigger bug
Triggered by "./nm -l $POC"
Tested on Ubuntu 16.04 (x86)
Negative size param is used in memcpy() when processing malformed ELF file.
ASAN output:
==23941==ERROR: AddressSanitizer: negative-size-param: (size=-1)
#0 0x80f8427 in __asan_memcpy
(/home/min/fuzzing/program/binutils-head-asan/bin/nm+0x80f8427)
#1 0x81922dc in get_build_id
/home/min/fuzzing/src/binutils/binutils-gdb/bfd/opncls.c:1899:3
#2 0x818feb1 in get_build_id_name
/home/min/fuzzing/src/binutils/binutils-gdb/bfd/opncls.c:1943:14
#3 0x818e85c in find_separate_debug_file
/home/min/fuzzing/src/binutils/binutils-gdb/bfd/opncls.c:1435:10
#4 0x818fd9d in bfd_follow_build_id_debuglink
/home/min/fuzzing/src/binutils/binutils-gdb/bfd/opncls.c:2058:10
#5 0x83b1f27 in _bfd_dwarf2_slurp_debug_info
/home/min/fuzzing/src/binutils/binutils-gdb/bfd/./dwarf2.c:4358:24
#6 0x83c10d4 in _bfd_dwarf2_find_nearest_line
/home/min/fuzzing/src/binutils/binutils-gdb/bfd/./dwarf2.c:4553:9
#7 0x828d6ee in _bfd_elf_find_line
/home/min/fuzzing/src/binutils/binutils-gdb/bfd/elf.c:8790:10
#8 0x814b8a3 in print_symbol
/home/min/fuzzing/src/binutils/binutils-gdb/binutils/nm.c:1008:9
#9 0x8147330 in print_symbols
/home/min/fuzzing/src/binutils/binutils-gdb/binutils/nm.c:1089:7
#10 0x81450dc in display_rel_file
/home/min/fuzzing/src/binutils/binutils-gdb/binutils/nm.c:1205:5
#11 0x8140550 in display_file
/home/min/fuzzing/src/binutils/binutils-gdb/binutils/nm.c:1325:7
#12 0x813fbc6 in main
/home/min/fuzzing/src/binutils/binutils-gdb/binutils/nm.c:1799:12
#13 0xb74b8636 in __libc_start_main
/build/glibc-mUak1Y/glibc-2.23/csu/../csu/libc-start.c:291
#14 0x806aeb7 in _start
(/home/min/fuzzing/program/binutils-head-asan/bin/nm+0x806aeb7)
Credits:
Mingi Cho and Taekyoung Kwon of the Information Security Lab, Yonsei
University.
--
You are receiving this mail because:
You are on the CC list for the bug.
- [Bug binutils/23316] New: Segmentation fault in get_build_id(),
mgcho.minic at gmail dot com <=