[Bug binutils/23316] New: Segmentation fault in get_build

bug-binutils

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Bug binutils/23316] New: Segmentation fault in get_build_id()

From:	mgcho.minic at gmail dot com
Subject:	[Bug binutils/23316] New: Segmentation fault in get_build_id()
Date:	Wed, 20 Jun 2018 11:54:14 +0000

https://sourceware.org/bugzilla/show_bug.cgi?id=23316

            Bug ID: 23316
           Summary: Segmentation fault in get_build_id()
           Product: binutils
           Version: 2.30
            Status: UNCONFIRMED
          Severity: normal
          Priority: P2
         Component: binutils
          Assignee: unassigned at sourceware dot org
          Reporter: mgcho.minic at gmail dot com
  Target Milestone: ---

Created attachment 11089
  --> https://sourceware.org/bugzilla/attachment.cgi?id=11089&action=edit
POC to trigger bug

Triggered by "./nm -l $POC"
Tested on Ubuntu 16.04 (x86)

Negative size param is used in memcpy() when processing malformed ELF file.

ASAN output:

==23941==ERROR: AddressSanitizer: negative-size-param: (size=-1)
    #0 0x80f8427 in __asan_memcpy
(/home/min/fuzzing/program/binutils-head-asan/bin/nm+0x80f8427)
    #1 0x81922dc in get_build_id
/home/min/fuzzing/src/binutils/binutils-gdb/bfd/opncls.c:1899:3
    #2 0x818feb1 in get_build_id_name
/home/min/fuzzing/src/binutils/binutils-gdb/bfd/opncls.c:1943:14
    #3 0x818e85c in find_separate_debug_file
/home/min/fuzzing/src/binutils/binutils-gdb/bfd/opncls.c:1435:10
    #4 0x818fd9d in bfd_follow_build_id_debuglink
/home/min/fuzzing/src/binutils/binutils-gdb/bfd/opncls.c:2058:10
    #5 0x83b1f27 in _bfd_dwarf2_slurp_debug_info
/home/min/fuzzing/src/binutils/binutils-gdb/bfd/./dwarf2.c:4358:24
    #6 0x83c10d4 in _bfd_dwarf2_find_nearest_line
/home/min/fuzzing/src/binutils/binutils-gdb/bfd/./dwarf2.c:4553:9
    #7 0x828d6ee in _bfd_elf_find_line
/home/min/fuzzing/src/binutils/binutils-gdb/bfd/elf.c:8790:10
    #8 0x814b8a3 in print_symbol
/home/min/fuzzing/src/binutils/binutils-gdb/binutils/nm.c:1008:9
    #9 0x8147330 in print_symbols
/home/min/fuzzing/src/binutils/binutils-gdb/binutils/nm.c:1089:7
    #10 0x81450dc in display_rel_file
/home/min/fuzzing/src/binutils/binutils-gdb/binutils/nm.c:1205:5
    #11 0x8140550 in display_file
/home/min/fuzzing/src/binutils/binutils-gdb/binutils/nm.c:1325:7
    #12 0x813fbc6 in main
/home/min/fuzzing/src/binutils/binutils-gdb/binutils/nm.c:1799:12
    #13 0xb74b8636 in __libc_start_main
/build/glibc-mUak1Y/glibc-2.23/csu/../csu/libc-start.c:291
    #14 0x806aeb7 in _start
(/home/min/fuzzing/program/binutils-head-asan/bin/nm+0x806aeb7)


Credits:

Mingi Cho and Taekyoung Kwon of the Information Security Lab, Yonsei
University.

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Prev in Thread]

Current Thread

[Next in Thread]

[Bug binutils/23316] New: Segmentation fault in get_build_id(), mgcho.minic at gmail dot com <=
- [Bug binutils/23316] Segmentation fault in get_build_id(), cvs-commit at gcc dot gnu.org, 2018/06/20
- [Bug binutils/23316] Segmentation fault in get_build_id(), nickc at redhat dot com, 2018/06/20

Prev by Date: [Bug ld/21458] ld generates none ARM elf ABI compliant code that causes a hard fault.
Next by Date: [Bug ld/22966] n64 MIPS: -mplt -msym32 is resulting in assertion ld.orig: BFD 2.29.1 assertion fail binutils-2.29.1 /bfd/elfxx-mips.c:11234
Previous by thread: [Bug ld/21458] ld generates none ARM elf ABI compliant code that causes a hard fault.
Next by thread: [Bug binutils/23316] Segmentation fault in get_build_id()
Index(es):
- Date
- Thread