[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Bug binutils/24272] New: An out-of-bounds read occured in pex64_xdata_p
From: |
mgcho.minic at gmail dot com |
Subject: |
[Bug binutils/24272] New: An out-of-bounds read occured in pex64_xdata_print_uwd_codes() |
Date: |
Wed, 27 Feb 2019 05:26:08 +0000 |
https://sourceware.org/bugzilla/show_bug.cgi?id=24272
Bug ID: 24272
Summary: An out-of-bounds read occured in
pex64_xdata_print_uwd_codes()
Product: binutils
Version: 2.33 (HEAD)
Status: UNCONFIRMED
Severity: normal
Priority: P2
Component: binutils
Assignee: unassigned at sourceware dot org
Reporter: mgcho.minic at gmail dot com
Target Milestone: ---
Created attachment 11651
--> https://sourceware.org/bugzilla/attachment.cgi?id=11651&action=edit
Poc to trigger bug
Triggered by "./objdump -x $POC"
Tested on Ubuntu 16.04 (x86)
An out-of-bounds read occurred when processing malformed PE file.
ASAN output:
==173033==ERROR: AddressSanitizer: heap-buffer-overflow on address 0xf4c03bff
at pc 0x082e6896 bp 0xffa38b98 sp 0xffa38b8c
READ of size 1 at 0xf4c03bff thread T0
#0 0x82e6895 in bfd_getl32
/home/seclab/fuzzing-experiment/fuzzing/src/binutils-2.32/bfd/libbfd.c:698:24
#1 0x871c088 in pex64_xdata_print_uwd_codes
/home/seclab/fuzzing-experiment/fuzzing/src/binutils-2.32/bfd/pei-x86_64.c:299:10
#2 0x8717f8c in pex64_dump_xdata
/home/seclab/fuzzing-experiment/fuzzing/src/binutils-2.32/bfd/pei-x86_64.c:441:5
#3 0x8709661 in pex64_bfd_print_pdata_section
/home/seclab/fuzzing-experiment/fuzzing/src/binutils-2.32/bfd/pei-x86_64.c:758:8
#4 0x87050ee in pex64_bfd_print_pdata
/home/seclab/fuzzing-experiment/fuzzing/src/binutils-2.32/bfd/pei-x86_64.c:794:12
#5 0x875d7e9 in _bfd_pex64_print_private_bfd_data_common
/home/seclab/fuzzing-experiment/fuzzing/src/binutils-2.32/bfd/pex64igen.c:2911:5
#6 0x871488a in pe_print_private_bfd_data
/home/seclab/fuzzing-experiment/fuzzing/src/binutils-2.32/bfd/./peicode.h:336:8
#7 0x8172403 in dump_bfd_private_header
/home/seclab/fuzzing-experiment/fuzzing/src/binutils-2.32/binutils/./objdump.c:3181:3
#8 0x8170bc1 in dump_bfd
/home/seclab/fuzzing-experiment/fuzzing/src/binutils-2.32/binutils/./objdump.c:3782:5
#9 0x8170346 in display_object_bfd
/home/seclab/fuzzing-experiment/fuzzing/src/binutils-2.32/binutils/./objdump.c:3883:7
#10 0x817024d in display_any_bfd
/home/seclab/fuzzing-experiment/fuzzing/src/binutils-2.32/binutils/./objdump.c:3973:5
#11 0x816f840 in display_file
/home/seclab/fuzzing-experiment/fuzzing/src/binutils-2.32/binutils/./objdump.c:3994:3
#12 0x816ef52 in main
/home/seclab/fuzzing-experiment/fuzzing/src/binutils-2.32/binutils/./objdump.c:4304:6
#13 0xf74b7636 in __libc_start_main (/lib/i386-linux-gnu/libc.so.6+0x18636)
#14 0x806c907 in _start
(/home/seclab/fuzzing-experiment/fuzzing/program/x86/binutils-2.32/clang5-asan-debug/bin/objdump+0x806c907)
Credits:
Mingi Cho, Seoyoung Kim, and Taekyoung Kwon of the Information Security Lab,
Yonsei University.
--
You are receiving this mail because:
You are on the CC list for the bug.
- [Bug binutils/24272] New: An out-of-bounds read occured in pex64_xdata_print_uwd_codes(),
mgcho.minic at gmail dot com <=