https://sourceware.org/bugzilla/show_bug.cgi?id=21933
Bug ID: 21933 Summary: heap buffer overflow in elf_read_notes Product: binutils Version: 2.29 Status: UNCONFIRMED Severity: critical Priority: P2 Component: binutils Assignee: unassigned at sourceware dot org Reporter: 499671216 at qq dot com Target Milestone: --- Created attachment 10330 --> https://sourceware.org/bugzilla/attachment.cgi?id=10330&action=edit heapbuffuerflow-objdimp ================================================================= ==26165==ERROR: AddressSanitizer: heap-buffer-overflow on address 0xb5e006cf at pc 0x83c5e28 bp 0xbfd91768 sp 0xbfd9175c WRITE of size 1 at 0xb5e006cf thread T0 #0 0x83c5e27 in elf_read_notes /home/hjy/Desktop/binutils-2.29/bfd/elf.c:10991 #1 0x83c5e27 in bfd_section_from_phdr /home/hjy/Desktop/binutils-2.29/bfd/elf.c:2983 #2 0x838d742 in bfd_elf32_core_file_p /home/hjy/Desktop/binutils-2.29/bfd/elfcore.h:277 #3 0x82bd375 in bfd_check_format_matches /home/hjy/Desktop/binutils-2.29/bfd/format.c:311 #4 0x806e19b in display_object_bfd objdump.c:3621 #5 0x806e19b in display_any_bfd objdump.c:3692 #6 0x805837d in display_file objdump.c:3713 #7 0x805837d in main objdump.c:4015 #8 0xb712da82 in __libc_start_main (/lib/i386-linux-gnu/libc.so.6+0x19a82) #9 0x805af8f (/usr/local/bin/objdump+0x805af8f) 0xb5e006cf is located 1 bytes to the left of 1-byte region [0xb5e006d0,0xb5e006d1) allocated by thread T0 here: #0 0xb731788a in __interceptor_malloc (/usr/lib/i386-linux-gnu/libasan.so.1+0x4e88a) #1 0x82c87c6 in bfd_malloc /home/hjy/Desktop/binutils-2.29/bfd/libbfd.c:193 #2 0x83c5d0b in elf_read_notes /home/hjy/Desktop/binutils-2.29/bfd/elf.c:10985 #3 0x83c5d0b in bfd_section_from_phdr /home/hjy/Desktop/binutils-2.29/bfd/elf.c:2983 #4 0x838d742 in bfd_elf32_core_file_p /home/hjy/Desktop/binutils-2.29/bfd/elfcore.h:277 #5 0x82bd375 in bfd_check_format_matches /home/hjy/Desktop/binutils-2.29/bfd/format.c:311 #6 0x806e19b in display_object_bfd objdump.c:3621 #7 0x806e19b in display_any_bfd objdump.c:3692 #8 0x805837d in display_file objdump.c:3713 #9 0x805837d in main objdump.c:4015 #10 0xb712da82 in __libc_start_main (/lib/i386-linux-gnu/libc.so.6+0x19a82) SUMMARY: AddressSanitizer: heap-buffer-overflow /home/hjy/Desktop/binutils-2.29/bfd/elf.c:10991 elf_read_notes Shadow bytes around the buggy address: 0x36bc0080: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x36bc0090: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x36bc00a0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x36bc00b0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x36bc00c0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa =>0x36bc00d0: fa fa fa fa fa fa fa fa fa[fa]01 fa fa fa 00 04 0x36bc00e0: fa fa 00 04 fa fa 00 00 fa fa 00 01 fa fa 00 04 0x36bc00f0: fa fa 00 04 fa fa 00 04 fa fa 00 00 fa fa fd fa 0x36bc0100: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x36bc0110: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x36bc0120: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Heap right redzone: fb Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack partial redzone: f4 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Contiguous container OOB:fc ASan internal: fe ==26165==ABORTING -- You are receiving this mail because: You are on the CC list for the bug. _______________________________________________ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils