https://sourceware.org/bugzilla/show_bug.cgi?id=22443
Bug ID: 22443 Summary: Global buffer overflow in _bfd_elf_get_symbol_version_string Product: binutils Version: 2.30 (HEAD) Status: UNCONFIRMED Severity: normal Priority: P2 Component: binutils Assignee: unassigned at sourceware dot org Reporter: mgcho.minic at gmail dot com Target Milestone: --- Created attachment 10591 --> https://sourceware.org/bugzilla/attachment.cgi?id=10591&action=edit poc file Triggered by "./objdump -x $POC" Tested on Ubuntu 16.04 (x86) Global buffer overflow is occured when corrupted processing elf file. Configuration information: CC=clang CXX=clang++ CFLAGS="-g -O0 -fno-omit-frame-pointer -fsanitize=address -fno-sanitize-recover=all" CXXFLAGS=-fsanitize="-g -O0 -fno-omit-frame-pointer -fsanitize=address -fno-sanitize-recover=all" ./configure ASAN output: ==14558==ERROR: AddressSanitizer : global-buffer-overflow on address 0x08626220 at pc 0x082dd706 bp 0xbfeb88a8 sp 0xbfeb889c READ of size 2 at 0x08626220 thread T0 #0 0x82dd705 in _bfd_elf_get_symbol_version_string /home/min/fuzzing/src/binutils/binutils-gdb/bfd/elf.c:1838:59 #1 0x8149baf in objdump_print_symname /home/min/fuzzing/src/binutils/binutils-gdb/binutils/./objdump.c:892:22 #2 0x814f52f in disassemble_bytes /home/min/fuzzing/src/binutils/binutils-gdb/binutils/./objdump.c:2050:7 #3 0x814f52f in disassemble_section /home/min/fuzzing/src/binutils/binutils-gdb/binutils/./objdump.c:2319 #4 0x8279497 in bfd_map_over_sections /home/min/fuzzing/src/binutils/binutils-gdb/bfd/section.c:1395:5 #5 0x8144976 in disassemble_data /home/min/fuzzing/src/binutils/binutils-gdb/binutils/./objdump.c:2455:3 #6 0x8144976 in dump_bfd /home/min/fuzzing/src/binutils/binutils-gdb/binutils/./objdump.c:3554 #7 0x8142d75 in display_object_bfd /home/min/fuzzing/src/binutils/binutils-gdb/binutils/./objdump.c:3611:7 #8 0x8142d75 in display_any_bfd /home/min/fuzzing/src/binutils/binutils-gdb/binutils/./objdump.c:3700 #9 0x8141fe4 in display_file /home/min/fuzzing/src/binutils/binutils-gdb/binutils/./objdump.c:3721:3 #10 0x8141fe4 in main /home/min/fuzzing/src/binutils/binutils-gdb/binutils/./objdump.c:4023 #11 0xb7494636 in __libc_start_main /build/glibc-KM3i_a/glibc-2.23/csu/../csu/libc-start.c:291 #12 0x806c687 in _start (/home/min/fuzzing/program/binutils-master-patch/bin/objdump+0x806c687) 0x08626220 is located 32 bytes to the left of global variable '<string literal>' defined in 'section.c:771:3' (0x8626240) of size 6 '<string literal>' is ascii string '*UND*' 0x08626220 is located 0 bytes to the right of global variable 'global_syms' defined in 'section.c:758:22' (0x86261c0) of size 96 SUMMARY: AddressSanitizer: global-buffer-overflow /home/min/fuzzing/src/binutils/binutils-gdb/bfd/elf.c:1838:59 in _bfd_elf_get_symbol_version_string Credits: Mingi Cho and Taekyoung Kwon of the Information Security Lab, Yonsei University. -- You are receiving this mail because: You are on the CC list for the bug. _______________________________________________ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils