https://sourceware.org/bugzilla/show_bug.cgi?id=27839
Bug ID: 27839
Summary: Segmentation fault on objdump -D
Product: binutils
Version: 2.37 (HEAD)
Status: UNCONFIRMED
Severity: normal
Priority: P2
Component: binutils
Assignee: unassigned at sourceware dot org
Reporter: shaohua.li at inf dot ethz.ch
Target Milestone: ---
Created attachment 13430
--> https://sourceware.org/bugzilla/attachment.cgi?id=13430&action=edit
poc for `objdump -D`
Hi there,
I crashes objdump (with flag -D) with a crafted executable using a fuzzer.
The crash look like:
(gdb) r -D poc
Starting program:
/data/afl_compiler/programs/binutils/src/binutils-gdb-clean-gcc11/binutils/objdump
-D poc
warning: Error disabling address space randomization: Operation not permitted
/data/afl_compiler/programs/binutils/src/binutils-gdb-clean-gcc11/binutils/objdump:
poc: attempt to load strings from a non-string section (number 20)
/data/afl_compiler/programs/binutils/src/binutils-gdb-clean-gcc11/binutils/objdump:
poc: attempt to load strings from a non-string section (number 20)
/data/afl_compiler/programs/binutils/src/binutils-gdb-clean-gcc11/binutils/objdump:
poc: attempt to load strings from a non-string section (number 20)
/data/afl_compiler/programs/binutils/src/binutils-gdb-clean-gcc11/binutils/objdump:
poc: attempt to load strings from a non-string section (number 20)
/data/afl_compiler/programs/binutils/src/binutils-gdb-clean-gcc11/binutils/objdump:
poc: attempt to load strings from a non-string section (number 20)
/data/afl_compiler/programs/binutils/src/binutils-gdb-clean-gcc11/binutils/objdump:
poc: attempt to load strings from a non-string section (number 20)
Program received signal SIGSEGV, Segmentation fault.
(gdb) bt
#0 0x000055cfb7177650 in ?? ()
#1 0x000055cfb5814349 in _bfd_generic_link_add_one_symbol
(info=info@entry=0x7fff2f7142f0, abfd=abfd@entry=0x55cfb7176310,
name=0x55cfb5a3586d "(null)", flags=<optimized out>, section=0x55cfb65ac6c0
<_bfd_std_section>, value=8,
string=0x55cfb5a3586d "(null)", copy=false, collect=false,
hashp=0x7fff2f7141a0) at linker.c:1667
#2 0x000055cfb5814a4f in generic_link_add_symbol_list (symbols=<optimized
out>, symbol_count=<optimized out>,
info=0x7fff2f7142f0, abfd=0x55cfb7176310) at linker.c:1192
#3 generic_link_add_object_symbols (info=0x7fff2f7142f0, abfd=0x55cfb7176310)
at linker.c:886
#4 _bfd_generic_link_add_symbols (abfd=abfd@entry=0x55cfb7176310,
info=info@entry=0x7fff2f7142f0) at linker.c:859
#5 0x000055cfb54f75bb in bfd_simple_get_relocated_section_contents
(abfd=abfd@entry=0x55cfb7176310,
sec=sec@entry=0x55cfb7179bb8, outbuf=0x55cfb7177730 "\340\061\003O{\177",
symbol_table=0x0) at simple.c:254
#6 0x000055cfb5396595 in load_specific_debug_section (file=0x55cfb7176310,
sec=0x55cfb7179bb8, debug=<optimized out>)
at ./objdump.c:3591
#7 load_specific_debug_section (debug=<optimized out>, sec=0x55cfb7179bb8,
file=0x55cfb7176310) at ./objdump.c:3549
#8 0x000055cfb53bf24b in load_separate_debug_files
(file=file@entry=0x55cfb7176310, filename=0x55cfb7176470 "poc")
at dwarf.c:11474
#9 0x000055cfb539700a in dump_bfd (abfd=abfd@entry=0x55cfb7176310,
is_mainfile=is_mainfile@entry=true) at ./objdump.c:4815
#10 0x000055cfb5397e25 in display_object_bfd (abfd=0x55cfb7176310) at
./objdump.c:5001
#11 display_any_bfd (file=0x55cfb7176310, level=0) at ./objdump.c:5091
#12 0x000055cfb5397fb3 in display_file (last_file=true, target=<optimized out>,
filename=0x7fff2f71587c "poc")
at ./objdump.c:5112
#13 display_file (filename=0x7fff2f71587c "poc", target=<optimized out>,
last_file=<optimized out>) at ./objdump.c:5095
#14 0x000055cfb5392bf0 in main (argc=<optimized out>, argv=<optimized out>) at
./objdump.c:5462
--
You are receiving this mail because:
You are on the CC list for the bug.
