[Bug binutils/30310] New: null pointer dereference at binutils/opcodes/nfp-dis.c:2691 in init_nfp6000_priv function

Tue, 04 Apr 2023 00:32:19 -0700 

https://sourceware.org/bugzilla/show_bug.cgi?id=30310

            Bug ID: 30310
           Summary: null pointer dereference at
                    binutils/opcodes/nfp-dis.c:2691 in init_nfp6000_priv
                    function
           Product: binutils
           Version: 2.40
            Status: UNCONFIRMED
          Severity: normal
          Priority: P2
         Component: binutils
          Assignee: unassigned at sourceware dot org
          Reporter: youngseok.main at gmail dot com
  Target Milestone: ---

Created attachment 14801
  --> https://sourceware.org/bugzilla/attachment.cgi?id=14801&action=edit
poc_file used in command input

Our fuzzer found a new SEGV bug in the latest objdump build.

*Command Input*
objdump poc_file -S -m nf

poc_file is attached.

*Command Output*
/home/youngseok/data/230327/asan_inter_30_30_shrink5_1_230308/objdump/4_id:000033/poc_file:
    file format coff-sh

BFD: error:
/home/youngseok/data/230327/asan_inter_30_30_shrink5_1_230308/objdump/4_id:000033/poc_file()
is too large (0x11000000 bytes)
/home/youngseok/subjects/latest_asan_install/binutils/bin/objdump: Reading
section  failed because: file truncated

Disassembly of section :

000000009f0408e8 <>:
ASAN:DEADLYSIGNAL

*Sanitizer Dump*
==26815==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc
0x5555566b3bf5 bp 0x7fffffffd280 sp 0x7fffffffcfd0 T0)
==26815==The signal is caused by a READ memory access.
==26815==Hint: address points to the zero page.
    #0 0x5555566b3bf4 in init_nfp6000_priv
/home/youngseok/subjects/latest_asan_sources/binutils/opcodes/nfp-dis.c:2691
    #1 0x5555566b4423 in init_nfp_priv
/home/youngseok/subjects/latest_asan_sources/binutils/opcodes/nfp-dis.c:2784
    #2 0x5555566b4524 in _print_instrs
/home/youngseok/subjects/latest_asan_sources/binutils/opcodes/nfp-dis.c:2801
    #3 0x5555566b5562 in print_insn_nfp
/home/youngseok/subjects/latest_asan_sources/binutils/opcodes/nfp-dis.c:2971
    #4 0x55555635f7df in disassemble_bytes objdump.c:3433
    #5 0x55555636302e in disassemble_section objdump.c:4050
    #6 0x555556857786 in bfd_map_over_sections
/home/youngseok/subjects/latest_asan_sources/binutils/bfd/section.c:1366
    #7 0x555556363fff in disassemble_data objdump.c:4199
    #8 0x55555636ba74 in dump_bfd objdump.c:5683
    #9 0x55555636bd31 in display_object_bfd objdump.c:5744
    #10 0x55555636c07a in display_any_bfd objdump.c:5831
    #11 0x55555636c0f0 in display_file objdump.c:5852
    #12 0x55555636da7c in main objdump.c:6263
    #13 0x7ffff6844c86 in __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x21c86)
    #14 0x555556351ad9 in _start
(/home/youngseok/subjects/latest_asan_install/binutils/bin/objdump+0xdfdad9)

*Environment*
- OS: Ubuntu 18.04
- gcc: 7.5.0
- binutils: 2.40.50.20230404

binutils is built it address sanitizer. Here is the build script:
CFLAGS="-fsanitize=address -g -O0" CXXFLAGS="-fsanitize=address -g -O0" \
./configure --enable-targets=all

-- 
You are receiving this mail because:
You are on the CC list for the bug.

Reply via email to