https://sourceware.org/bugzilla/show_bug.cgi?id=21933
Bug ID: 21933
Summary: heap buffer overflow in elf_read_notes
Product: binutils
Version: 2.29
Status: UNCONFIRMED
Severity: critical
Priority: P2
Component: binutils
Assignee: unassigned at sourceware dot org
Reporter: 499671216 at qq dot com
Target Milestone: ---
Created attachment 10330
--> https://sourceware.org/bugzilla/attachment.cgi?id=10330&action=edit
heapbuffuerflow-objdimp
=================================================================
==26165==ERROR: AddressSanitizer: heap-buffer-overflow on address 0xb5e006cf at
pc 0x83c5e28 bp 0xbfd91768 sp 0xbfd9175c
WRITE of size 1 at 0xb5e006cf thread T0
#0 0x83c5e27 in elf_read_notes
/home/hjy/Desktop/binutils-2.29/bfd/elf.c:10991
#1 0x83c5e27 in bfd_section_from_phdr
/home/hjy/Desktop/binutils-2.29/bfd/elf.c:2983
#2 0x838d742 in bfd_elf32_core_file_p
/home/hjy/Desktop/binutils-2.29/bfd/elfcore.h:277
#3 0x82bd375 in bfd_check_format_matches
/home/hjy/Desktop/binutils-2.29/bfd/format.c:311
#4 0x806e19b in display_object_bfd objdump.c:3621
#5 0x806e19b in display_any_bfd objdump.c:3692
#6 0x805837d in display_file objdump.c:3713
#7 0x805837d in main objdump.c:4015
#8 0xb712da82 in __libc_start_main (/lib/i386-linux-gnu/libc.so.6+0x19a82)
#9 0x805af8f (/usr/local/bin/objdump+0x805af8f)
0xb5e006cf is located 1 bytes to the left of 1-byte region
[0xb5e006d0,0xb5e006d1)
allocated by thread T0 here:
#0 0xb731788a in __interceptor_malloc
(/usr/lib/i386-linux-gnu/libasan.so.1+0x4e88a)
#1 0x82c87c6 in bfd_malloc /home/hjy/Desktop/binutils-2.29/bfd/libbfd.c:193
#2 0x83c5d0b in elf_read_notes
/home/hjy/Desktop/binutils-2.29/bfd/elf.c:10985
#3 0x83c5d0b in bfd_section_from_phdr
/home/hjy/Desktop/binutils-2.29/bfd/elf.c:2983
#4 0x838d742 in bfd_elf32_core_file_p
/home/hjy/Desktop/binutils-2.29/bfd/elfcore.h:277
#5 0x82bd375 in bfd_check_format_matches
/home/hjy/Desktop/binutils-2.29/bfd/format.c:311
#6 0x806e19b in display_object_bfd objdump.c:3621
#7 0x806e19b in display_any_bfd objdump.c:3692
#8 0x805837d in display_file objdump.c:3713
#9 0x805837d in main objdump.c:4015
#10 0xb712da82 in __libc_start_main (/lib/i386-linux-gnu/libc.so.6+0x19a82)
SUMMARY: AddressSanitizer: heap-buffer-overflow
/home/hjy/Desktop/binutils-2.29/bfd/elf.c:10991 elf_read_notes
Shadow bytes around the buggy address:
0x36bc0080: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x36bc0090: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x36bc00a0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x36bc00b0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x36bc00c0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
=>0x36bc00d0: fa fa fa fa fa fa fa fa fa[fa]01 fa fa fa 00 04
0x36bc00e0: fa fa 00 04 fa fa 00 00 fa fa 00 01 fa fa 00 04
0x36bc00f0: fa fa 00 04 fa fa 00 04 fa fa 00 00 fa fa fd fa
0x36bc0100: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x36bc0110: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x36bc0120: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap right redzone: fb
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Contiguous container OOB:fc
ASan internal: fe
==26165==ABORTING
--
You are receiving this mail because:
You are on the CC list for the bug.
_______________________________________________
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils
