https://sourceware.org/bugzilla/show_bug.cgi?id=17512
Bug ID: 17512
Summary: segfault in PE parser / _bfd_pei_swap_aouthdr_in
Product: binutils
Version: 2.24
Status: NEW
Severity: normal
Priority: P2
Component: binutils
Assignee: unassigned at sourceware dot org
Reporter: hanno at hboeck dot de
Created attachment 7849
--> https://sourceware.org/bugzilla/attachment.cgi?id=7849&action=edit
maxvals.exe
Running strings, nm or objdump on one of the attached files will segfault.
Here is a stack trace from address sanitizer:
==10552== ERROR: AddressSanitizer: stack-buffer-overflow on address
0x7fffb5979be0 at pc 0x5a2d34 bp 0x7fffb5979890 sp 0x7fffb5979888
WRITE of size 8 at 0x7fffb5979be0 thread T0
#0 0x5a2d33 in _bfd_pei_swap_aouthdr_in
/tmp/binutils-2.24.90/bfd/peigen.c:513:0
#1 0x591bf2 in pe_bfd_object_p /tmp/binutils-2.24.90/bfd/peicode.h:1339:0
#2 0x41f10b in bfd_check_format_matches
/tmp/binutils-2.24.90/bfd/format.c:305:0
#3 0x41e28f in bfd_check_format /tmp/binutils-2.24.90/bfd/format.c:94:0
#4 0x4038ed in strings_object_file
/tmp/binutils-2.24.90/binutils/strings.c:389:0
#5 0x403b29 in strings_file /tmp/binutils-2.24.90/binutils/strings.c:432:0
#6 0x4034f2 in main /tmp/binutils-2.24.90/binutils/strings.c:299:0
#7 0x7f25477b6a64 in __libc_start_main ??:0:0
#8 0x402d58 in _start ??:0:0
These samples come from here:
https://github.com/radare/radare2-regressions/tree/master/bins/pe
I tested those after reading this comment:
http://lcamtuf.blogspot.de/2014/10/psa-dont-run-strings-on-untrusted-files.html?showComment=1414290018616&m=1#c6670003407817856261
However I'm not sure if this bug is the same as the one the commenter there is
mentioning.
--
You are receiving this mail because:
You are on the CC list for the bug.
_______________________________________________
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils
