[Bug ld/17713] New: 64-bit linker fails("Segment Fault") call libbfd

Sun, 14 Dec 2014 23:47:13 -0800 

https://sourceware.org/bugzilla/show_bug.cgi?id=17713

            Bug ID: 17713
           Summary: 64-bit linker fails("Segment Fault") call libbfd
           Product: binutils
           Version: 2.24
            Status: NEW
          Severity: critical
          Priority: P2
         Component: ld
          Assignee: unassigned at sourceware dot org
          Reporter: rootkitsecurity at gmail dot com

Created attachment 8014
  --> https://sourceware.org/bugzilla/attachment.cgi?id=8014&action=edit
poc

Hello, everyone!
I use Melkor ELF Fuzzer to test elf file on ubuntu 14.04.1-server 64-bit.
When ld program to linker poc.o file have a Segment Fault, maybe a vuln.
Let's see my simple analysis.:)

Sorry for all grammar mistakes in my writing, English is my second language

$./binutils-2.24/ld/ld-new -V
GNU ld (GNU Binutils for Ubuntu) 2.24

$./binutils-2.24/ld/ld-new poc.o
Segmentation fault

$gdb -q ./binutils-2.24/ld/ld-new
(gdb)r poc.o
Starting program: /home/tester/sample/binutils-2.24/ld/ld-new poc.o

Program received signal SIGSEGV, Segmentation fault.
_bfd_elf_gc_mark_rsec (info=0x7a1280 <link_info>, sec=0x7cc3b8,
sec@entry=0x7a1280 <link_info>,
    gc_mark_hook=0x44b1c0 <elf_x86_64_gc_mark_hook>, cookie=0x7fffffffe2e0) at
elflink.c:11697
11697             || h->root.type == bfd_link_hash_warning)
(gdb)disas
[...]
0x0000000000475f16 <+54>:    movzbl 0x18(%rcx),%eax
[...]
(gdb) info reg rcx
rcx            0x0    0

ProcMap:
00400000-004fe000 r-xp 00000000 08:01 920117                            
/usr/bin/ld.bfd
 006fd000-006fe000 r--p 000fd000 08:01 920117                            
/usr/bin/ld.bfd
 006fe000-00701000 rw-p 000fe000 08:01 920117                            
/usr/bin/ld.bfd
 00701000-00703000 rw-p 00000000 00:00 0
 01037000-0107a000 rw-p 00000000 00:00 0                                 
[heap]
 7f92ca7d7000-7f92cace3000 r--p 00000000 08:01 922168                    
/usr/lib/locale/locale-archive
 7f92cace3000-7f92cacfb000 r-xp 00000000 08:01 3801374                   
/lib/x86_64-linux-gnu/libz.so.1.2.8
 7f92cacfb000-7f92caefa000 ---p 00018000 08:01 3801374                   
/lib/x86_64-linux-gnu/libz.so.1.2.8
 7f92caefa000-7f92caefb000 r--p 00017000 08:01 3801374                   
/lib/x86_64-linux-gnu/libz.so.1.2.8
 7f92caefb000-7f92caefc000 rw-p 00018000 08:01 3801374                   
/lib/x86_64-linux-gnu/libz.so.1.2.8
 7f92caefc000-7f92cb0b7000 r-xp 00000000 08:01 3805453                   
/lib/x86_64-linux-gnu/libc-2.19.so
 7f92cb0b7000-7f92cb2b7000 ---p 001bb000 08:01 3805453                   
/lib/x86_64-linux-gnu/libc-2.19.so
 7f92cb2b7000-7f92cb2bb000 r--p 001bb000 08:01 3805453                   
/lib/x86_64-linux-gnu/libc-2.19.so
 7f92cb2bb000-7f92cb2bd000 rw-p 001bf000 08:01 3805453                   
/lib/x86_64-linux-gnu/libc-2.19.so
 7f92cb2bd000-7f92cb2c2000 rw-p 00000000 00:00 0
 7f92cb2c2000-7f92cb2c5000 r-xp 00000000 08:01 3805465                   
/lib/x86_64-linux-gnu/libdl-2.19.so
 7f92cb2c5000-7f92cb4c4000 ---p 00003000 08:01 3805465                   
/lib/x86_64-linux-gnu/libdl-2.19.so
 7f92cb4c4000-7f92cb4c5000 r--p 00002000 08:01 3805465                   
/lib/x86_64-linux-gnu/libdl-2.19.so
 7f92cb4c5000-7f92cb4c6000 rw-p 00003000 08:01 3805465                   
/lib/x86_64-linux-gnu/libdl-2.19.so
 7f92cb4c6000-7f92cb5ca000 r-xp 00000000 08:01 920099                    
/usr/lib/libbfd-2.24-system.so
 7f92cb5ca000-7f92cb7c9000 ---p 00104000 08:01 920099                    
/usr/lib/libbfd-2.24-system.so
 7f92cb7c9000-7f92cb7dc000 r--p 00103000 08:01 920099                    
/usr/lib/libbfd-2.24-system.so
 7f92cb7dc000-7f92cb7e2000 rw-p 00116000 08:01 920099                    
/usr/lib/libbfd-2.24-system.so
 7f92cb7e2000-7f92cb7e6000 rw-p 00000000 00:00 0
 7f92cb7e6000-7f92cb809000 r-xp 00000000 08:01 3805454                   
/lib/x86_64-linux-gnu/ld-2.19.so
 7f92cb9ee000-7f92cb9f5000 r--p 00000000 08:01 2101680                   
/usr/share/locale-langpack/zh_CN/LC_MESSAGES/ld.mo
7f92cb9f5000-7f92cb9fc000 r--s 00000000 08:01 926046                    
/usr/lib/x86_64-linux-gnu/gconv/gconv-modules.cache
 7f92cb9fc000-7f92cba00000 rw-p 00000000 00:00 0
 7f92cba02000-7f92cba08000 rw-p 00000000 00:00 0
 7f92cba08000-7f92cba09000 r--p 00022000 08:01 3805454                   
/lib/x86_64-linux-gnu/ld-2.19.so
 7f92cba09000-7f92cba0a000 rw-p 00023000 08:01 3805454                   
/lib/x86_64-linux-gnu/ld-2.19.so
 7f92cba0a000-7f92cba0b000 rw-p 00000000 00:00 0
 7fff2cb4a000-7fff2cb6b000 rw-p 00000000 00:00 0                         
[stack]
 7fff2cbfe000-7fff2cc00000 r-xp 00000000 00:00 0                         
[vdso]
 ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0                 
[vsyscall]

-- 
You are receiving this mail because:
You are on the CC list for the bug.

_______________________________________________
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils

Reply via email to