[Bug binutils/18257] objdump -d crashes on kandw-instruction (x86-64)

Mon, 13 Apr 2015 14:58:33 -0700 

https://sourceware.org/bugzilla/show_bug.cgi?id=18257

--- Comment #3 from lukas.lueg at gmail dot com ---
~/gdb ~/dev/binutils-gdb/binutils/objdump
...
(gdb) run -d ./a.out
...
00000000004004f6 <main>:
  4004f6:    55                       push   %rbp
  4004f7:    48 89 e5                 mov    %rsp,%rbp

Program received signal SIGSEGV, Segmentation fault.
0x00000032626a20a7 in __stpcpy_sse2_unaligned () from /lib64/libc.so.6
(gdb) bt
#0  0x00000032626a20a7 in __stpcpy_sse2_unaligned () from /lib64/libc.so.6
#1  0x000000000054d6e4 in oappend (s=0x0) at i386-dis.c:14148
#2  0x000000000054f4ce in OP_G (bytemode=64, sizeflag=3) at i386-dis.c:15258
#3  0x000000000054b8bc in print_insn (pc=4195578, info=0x7fffffffdb90)
    at i386-dis.c:13084
#4  0x000000000054987e in print_insn_i386 (pc=4195578, info=0x7fffffffdb90)
    at i386-dis.c:12332
#5  0x00000000004223dc in disassemble_bytes (relppend=<optimized out>, 
    relppp=<synthetic pointer>, rel_offset=<optimized out>, stop_offset=272, 
    start_offset=<optimized out>, data=<optimized out>, insns=1, 
    disassemble_fn=0x549854 <print_insn_i386>, inf=<optimized out>)
    at ./objdump.c:1688
#6  disassemble_section (abfd=0x9c11c0, section=0x9c5288, inf=<optimized out>)
    at ./objdump.c:2126
#7  0x00000000005615c2 in bfd_map_over_sections (abfd=0x9c11c0, 
    operation=0x41f320 <disassemble_section>, user_storage=0x7fffffffdb90)
    at section.c:1354
#8  0x000000000041197c in disassemble_data (abfd=abfd@entry=0x9c11c0)
    at ./objdump.c:2262
#9  0x000000000041cfa0 in dump_bfd (abfd=abfd@entry=0x9c11c0)
    at ./objdump.c:3308
#10 0x000000000041e950 in display_object_bfd (abfd=0x9c11c0)
    at ./objdump.c:3365
---Type <return> to continue, or q <return> to quit---
#11 display_any_bfd (file=file@entry=0x9c11c0, level=level@entry=0)
    at ./objdump.c:3454
#12 0x000000000040a3ba in display_file (target=<optimized out>, 
    filename=0x7fffffffe200 "./a.out") at ./objdump.c:3475
#13 main (argc=3, argv=0x7fffffffde78) at ./objdump.c:3758
(gdb) up
#1  0x000000000054d6e4 in oappend (s=0x0) at i386-dis.c:14148
14148      obufp = stpcpy (obufp, s);
(gdb) up
#2  0x000000000054f4ce in OP_G (bytemode=64, sizeflag=3) at i386-dis.c:15258
15258          oappend (names_mask[modrm.reg + add]);
(gdb) p modrm
$1 = {mod = 2, reg = 7, rm = 0}
(gdb) p add
$2 = 8

modrm.reg + add = 15, which overflows names_mask

-- 
You are receiving this mail because:
You are on the CC list for the bug.

_______________________________________________
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils

Reply via email to