[Bug binutils/21614] New: global-buffer-overflow in print_insn_score16

Sun, 18 Jun 2017 03:24:07 -0700 

https://sourceware.org/bugzilla/show_bug.cgi?id=21614

            Bug ID: 21614
           Summary: global-buffer-overflow in print_insn_score16
           Product: binutils
           Version: 2.29 (HEAD)
            Status: UNCONFIRMED
          Severity: normal
          Priority: P2
         Component: binutils
          Assignee: unassigned at sourceware dot org
          Reporter: aadamski at quarkslab dot com
  Target Milestone: ---

Hello there,

I have been fuzzing objdump with American Fuzzy Lop + ASAN/UBSAN.

Please find attached the minimized file causing the issue ("Input") and the
ASAN report log ("Output"). Below is the reduced stacktrace with links to the
corresponding source lines on a GitHub mirror.

The configuration settings used were `--enable-targets=all --disable-shared`.
The compilation flags used were `-g -O2 -fno-omit-frame-pointer
-fsanitize=address -fno-sanitize-recover=all`. The command used was `objdump
-afpxDSsgetTrR <file>`.

Let me know if there is any additional information I can provide.

--

Input: cd30cb3f0a6f04174b775b493c5422be.46a1b617d95829da6c2071b06e800f44.min
Output: cd30cb3f0a6f04174b775b493c5422be.46a1b617d95829da6c2071b06e800f44.txt

Error in "print_insn_score16": global-buffer-overflow
  in print_insn_score16 at opcodes/score-dis.c:886
    (see
https://github.com/bminor/binutils-gdb/blob/291e62953900e0f4998224127bc56239e421cda9/opcodes/score-dis.c#L886)
  in s3_print_insn at opcodes/score-dis.c:1078
    (see
https://github.com/bminor/binutils-gdb/blob/291e62953900e0f4998224127bc56239e421cda9/opcodes/score-dis.c#L1078)
  in print_insn_little_score at opcodes/score-dis.c:1190
    (see
https://github.com/bminor/binutils-gdb/blob/291e62953900e0f4998224127bc56239e421cda9/opcodes/score-dis.c#L1190)
  in disassemble_bytes at binutils/objdump.c:1864
    (see
https://github.com/bminor/binutils-gdb/blob/291e62953900e0f4998224127bc56239e421cda9/binutils/objdump.c#L1864)
  in disassemble_section at binutils/objdump.c:2312
    (see
https://github.com/bminor/binutils-gdb/blob/291e62953900e0f4998224127bc56239e421cda9/binutils/objdump.c#L2312)
  in bfd_map_over_sections at bfd/section.c:1395
    (see
https://github.com/bminor/binutils-gdb/blob/291e62953900e0f4998224127bc56239e421cda9/bfd/section.c#L1395)
  in disassemble_data at binutils/objdump.c:2448
    (see
https://github.com/bminor/binutils-gdb/blob/291e62953900e0f4998224127bc56239e421cda9/binutils/objdump.c#L2448)
  in dump_bfd at binutils/objdump.c:3550
    (see
https://github.com/bminor/binutils-gdb/blob/291e62953900e0f4998224127bc56239e421cda9/binutils/objdump.c#L3550)
  in display_file at binutils/objdump.c:3717
    (see
https://github.com/bminor/binutils-gdb/blob/291e62953900e0f4998224127bc56239e421cda9/binutils/objdump.c#L3717)
  in main at binutils/objdump.c:4019
    (see
https://github.com/bminor/binutils-gdb/blob/291e62953900e0f4998224127bc56239e421cda9/binutils/objdump.c#L4019)

-- 
You are receiving this mail because:
You are on the CC list for the bug.
_______________________________________________
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils

Reply via email to