[Bug binutils/21617] New: heap-buffer-overflow in add_symbol

aadamski at quarkslab dot com Sun, 18 Jun 2017 03:34:50 -0700

https://sourceware.org/bugzilla/show_bug.cgi?id=21617


            Bug ID: 21617
           Summary: heap-buffer-overflow in add_symbol
           Product: binutils
           Version: 2.29 (HEAD)
            Status: UNCONFIRMED
          Severity: normal
          Priority: P2
         Component: binutils
          Assignee: unassigned at sourceware dot org
          Reporter: aadamski at quarkslab dot com
  Target Milestone: ---

Hello there,

I have been fuzzing objdump with American Fuzzy Lop + ASAN/UBSAN.

Please find attached the minimized file causing the issue ("Input") and the
ASAN report log ("Output"). Below is the reduced stacktrace with links to the
corresponding source lines on a GitHub mirror.

The configuration settings used were `--enable-targets=all --disable-shared`.
The compilation flags used were `-g -O2 -fno-omit-frame-pointer
-fsanitize=address -fno-sanitize-recover=all`. The command used was `objdump
-afpxDSsgetTrR <file>`.

Let me know if there is any additional information I can provide.

--

Input: c6f371402ab3326e29cccbbf1c255de2.5592452a1178cbbe6ef564807cd1a01b.min
Output: c6f371402ab3326e29cccbbf1c255de2.5592452a1178cbbe6ef564807cd1a01b.txt

Error in "add_symbol": heap-buffer-overflow
  in add_symbol at bfd/vms-alpha.c:1105
    (see
https://github.com/bminor/binutils-gdb/blob/291e62953900e0f4998224127bc56239e421cda9/bfd/vms-alpha.c#L1105)
  in _bfd_vms_slurp_egsd at bfd/vms-alpha.c:1282
    (see
https://github.com/bminor/binutils-gdb/blob/291e62953900e0f4998224127bc56239e421cda9/bfd/vms-alpha.c#L1282)
  in _bfd_vms_slurp_object_records at bfd/vms-alpha.c:2431
    (see
https://github.com/bminor/binutils-gdb/blob/291e62953900e0f4998224127bc56239e421cda9/bfd/vms-alpha.c#L2431)
  in alpha_vms_object_p at bfd/vms-alpha.c:2615
    (see
https://github.com/bminor/binutils-gdb/blob/291e62953900e0f4998224127bc56239e421cda9/bfd/vms-alpha.c#L2615)
  in bfd_check_format_matches at bfd/format.c:311
    (see
https://github.com/bminor/binutils-gdb/blob/291e62953900e0f4998224127bc56239e421cda9/bfd/format.c#L311)
  in display_object_bfd at binutils/objdump.c:3605
    (see
https://github.com/bminor/binutils-gdb/blob/291e62953900e0f4998224127bc56239e421cda9/binutils/objdump.c#L3605)
  in display_any_bfd at binutils/objdump.c:3696
    (see
https://github.com/bminor/binutils-gdb/blob/291e62953900e0f4998224127bc56239e421cda9/binutils/objdump.c#L3696)
  in display_file at binutils/objdump.c:3717
    (see
https://github.com/bminor/binutils-gdb/blob/291e62953900e0f4998224127bc56239e421cda9/binutils/objdump.c#L3717)
  in main at binutils/objdump.c:4019
    (see
https://github.com/bminor/binutils-gdb/blob/291e62953900e0f4998224127bc56239e421cda9/binutils/objdump.c#L4019)

Input: fa09ac606bb4cd416ae450aaae6e461f.88e415b58e5b3f2f7fcdcf786e3f7271.min
Output: fa09ac606bb4cd416ae450aaae6e461f.88e415b58e5b3f2f7fcdcf786e3f7271.txt

Error in "add_symbol": heap-buffer-overflow
  in add_symbol at bfd/vms-alpha.c:1110
    (see
https://github.com/bminor/binutils-gdb/blob/291e62953900e0f4998224127bc56239e421cda9/bfd/vms-alpha.c#L1110)
  in _bfd_vms_slurp_egsd at bfd/vms-alpha.c:1240
    (see
https://github.com/bminor/binutils-gdb/blob/291e62953900e0f4998224127bc56239e421cda9/bfd/vms-alpha.c#L1240)
  in _bfd_vms_slurp_object_records at bfd/vms-alpha.c:2431
    (see
https://github.com/bminor/binutils-gdb/blob/291e62953900e0f4998224127bc56239e421cda9/bfd/vms-alpha.c#L2431)
  in alpha_vms_object_p at bfd/vms-alpha.c:2615
    (see
https://github.com/bminor/binutils-gdb/blob/291e62953900e0f4998224127bc56239e421cda9/bfd/vms-alpha.c#L2615)
  in bfd_check_format_matches at bfd/format.c:311
    (see
https://github.com/bminor/binutils-gdb/blob/291e62953900e0f4998224127bc56239e421cda9/bfd/format.c#L311)
  in display_object_bfd at binutils/objdump.c:3605
    (see
https://github.com/bminor/binutils-gdb/blob/291e62953900e0f4998224127bc56239e421cda9/binutils/objdump.c#L3605)
  in display_any_bfd at binutils/objdump.c:3696
    (see
https://github.com/bminor/binutils-gdb/blob/291e62953900e0f4998224127bc56239e421cda9/binutils/objdump.c#L3696)
  in display_file at binutils/objdump.c:3717
    (see
https://github.com/bminor/binutils-gdb/blob/291e62953900e0f4998224127bc56239e421cda9/binutils/objdump.c#L3717)
  in main at binutils/objdump.c:4019
    (see
https://github.com/bminor/binutils-gdb/blob/291e62953900e0f4998224127bc56239e421cda9/binutils/objdump.c#L4019)

-- 
You are receiving this mail because:
You are on the CC list for the bug.
_______________________________________________
bug-binutils mailing list
[email protected]
https://lists.gnu.org/mailman/listinfo/bug-binutils

[Bug binutils/21617] New: heap-buffer-overflow in add_symbol

Reply via email to