[Bug binutils/21633] New: SEGV on unknown address in ieee_archive_p

aadamski at quarkslab dot com Tue, 20 Jun 2017 09:04:23 -0700

https://sourceware.org/bugzilla/show_bug.cgi?id=21633


            Bug ID: 21633
           Summary: SEGV on unknown address in ieee_archive_p
           Product: binutils
           Version: 2.29 (HEAD)
            Status: UNCONFIRMED
          Severity: critical
          Priority: P2
         Component: binutils
          Assignee: unassigned at sourceware dot org
          Reporter: aadamski at quarkslab dot com
  Target Milestone: ---

>  library = read_id (&(ieee->h));
>  if (strcmp (library, "LIBRARY") != 0)
>    goto got_wrong_format_error;

In some cases, read_id will return NULL. Passing NULL to strcmp is undefined
behavior, but will most likely result in NULL pointer dereferencing.

--

Hello there,

I have been fuzzing objdump with American Fuzzy Lop + ASAN/UBSAN.

Please find attached the minimized file causing the issue ("Input") and the
ASAN report log ("Output"). Below is the reduced stacktrace with links to the
corresponding source lines on a GitHub mirror.

The configuration settings used were `--enable-targets=all --disable-shared`.
The compilation flags used were `-g -O2 -fno-omit-frame-pointer
-fsanitize=address -fno-sanitize-recover=all`. The command used
 was `objdump -afpxDSsgetTrR <file>`.

Let me know if there is any additional information I can provide.

--

Input: 48434ef89a43c1c651f2ae1f119f66d5.ad838a36e394493801cb2b3c3b191dc2.min
Output: 48434ef89a43c1c651f2ae1f119f66d5.ad838a36e394493801cb2b3c3b191dc2.txt

Error in "ieee_archive_p": SEGV on unknown address 0x000000000000 (pc
0x00000048a7bd bp 0x7fffffffe0e0 sp 0x7fffffffd850 T0)
  in ieee_archive_p at bfd/ieee.c:1398
    (see
https://github.com/bminor/binutils-gdb/blob/a6cab9afd2c81465265c8d09569e3e6ef43d2954/bfd/ieee.c#L1398)
  in bfd_check_format_matches at bfd/format.c:311
    (see
https://github.com/bminor/binutils-gdb/blob/a6cab9afd2c81465265c8d09569e3e6ef43d2954/bfd/format.c#L311)
  in display_any_bfd at binutils/objdump.c:3651
    (see
https://github.com/bminor/binutils-gdb/blob/a6cab9afd2c81465265c8d09569e3e6ef43d2954/binutils/objdump.c#L3651)
  in display_file at binutils/objdump.c:3720
    (see
https://github.com/bminor/binutils-gdb/blob/a6cab9afd2c81465265c8d09569e3e6ef43d2954/binutils/objdump.c#L3720)
  in main at binutils/objdump.c:4024
    (see
https://github.com/bminor/binutils-gdb/blob/a6cab9afd2c81465265c8d09569e3e6ef43d2954/binutils/objdump.c#L4024)

-- 
You are receiving this mail because:
You are on the CC list for the bug.
_______________________________________________
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils

[Bug binutils/21633] New: SEGV on unknown address in ieee_archive_p

Reply via email to