[Bug binutils/21962] New: stack overflow in getsym

Wed, 16 Aug 2017 23:08:55 -0700 

https://sourceware.org/bugzilla/show_bug.cgi?id=21962

            Bug ID: 21962
           Summary: stack overflow in getsym
           Product: binutils
           Version: unspecified
            Status: UNCONFIRMED
          Severity: critical
          Priority: P2
         Component: binutils
          Assignee: unassigned at sourceware dot org
          Reporter: 499671216 at qq dot com
  Target Milestone: ---

root@ubuntu:/home/hjy/Desktop# objdump -S stack_overflow_getsym 
=================================================================
==1744==ERROR: AddressSanitizer: stack-buffer-overflow on address 0xbfc8b8af at
pc 0x830a926 bp 0xbfc8b688 sp 0xbfc8b67c
READ of size 1 at 0xbfc8b8af thread T0
    #0 0x830a925 in getsym /home/hjy/Desktop/binutils-2.29/bfd/tekhex.c:311
    #1 0x830a925 in first_phase
/home/hjy/Desktop/binutils-2.29/bfd/tekhex.c:444
    #2 0x830ad63 in pass_over /home/hjy/Desktop/binutils-2.29/bfd/tekhex.c:554
    #3 0x830b3d9 in tekhex_object_p
/home/hjy/Desktop/binutils-2.29/bfd/tekhex.c:619
    #4 0x82bd375 in bfd_check_format_matches
/home/hjy/Desktop/binutils-2.29/bfd/format.c:311
    #5 0x806e0e1 in display_object_bfd objdump.c:3601
    #6 0x806e0e1 in display_any_bfd objdump.c:3692
    #7 0x805837d in display_file objdump.c:3713
    #8 0x805837d in main objdump.c:4015
    #9 0xb70f9a82 in __libc_start_main (/lib/i386-linux-gnu/libc.so.6+0x19a82)
    #10 0x805af8f (/usr/local/bin/objdump+0x805af8f)

Address 0xbfc8b8af is located in stack of thread T0 at offset 287 in frame
    #0 0x830a95f in pass_over /home/hjy/Desktop/binutils-2.29/bfd/tekhex.c:512

  This frame has 1 object(s):
    [32, 287) 'src' <== Memory access at offset 287 overflows this variable
HINT: this may be a false positive if your program uses some custom stack
unwind mechanism or swapcontext
      (longjmp and C++ exceptions *are* supported)
SUMMARY: AddressSanitizer: stack-buffer-overflow
/home/hjy/Desktop/binutils-2.29/bfd/tekhex.c:311 getsym
Shadow bytes around the buggy address:
  0x37f916c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x37f916d0: 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1
  0x37f916e0: 00 00 01 f4 f3 f3 f3 f3 00 00 00 00 00 00 00 00
  0x37f916f0: 00 00 f1 f1 f1 f1 00 00 00 00 00 00 00 00 00 00
  0x37f91700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x37f91710: 00 00 00 00 00[07]f3 f3 f3 f3 f3 f3 f3 f3 00 00
  0x37f91720: 00 00 00 00 00 00 f1 f1 f1 f1 04 f4 f4 f4 f3 f3
  0x37f91730: f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x37f91740: 00 00 f1 f1 f1 f1 00 00 00 00 00 00 00 04 f3 f3
  0x37f91750: f3 f3 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1
  0x37f91760: 04 f4 f4 f4 f3 f3 f3 f3 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Heap right redzone:      fb
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack partial redzone:   f4
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Contiguous container OOB:fc
  ASan internal:           fe
==1744==ABORTING


My version is 2.29,and my platform is ubuntu x86.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
_______________________________________________
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils

Reply via email to