https://sourceware.org/bugzilla/show_bug.cgi?id=22219
Bug ID: 22219
Summary: infinite loop in process_debug_info in dwarf.c in
binutils 2.30(HEAD)
Product: binutils
Version: 2.30 (HEAD)
Status: UNCONFIRMED
Severity: normal
Priority: P2
Component: binutils
Assignee: unassigned at sourceware dot org
Reporter: luanjunchao at 163 dot com
Target Milestone: ---
Created attachment 10490
--> https://sourceware.org/bugzilla/attachment.cgi?id=10490&action=edit
poc of infinite loop
When I run "objdump -x -D -S -s -g -e -G --dwarf -t -T -r -R --special-syms
--inlines --dwarf-check loop.elf", it traps into function process_debug_info.
Some of the function snippet is here:
for (section_begin = start, unit = 0; start < end; unit++)
{
......
start += compunit.cu_length + initial_length_size;
......
}
When I debug it with gdb, I can see that compuint.cu_length = 0xfffffff4 and
initial_length_size =12 which leads to start +=0 each loop. Maybe there is an
integer overflow here.
The poc is attached here.
--
You are receiving this mail because:
You are on the CC list for the bug.
_______________________________________________
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils
