[Bug binutils/23147] New: Heap buffer overflow in pe_print_idata

Mon, 07 May 2018 07:35:47 -0700 

https://sourceware.org/bugzilla/show_bug.cgi?id=23147

            Bug ID: 23147
           Summary: Heap buffer overflow in pe_print_idata
           Product: binutils
           Version: 2.31 (HEAD)
            Status: UNCONFIRMED
          Severity: normal
          Priority: P2
         Component: binutils
          Assignee: unassigned at sourceware dot org
          Reporter: mgcho.minic at gmail dot com
  Target Milestone: ---

Created attachment 10998
  --> https://sourceware.org/bugzilla/attachment.cgi?id=10998&action=edit
POC to trigger bug

Triggered by "./objdump -x -W $POC"
Tested on Ubuntu 16.04 (x86)


Heap buffer overread occurred when processing malformed PE file.

The GDB debugging information is as follows:

ASAN output:

==26446==ERROR: AddressSanitizer: heap-buffer-overflow on address 0xb5e0207f at
pc 0x08293f7a bp 0xbfc8e458 sp 0xbfc8e44c
READ of size 1 at 0xb5e0207f thread T0
    #0 0x8293f79 in bfd_getl32
/home/min/fuzzing/src/binutils/binutils-gdb/bfd/libbfd.c:635:23
    #1 0x852550a in pe_print_idata
/home/min/fuzzing/src/binutils/binutils-gdb/bfd/peigen.c:1544:31
    #2 0x8523579 in _bfd_pe_print_private_bfd_data_common
/home/min/fuzzing/src/binutils/binutils-gdb/bfd/peigen.c:2905:3
    #3 0x84ed8f4 in pe_print_private_bfd_data
/home/min/fuzzing/src/binutils/binutils-gdb/bfd/./peicode.h:336:8
    #4 0x814737f in dump_bfd_private_header
/home/min/fuzzing/src/binutils/binutils-gdb/binutils/./objdump.c:2996:3
    #5 0x8145d10 in dump_bfd
/home/min/fuzzing/src/binutils/binutils-gdb/binutils/./objdump.c:3589:5
    #6 0x8145539 in display_object_bfd
/home/min/fuzzing/src/binutils/binutils-gdb/binutils/./objdump.c:3688:7
    #7 0x8145425 in display_any_bfd
/home/min/fuzzing/src/binutils/binutils-gdb/binutils/./objdump.c:3777:5
    #8 0x8144e8b in display_file
/home/min/fuzzing/src/binutils/binutils-gdb/binutils/./objdump.c:3798:3
    #9 0x814457b in main
/home/min/fuzzing/src/binutils/binutils-gdb/binutils/./objdump.c:4100:6
    #10 0xb74f4636 in __libc_start_main
/build/glibc-mUak1Y/glibc-2.23/csu/../csu/libc-start.c:291
    #11 0x806ca37 in _start
(/home/min/fuzzing/program/binutils-2.30-21432/bin/objdump+0x806ca37)


Credits:

Mingi Cho and Taekyoung Kwon of the Information Security Lab, Yonsei
University.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
_______________________________________________
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils

Reply via email to