[Bug binutils/23686] New: two segment fault in nm in binutils-2.31.1

Wed, 19 Sep 2018 07:21:02 -0700 

https://sourceware.org/bugzilla/show_bug.cgi?id=23686

            Bug ID: 23686
           Summary: two segment fault in nm in binutils-2.31.1
           Product: binutils
           Version: 2.31
            Status: UNCONFIRMED
          Severity: normal
          Priority: P2
         Component: binutils
          Assignee: unassigned at sourceware dot org
          Reporter: 92wyunchao at gmail dot com
  Target Milestone: ---

Created attachment 11262
  --> https://sourceware.org/bugzilla/attachment.cgi?id=11262&action=edit
poc file to reproduce the crash

Two egmentation faults in nm, attackers could leverage this vulnerability to
cause a denial of service (application crash) via a crafted ELF file.

$uname -a
Linux ubuntu 4.4.0-31-generic #50~14.04.1-Ubuntu SMP Wed Jul 13 01:06:37 UTC
2016 i686 i686 i686 GNU/Linux

$ASAN_OPTIONS=halt_on_error=false:allow_addr2line=true ./nm -A -a -l -S -s
--special-syms --synthetic --with-symbol-versions -D $POC1

ASan:
==21507==ERROR: AddressSanitizer: SEGV on unknown address 0x24600000 (pc
0x08171cdb sp 0xbfbb8800 bp 0x16c400de T0)
    #0 0x8171cda in bfd_zalloc
/home/rookie/asan/binutils-2.31.1/bfd/opncls.c:1000
    #1 0x84d24ba in _bfd_dwarf1_find_nearest_line
/home/rookie/asan/binutils-2.31.1/bfd/dwarf1.c:509
    #2 0x8336ab1 in _bfd_elf_find_nearest_line
/home/rookie/asan/binutils-2.31.1/bfd/elf.c:8757
    #3 0x80e4481 in print_symbol
/home/rookie/asan/binutils-2.31.1/binutils/nm.c:1009
    #4 0x80df268 in print_symbols
/home/rookie/asan/binutils-2.31.1/binutils/nm.c:1089
    #5 0x80df268 in display_rel_file
/home/rookie/asan/binutils-2.31.1/binutils/nm.c:1205
    #6 0x80da0d5 in display_file
/home/rookie/asan/binutils-2.31.1/binutils/nm.c:1325
    #7 0x80d6521 in main /home/rookie/asan/binutils-2.31.1/binutils/nm.c:1799
    #8 0xb7587af2 (/lib/i386-linux-gnu/libc.so.6+0x19af2)
    #9 0x80d4784 in _start
(/home/rookie/asan/binutils-2.31.1/tmp/bin/nm+0x80d4784)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV
/home/rookie/asan/binutils-2.31.1/bfd/opncls.c:1000 bfd_zalloc


$ASAN_OPTIONS=halt_on_error=false:allow_addr2line=true ./nm -A -a -l -S -s
--special-syms --synthetic --with-symbol-versions -D $POC2

ASan:
==21562==ERROR: AddressSanitizer: SEGV on unknown address 0xb1a05f30 (pc
0xb757d0e6 sp 0xbfb05e68 bp 0xbfb05ea8 T0)
    #0 0xb757d0e5 (/lib/i386-linux-gnu/libc.so.6+0x940e5)
    #1 0x80a970f in index
(/home/rookie/asan/binutils-2.31.1/tmp/bin/nm+0x80a970f)
    #2 0x8192273 in _bfd_stab_section_find_nearest_line
/home/rookie/asan/binutils-2.31.1/bfd/syms.c:1421
    #3 0x8336e02 in _bfd_elf_find_nearest_line
/home/rookie/asan/binutils-2.31.1/bfd/elf.c:8768
    #4 0x80e4481 in print_symbol
/home/rookie/asan/binutils-2.31.1/binutils/nm.c:1009
    #5 0x80df268 in print_symbols
/home/rookie/asan/binutils-2.31.1/binutils/nm.c:1089
    #6 0x80df268 in display_rel_file
/home/rookie/asan/binutils-2.31.1/binutils/nm.c:1205
    #7 0x80da0d5 in display_file
/home/rookie/asan/binutils-2.31.1/binutils/nm.c:1325
    #8 0x80d6521 in main /home/rookie/asan/binutils-2.31.1/binutils/nm.c:1799
    #9 0xb7502af2 (/lib/i386-linux-gnu/libc.so.6+0x19af2)
    #10 0x80d4784 in _start
(/home/rookie/asan/binutils-2.31.1/tmp/bin/nm+0x80d4784)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV ??:0 ??
==21562==ABORTING

-- 
You are receiving this mail because:
You are on the CC list for the bug.
_______________________________________________
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils

Reply via email to