[Bug binutils/24272] New: An out-of-bounds read occured in pex64_xdata_print_uwd_codes()

Tue, 26 Feb 2019 21:26:59 -0800 

https://sourceware.org/bugzilla/show_bug.cgi?id=24272

            Bug ID: 24272
           Summary: An out-of-bounds read occured in
                    pex64_xdata_print_uwd_codes()
           Product: binutils
           Version: 2.33 (HEAD)
            Status: UNCONFIRMED
          Severity: normal
          Priority: P2
         Component: binutils
          Assignee: unassigned at sourceware dot org
          Reporter: mgcho.minic at gmail dot com
  Target Milestone: ---

Created attachment 11651
  --> https://sourceware.org/bugzilla/attachment.cgi?id=11651&action=edit
Poc to trigger bug

Triggered by "./objdump -x $POC"
Tested on Ubuntu 16.04 (x86)

An out-of-bounds read occurred when processing malformed PE file.

ASAN output:

==173033==ERROR: AddressSanitizer: heap-buffer-overflow on address 0xf4c03bff
at pc 0x082e6896 bp 0xffa38b98 sp 0xffa38b8c
READ of size 1 at 0xf4c03bff thread T0
    #0 0x82e6895 in bfd_getl32
/home/seclab/fuzzing-experiment/fuzzing/src/binutils-2.32/bfd/libbfd.c:698:24
    #1 0x871c088 in pex64_xdata_print_uwd_codes
/home/seclab/fuzzing-experiment/fuzzing/src/binutils-2.32/bfd/pei-x86_64.c:299:10
    #2 0x8717f8c in pex64_dump_xdata
/home/seclab/fuzzing-experiment/fuzzing/src/binutils-2.32/bfd/pei-x86_64.c:441:5
    #3 0x8709661 in pex64_bfd_print_pdata_section
/home/seclab/fuzzing-experiment/fuzzing/src/binutils-2.32/bfd/pei-x86_64.c:758:8
    #4 0x87050ee in pex64_bfd_print_pdata
/home/seclab/fuzzing-experiment/fuzzing/src/binutils-2.32/bfd/pei-x86_64.c:794:12
    #5 0x875d7e9 in _bfd_pex64_print_private_bfd_data_common
/home/seclab/fuzzing-experiment/fuzzing/src/binutils-2.32/bfd/pex64igen.c:2911:5
    #6 0x871488a in pe_print_private_bfd_data
/home/seclab/fuzzing-experiment/fuzzing/src/binutils-2.32/bfd/./peicode.h:336:8
    #7 0x8172403 in dump_bfd_private_header
/home/seclab/fuzzing-experiment/fuzzing/src/binutils-2.32/binutils/./objdump.c:3181:3
    #8 0x8170bc1 in dump_bfd
/home/seclab/fuzzing-experiment/fuzzing/src/binutils-2.32/binutils/./objdump.c:3782:5
    #9 0x8170346 in display_object_bfd
/home/seclab/fuzzing-experiment/fuzzing/src/binutils-2.32/binutils/./objdump.c:3883:7
    #10 0x817024d in display_any_bfd
/home/seclab/fuzzing-experiment/fuzzing/src/binutils-2.32/binutils/./objdump.c:3973:5
    #11 0x816f840 in display_file
/home/seclab/fuzzing-experiment/fuzzing/src/binutils-2.32/binutils/./objdump.c:3994:3
    #12 0x816ef52 in main
/home/seclab/fuzzing-experiment/fuzzing/src/binutils-2.32/binutils/./objdump.c:4304:6
    #13 0xf74b7636 in __libc_start_main (/lib/i386-linux-gnu/libc.so.6+0x18636)
    #14 0x806c907 in _start
(/home/seclab/fuzzing-experiment/fuzzing/program/x86/binutils-2.32/clang5-asan-debug/bin/objdump+0x806c907)

Credits:

Mingi Cho, Seoyoung Kim, and Taekyoung Kwon of the Information Security Lab,
Yonsei University.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
_______________________________________________
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils

Reply via email to