[Bug binutils/24374] New: segement fault in bfd_getl32 in libbfd.c

Thu, 21 Mar 2019 19:45:29 -0700 

https://sourceware.org/bugzilla/show_bug.cgi?id=24374

            Bug ID: 24374
           Summary: segement fault in bfd_getl32 in libbfd.c
           Product: binutils
           Version: 2.32
            Status: UNCONFIRMED
          Severity: normal
          Priority: P2
         Component: binutils
          Assignee: unassigned at sourceware dot org
          Reporter: 92wyunchao at gmail dot com
  Target Milestone: ---

Created attachment 11693
  --> https://sourceware.org/bugzilla/attachment.cgi?id=11693&action=edit
poc to reproduce the crash

There exists one segemnt fault issue in  in bfd_getl32 in libbfd.c in binutils
2.32(http://ftp.gnu.org/gnu/binutils/), which could allows attacker to cause a
denial-of-service through a crafted pe file.

$ objdump -x poc

ASAN:SIGSEGV
=================================================================
==6538==ERROR: AddressSanitizer: SEGV on unknown address 0x1b344803 (pc
0x0841cc9b sp 0xbfe94940 bp 0x1696074c T0)
    #0 0x841cc9a in bfd_getl32 /home/rookie/asan/binutils-2.32/bfd/libbfd.c:695
    #1 0x886208b in rsrc_print_resource_directory
/home/rookie/asan/binutils-2.32/bfd/peigen.c:2478
    #2 0x8864036 in rsrc_print_resource_entries
/home/rookie/asan/binutils-2.32/bfd/peigen.c:2415
    #3 0x8862536 in rsrc_print_resource_directory
/home/rookie/asan/binutils-2.32/bfd/peigen.c:2502
    #4 0x883fed6 in rsrc_print_section
/home/rookie/asan/binutils-2.32/bfd/peigen.c:2563
    #5 0x883fed6 in _bfd_pe_print_private_bfd_data_common
/home/rookie/asan/binutils-2.32/bfd/peigen.c:2917
    #6 0x8802e1f in pe_print_private_bfd_data
/home/rookie/asan/binutils-2.32/bfd/./peicode.h:336
    #7 0x80e52a5 in dump_bfd_private_header
/home/rookie/asan/binutils-2.32/binutils/./objdump.c:3181
    #8 0x80e52a5 in dump_bfd
/home/rookie/asan/binutils-2.32/binutils/./objdump.c:3782
    #9 0x80e192b in display_object_bfd
/home/rookie/asan/binutils-2.32/binutils/./objdump.c:3883
    #10 0x80e192b in display_any_bfd
/home/rookie/asan/binutils-2.32/binutils/./objdump.c:3973
    #11 0x80de550 in display_file
/home/rookie/asan/binutils-2.32/binutils/./objdump.c:3994
    #12 0x80de550 in main
/home/rookie/asan/binutils-2.32/binutils/./objdump.c:4304
    #13 0xb755eaf2 (/lib/i386-linux-gnu/libc.so.6+0x19af2)
    #14 0x80d6574 in _start
(/home/rookie/asan/binutils-2.32/build/bin/objdump+0x80d6574)

-- 
You are receiving this mail because:
You are on the CC list for the bug.
_______________________________________________
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils

Reply via email to