[Bug binutils/28540] New: Buffer Overflow on Dwarf.c

Wed, 03 Nov 2021 15:46:40 -0700 

https://sourceware.org/bugzilla/show_bug.cgi?id=28540

            Bug ID: 28540
           Summary: Buffer Overflow on Dwarf.c
           Product: binutils
           Version: 2.37
            Status: UNCONFIRMED
          Severity: critical
          Priority: P2
         Component: binutils
          Assignee: unassigned at sourceware dot org
          Reporter: petryx78 at gmail dot com
  Target Milestone: ---

Created attachment 13755
  --> https://sourceware.org/bugzilla/attachment.cgi?id=13755&action=edit
Crash File

Hi binutils Team,


I was recently doing security tests with AFL-Fuzz, and I ended up discovering a
buffer overflow in the binutils-2.37 package, more specifically in the objdump
binary.

I already requested a CVE ID, but have not received it yet.


Reproduce:

$ binutils-2.37/binutils/objdump -D -T -x crash_2.37
[1]    8585 segmentation fault (core dumped)  binutils-2.37/binutils/objdump -D
-T -x crash_2.37

Backtrace

#0  0x0000000000000000 in ?? ()
#1  0x000000000044c263 in parse_gnu_debuglink (section=section@entry=0xf65ac0
<debug_displays+4160>, data=data@entry=0x7fffffffdef0) at dwarf.c:10874
#2  0x00000000004517fa in load_separate_debug_info
(main_filename=main_filename@entry=0x62100001cd10 "crash_2.37",
xlink=xlink@entry=0xf65ac0 <debug_displays+4160>,
parse_func=parse_func@entry=0x44c130 <parse_gnu_debuglink>,
check_func=check_func@entry=0x44c4f0 <check_gnu_debuglink>,
func_data=func_data@entry=0x7fffffffdef0, file=0x61200000bec0) at dwarf.c:11022
#3  0x0000000000452654 in check_for_and_load_links
(file=file@entry=0x61200000bec0, filename=filename@entry=0x62100001cd10
"crash_2.37") at dwarf.c:11346
#4  0x00000000004c84d3 in load_separate_debug_files
(file=file@entry=0x61200000bec0, filename=0x62100001cd10 "crash_2.37") at
dwarf.c:11462
#5  0x0000000000430a0d in dump_bfd (abfd=abfd@entry=0x61200000bec0,
is_mainfile=is_mainfile@entry=0x1) at ./objdump.c:4874
#6  0x000000000043361d in display_object_bfd (abfd=0x61200000bec0) at
./objdump.c:5060
#7  display_any_bfd (file=file@entry=0x61200000bec0, level=level@entry=0x0) at
./objdump.c:5150
#8  0x0000000000411c24 in display_file (last_file=0x1, target=<optimized out>,
filename=0x7fffffffe727 "crash_2.37") at ./objdump.c:5171
#9  main (argc=0x5, argv=0x7fffffffe488) at ./objdump.c:5521

-- 
You are receiving this mail because:
You are on the CC list for the bug.

Reply via email to