[Bug binutils/29922] New: Huge memoy allocation in nm

pdeng21 at m dot fudan.edu.cn Tue, 20 Dec 2022 04:06:29 -0800

https://sourceware.org/bugzilla/show_bug.cgi?id=29922


            Bug ID: 29922
           Summary: Huge memoy allocation in nm
           Product: binutils
           Version: 2.39
            Status: UNCONFIRMED
          Severity: normal
          Priority: P2
         Component: binutils
          Assignee: unassigned at sourceware dot org
          Reporter: pdeng21 at m dot fudan.edu.cn
  Target Milestone: ---

Created attachment 14528
  --> https://sourceware.org/bugzilla/attachment.cgi?id=14528&action=edit
POC

#Summary
There is a huge memory allocation vulnerability in nm-new, which can be
triggered by a craft elf file.

#Verification
git clone git://sourceware.org/git/binutils-gdb.git
CC="clang -fsanitize=address" CXX="clang++ -fsanitize=address" ./configure
--disable-shared && make -j$(nproc)
./binutils/nm-new -A -a -l -S -s --special-syms --synthetic
--with-symbol-versions -D poc

#ASAN
./binutils/nm-new: poc: invalid string offset 2147483648 >= 472 for section
`.ung.ab'
./binutils/nm-new: poc: invalid string offset 32768 >= 472 for section
`.ung.ab'
./binutils/nm-new: poc: invalid string offset 65280 >= 472 for section
`.ung.ab'
./binutils/nm-new: poc: invalid string offset 4076863487 >= 472 for section
`.ung.ab'
./binutils/nm-new: poc: invalid string offset 65408 >= 472 for section
`.ung.ab'
poc:0000000000050000 a 
poc:                 U 
poc:                 U 
poc:                 U 
poc:                 U 
poc:                 U 
poc:                 U 
poc:                 U 
poc:                 U 
poc:                 U 
poc:0000000000130003 a 
poc:                 U 
poc:                 U 
poc:                 U 
poc:                 U 
poc:                 U 
poc:                 U 
poc:                 U 
poc:                 U 
poc:                 U 
poc:                 U 
poc:                 U 
poc:                 U 
poc:                 U 
poc:                 U 
poc:                 U 
poc:                 U 
poc:0000000000000008 0000000000000008 C __afl_global_area_ptr
poc:0000000000000650 00000000e8ff00c9 T CatPath./binutils/nm-new: BFD (GNU
Binutils) 2.39.50.20221220 assertion fail ./dwarf2.c:5038
./binutils/nm-new: BFD (GNU Binutils) 2.39.50.20221220 assertion fail
./dwarf2.c:5038
=================================================================
==7488==ERROR: AddressSanitizer: allocator is out of memory trying to allocate
0x5100001e69 bytes
    #0 0x493fed in malloc (/binutils-gdb/binutils/nm-new+0x493fed)
    #1 0x4e3683 in bfd_malloc /binutils-gdb/bfd/libbfd.c:289:9
    #2 0x5f4d44 in _bfd_dwarf2_find_nearest_line_with_alt
/binutils-gdb/bfd/./dwarf2.c:5777:9
    #3 0x5f4b7b in _bfd_dwarf2_find_nearest_line
/binutils-gdb/bfd/./dwarf2.c:5717:10
    #4 0x4c8224 in print_symbols /binutils-gdb/binutils/nm.c:1403:7
    #5 0x4c8224 in display_rel_file /binutils-gdb/binutils/nm.c:1530:5
    #6 0x4c4b42 in display_file /binutils-gdb/binutils/nm.c:1680:7
    #7 0x4c3f0d in main /binutils-gdb/binutils/nm.c:2197:12
    #8 0x7f36e8907c86 in __libc_start_main
/build/glibc-CVJwZb/glibc-2.27/csu/../csu/libc-start.c:310

==7488==HINT: if you don't care about these errors you may set
allocator_may_return_null=1
SUMMARY: AddressSanitizer: out-of-memory
(/binutils-gdb/binutils/nm-new+0x493fed) in malloc
==7488==ABORTING

#Envieonment
Ubuntu 18.04
clang 10.0.0

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug binutils/29922] New: Huge memoy allocation in nm

Reply via email to