[Bug binutils/30231] New: objdump: SEGV in cgen_bitset_intersect_p

Tue, 14 Mar 2023 00:23:12 -0700 

https://sourceware.org/bugzilla/show_bug.cgi?id=30231

            Bug ID: 30231
           Summary: objdump: SEGV in cgen_bitset_intersect_p
           Product: binutils
           Version: 2.40
            Status: UNCONFIRMED
          Severity: normal
          Priority: P2
         Component: binutils
          Assignee: unassigned at sourceware dot org
          Reporter: youngseok.main at gmail dot com
  Target Milestone: ---

Created attachment 14750
  --> https://sourceware.org/bugzilla/attachment.cgi?id=14750&action=edit
poc_file used in command input

We found a segmentation violation bug in objdump by fuzzing.

Command to reproduce:
objdump poc_file -D -mc5

poc_file is attached.

Command output:

poc_file:     file format elf32-i386


Disassembly of section .interp:

08048154 <.interp>:

Stack trace:
==13645==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000040 (pc
0x5555564adcd6 bp 0x7fffffffccd0 sp 0x7fffffffccb0 T0)
==13645==The signal is caused by a READ memory access.
==13645==Hint: address points to the zero page.
    #0 0x5555564adcd5 in cgen_bitset_intersect_p
/home/youngseok/latest-subjects/binutils-gdb/opcodes/cgen-bitset.c:137
    #1 0x55555659f57c in mep_cgen_insn_supported
/home/youngseok/latest-subjects/binutils-gdb/opcodes/mep-opc.c:159
    #2 0x55555658e046 in print_insn
/home/youngseok/latest-subjects/binutils-gdb/opcodes/mep-dis.c:1387
    #3 0x55555658ec29 in default_print_insn
/home/youngseok/latest-subjects/binutils-gdb/opcodes/mep-dis.c:1481
    #4 0x55555658a9e9 in mep_print_insn
/home/youngseok/latest-subjects/binutils-gdb/opcodes/mep-dis.c:690
    #5 0x55555658f20a in print_insn_mep
/home/youngseok/latest-subjects/binutils-gdb/opcodes/mep-dis.c:1608
    #6 0x5555563567df in disassemble_bytes objdump.c:3433
    #7 0x55555635a02e in disassemble_section objdump.c:4050
    #8 0x5555568468f1 in bfd_map_over_sections
/home/youngseok/latest-subjects/binutils-gdb/bfd/section.c:1366
    #9 0x55555635afff in disassemble_data objdump.c:4199
    #10 0x555556362a74 in dump_bfd objdump.c:5683
    #11 0x555556362d40 in display_object_bfd objdump.c:5746
    #12 0x555556363089 in display_any_bfd objdump.c:5833
    #13 0x5555563630ff in display_file objdump.c:5854
    #14 0x555556364a8b in main objdump.c:6265
    #15 0x7ffff6844c86 in __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x21c86)
    #16 0x555556348ad9 in _start
(/home/youngseok/latest-subjects/binutils-gdb/binutils/objdump+0xdf4ad9)

*Environment*
- OS: Ubuntu 18.04
- gcc: 7.5.0
- binutils: 2.40.50.20230314

binutils is built it address sanitizer. Here is the build script:
CFLAGS="-fsanitize=address -g -O0" CXXFLAGS="-fsanitize=address -g -O0" \
./configure --enable-targets=all

-- 
You are receiving this mail because:
You are on the CC list for the bug.

Reply via email to