https://sourceware.org/bugzilla/show_bug.cgi?id=32698
Bug ID: 32698
Summary: Null pointer dereference in bfd/tekhex.c
Product: binutils
Version: 2.44
Status: UNCONFIRMED
Severity: critical
Priority: P2
Component: binutils
Assignee: unassigned at sourceware dot org
Reporter: shiyuyuranzh at gmail dot com
Target Milestone: ---
Created attachment 15952
--> https://sourceware.org/bugzilla/attachment.cgi?id=15952&action=edit
Vulnerability paths and examples
I have found a potential null pointer dereference bug in bfd/tekhex.c and would
like to report it to the maintainers. This vulnerability has the potential to
cause unexpected application behavior, crashes. Can you please help me check
it? Thank you for your effort and patience!
Below is the execution sequence of the program that may produce null pointer
dereference bug.The specific paths are shown in the attachment.
First, in the file tekhex.c, the function find_chunk returns NULL on line 334.
Second, the function insert_byte calls the function find_chunk on line 349,
causing the variable d to be assigned NULL.
Third, d is dereferenced on lines 351 and 352, resulting in a null pointer
dereference vulnerability.
In addition to this, other examples of calling find_chunk and checking if its
return value is NULL are shown in the attached image at the bottom.
For example, in the file bfd/tekhex.c, the function move_section_contents calls
the function find_chunk on line 655, followed by a check on whether d is NULL
on line 661.
--
You are receiving this mail because:
You are on the CC list for the bug.
