https://sourceware.org/bugzilla/show_bug.cgi?id=32707
Bug ID: 32707
Summary: Null pointer dereference in bfd/elf64-x86-64.c
Product: binutils
Version: 2.32
Status: UNCONFIRMED
Severity: critical
Priority: P2
Component: binutils
Assignee: unassigned at sourceware dot org
Reporter: shiyuyuranzh at gmail dot com
Target Milestone: ---
Created attachment 15960
--> https://sourceware.org/bugzilla/attachment.cgi?id=15960&action=edit
Vulnerability paths
I have found a potential null pointer dereference bug in bfd/elf64-x86-64.c and
would like to report it to the maintainers.Can you please help me check it?
Thank you for your effort and patience!
Below is the execution sequence of the program that may produce null pointer
dereference bug.The specific paths are shown in the attachment.
First, in file bfd/elfxx-x86.h, elf_x86_hash_table may return NULL on line 45.
Second, in file bfd/elf64-x86-64.c, function elf_x86_64_reloc_type_class calls
elf_x86_hash_table on line 4363. variable htab is assigned NULL.
Third, in file bfd/elf64-x86-64.c, htab is dereferenced on line 4365, which
leads to a null pointer dereference vulnerability.
In addition to this, there are other call sites to elf_x86_hash_table where its
return value is checked. For example, in file bfd/elf64-x86-64.c,
elf_x86_hash_table is called on line 4518 and its return value is checked on
line 4519.
Thank you very much for reading and I look forward to hearing from you!
--
You are receiving this mail because:
You are on the CC list for the bug.
