https://sourceware.org/bugzilla/show_bug.cgi?id=33637
Bug ID: 33637
Summary: objdump aborts with SIGABRT when processing malformed
input (binutils 2.44)
Product: binutils
Version: 2.44
Status: UNCONFIRMED
Severity: normal
Priority: P2
Component: binutils
Assignee: unassigned at sourceware dot org
Reporter: 970429025 at qq dot com
Target Milestone: ---
Created attachment 16468
--> https://sourceware.org/bugzilla/attachment.cgi?id=16468&action=edit
The PoC attachment contains the input file that triggers the
crash(Assert_Fail).
Overview:
Running objdump (binutils 2.44) with a specific input file causes the program
to terminate with SIGABRT.
The program does not exit gracefully and instead terminates via abort().
Steps to Reproduce:
./objdump --source-comment Assert_Fail
Actual Results:
objdump prints multiple warnings and then aborts with SIGABRT.
GDB output excerpt:
warning: Error disabling address space randomization: Operation not permitted
objdump: warning: Assert_Fail has a section extending past end of file
objdump: Assert_Fail: invalid string offset 2359296 >= 83 for section `.strtab'
Can't get contents for section '.debug_addr'.
objdump: Assert_Fail(.debug_str_offsets): relocation 9 has invalid symbol index
132
objdump: Assert_Fail(.debug_str_offsets): relocation 10 has invalid symbol
index 3736014657
objdump: Assert_Fail(.debug_str_offsets): relocation 11 has invalid symbol
index 521076736
objdump: Assert_Fail(.debug_str_offsets): relocation 12 has invalid symbol
index 147096392
objdump: Assert_Fail(.debug_str_offsets): relocation 18 has invalid symbol
index 1852255751
objdump: Assert_Fail(.debug_str_offsets): relocation 20 has invalid symbol
index 7499640
Can't get contents for section '.debug_str_offsets'.
objdump: Warning: Bogus end-of-siblings marker detected at offset 18 in
.debug_info section
objdump: Warning: Bogus end-of-siblings marker detected at offset 22 in
.debug_info section
objdump: Warning: Bogus end-of-siblings marker detected at offset 23 in
.debug_info section
objdump: Warning: Further warnings about bogus end-of-sibling markers
suppressed
objdump: Warning: Unrecognized form: 0x51
objdump: Error: Unhandled data length: 0
Program received signal SIGABRT, Aborted.
__GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
51 ../sysdeps/unix/sysv/linux/raise.c: No such file or directory.
(gdb) bt
#0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
#1 0x00007873237a37f1 in __GI_abort () at abort.c:79
#2 0x00000000004ca4a6 in byte_get_little_endian (field=field@entry=0x3786b980
"\234", size=size@entry=0) at ../../binutils-2.44/binutils/elfcomm.c:173
#3 0x0000000000479d66 in fetch_indexed_offset (idx=0, sec_enum=loclists,
base_address=0, offset_size=0) at ../../binutils-2.44/binutils/dwarf.c:757
#4 read_and_display_attr_value (attribute=attribute@entry=2,
form=form@entry=34, implicit_const=implicit_const@entry=-1,
start=start@entry=0x3786e470 "\a\001",
data=0x3786e4ea "\016\001\"\365", data@entry=0x3786e4e9 "",
end=end@entry=0x3786e57b "", cu_offset=0, pointer_size=8, offset_size=4,
dwarf_version=5,
debug_info_p=0x3786ba30, do_loc=1, section=0xadefb0 <debug_displays+336>,
this_set=0x0, delimiter=32 ' ', level=-4) at
../../binutils-2.44/binutils/dwarf.c:2961
#5 0x00000000004558df in read_and_display_attr (attribute=2, form=34,
implicit_const=-1, start=0x7873237a1e87 <__GI_raise+199> "H\213\214$\b\001",
data=0x0, cu_offset=0,
pointer_size=8, dwarf_version=5, debug_info_p=0x3786ba30, do_loc=1,
section=0xadefb0 <debug_displays+336>, this_set=0x0, level=-4, end=<optimized
out>,
offset_size=<optimized out>) at ../../binutils-2.44/binutils/dwarf.c:3492
#6 process_debug_info (section=0xadefb0 <debug_displays+336>,
file=file@entry=0x3786a3f0, abbrev_sec=abbrev_sec@entry=abbrev, do_loc=true,
do_types=true)
at ../../binutils-2.44/binutils/dwarf.c:4295
#7 0x0000000000451b7e in load_separate_debug_files
(file=file@entry=0x3786a3f0, filename=filename@entry=0x3786a570 "Assert_Fail")
at ../../binutils-2.44/binutils/dwarf.c:12482
#8 0x0000000000439a81 in dump_bfd (abfd=abfd@entry=0x3786a3f0,
is_mainfile=140) at ../../binutils-2.44/binutils/objdump.c:5659
#9 0x0000000000439724 in display_object_bfd (abfd=abfd@entry=0x3786a3f0) at
../../binutils-2.44/binutils/objdump.c:5855
#10 0x00000000004394f1 in display_any_bfd (file=file@entry=0x3786a3f0,
level=level@entry=0) at ../../binutils-2.44/binutils/objdump.c:5934
#11 0x000000000043767c in display_file (filename=0x7ffcd09c5575 "Assert_Fail",
target=0x0) at ../../binutils-2.44/binutils/objdump.c:5955
#12 main (argc=<optimized out>, argv=<optimized out>) at
../../binutils-2.44/binutils/objdump.c:6364
(gdb)
Expected Results:
objdump should handle such errors by exiting gracefully after reporting them,
rather than terminating via SIGABRT.
Build & Platform:
binutils version: 2.44
component: objdump
OS: Ubuntu 18.04.6 LTS
arch: x86_64
Additional Information:
The PoC attachment contains the input file that triggers the
crash(Assert_Fail).
Crash type: SIGABRT.
Fully reproducible.
--
You are receiving this mail because:
You are on the CC list for the bug.
