[Bug binutils/33639] New: objdump enters non-terminating output loop on crafted input

970429025 at qq dot com Sun, 16 Nov 2025 17:56:18 -0800

https://sourceware.org/bugzilla/show_bug.cgi?id=33639


            Bug ID: 33639
           Summary: objdump enters non-terminating output loop on crafted
                    input
           Product: binutils
           Version: 2.44
            Status: UNCONFIRMED
          Severity: normal
          Priority: P2
         Component: binutils
          Assignee: unassigned at sourceware dot org
          Reporter: 970429025 at qq dot com
  Target Milestone: ---

Created attachment 16470
  --> https://sourceware.org/bugzilla/attachment.cgi?id=16470&action=edit
The PoC attachment contains the input file (Infinite_Loop_2) that triggers this
behavior.

Overview
Running objdump with the provided input causes the program to repeatedly print
table information without terminating.
The program does not crash, but continues producing similar output until
manually interrupted.

Steps to Reproduce:
./objdump --debugging Infinite_Loop_2

Actual Results:
objdump prints repeated table entries such as:
Table at Offset 0x4dcc84
  Length:          0
  DWARF version:   0
  Address size:    0
  Segment size:    0
  Offset entries:  0

Table at Offset 0x4dcc88
  Length:          0
  ...
This behavior continues indefinitely.
The program does not exit and must be stopped manually (e.g., Ctrl-C in gdb).

Relevant GDB excerpt:
Table at Offset 0x4dcc84
  Length:          0
  DWARF version:   0
  Address size:    0
  Segment size:    0
  Offset entries:  0

Table at Offset 0x4dcc88
  Length:          0
  DWARF version:   0
  Address size:    0
  Segment size:    0
  Offset entries:  0

Table at Offset 0x4dcc8c
  Length:          0
  DWARF version:   0
  Address size:    0
  Segment size:    0
  Offset entries:  0

Table at Offset 0x4dcc90
^C
Program received signal SIGINT, Interrupt.
0x000071323bc55104 in __GI___libc_write (fd=1, buf=0x42d8d510, nbytes=21) at
../sysdeps/unix/sysv/linux/write.c:27
27      ../sysdeps/unix/sysv/linux/write.c: No such file or directory.
(gdb) bt
#0  0x000071323bc55104 in __GI___libc_write (fd=1, buf=0x42d8d510, nbytes=21)
at ../sysdeps/unix/sysv/linux/write.c:27
#1  0x000071323bbd015d in _IO_new_file_write (f=0x71323bf31760
<_IO_2_1_stdout_>, data=0x42d8d510, n=21) at fileops.c:1203
#2  0x000071323bbd1f01 in new_do_write (to_do=21, data=0x42d8d510 "  Length:   
      0\nc90\ng at 0xc:\ntion (loaded from Infinite_Loop_2):\n\n\240\f\363;2q",
    fp=0x71323bf31760 <_IO_2_1_stdout_>) at fileops.c:457
#3  _IO_new_do_write (fp=0x71323bf31760 <_IO_2_1_stdout_>, data=0x42d8d510 " 
Length:          0\nc90\ng at 0xc:\ntion (loaded from
Infinite_Loop_2):\n\n\240\f\363;2q", to_do=21)
    at fileops.c:433
#4  0x000071323bbd098d in _IO_new_file_xsputn (f=0x71323bf31760
<_IO_2_1_stdout_>, data=<optimized out>, n=1) at fileops.c:1266
#5  0x000071323bba097a in _IO_vfprintf_internal (s=0x71323bf31760
<_IO_2_1_stdout_>, format=0x78ee76 "  Length:          %#lx\n",
ap=ap@entry=0x7ffd290bfaf0) at vfprintf.c:1674
#6  0x000071323bba9ee6 in __printf (format=<optimized out>) at printf.c:33
#7  0x00000000004940ee in display_loclists_unit_header
(section=section@entry=0xadf480 <debug_displays+1568>, header_offset=5098640,
    offset_count=offset_count@entry=0x7ffd290bfc6c,
loclists_start=loclists_start@entry=0x7ffd290bfcb8) at
../../binutils-2.44/binutils/dwarf.c:7276
#8  0x0000000000469d2e in display_debug_loc (section=section@entry=0xadf480
<debug_displays+1568>, file=file@entry=0x42d793f0) at
../../binutils-2.44/binutils/dwarf.c:7486
#9  0x000000000043f9aa in dump_dwarf_section (abfd=abfd@entry=0x42d793f0,
section=section@entry=0x42d7f868, arg=arg@entry=0x7ffd290bfdf8)
    at ../../binutils-2.44/binutils/objdump.c:4499
#10 0x000000000055b5e4 in bfd_map_over_sections (abfd=abfd@entry=0x42d793f0,
operation=0x43f6c0 <dump_dwarf_section>,
user_storage=user_storage@entry=0x7ffd290bfdf8)
    at ../../binutils-2.44/bfd/section.c:1391
#11 0x000000000043b2e1 in dump_dwarf (abfd=0x42d793f0, is_mainfile=true) at
../../binutils-2.44/binutils/objdump.c:4537
#12 dump_bfd (abfd=abfd@entry=0x42d793f0, is_mainfile=true) at
../../binutils-2.44/binutils/objdump.c:5818
#13 0x0000000000439724 in display_object_bfd (abfd=abfd@entry=0x42d793f0) at
../../binutils-2.44/binutils/objdump.c:5855
#14 0x00000000004394f1 in display_any_bfd (file=file@entry=0x42d793f0,
level=level@entry=0) at ../../binutils-2.44/binutils/objdump.c:5934
#15 0x000000000043767c in display_file (filename=0x7ffd290c054a
"Infinite_Loop_2", target=0x0) at ../../binutils-2.44/binutils/objdump.c:5955
#16 main (argc=<optimized out>, argv=<optimized out>) at
../../binutils-2.44/binutils/objdump.c:6364
(gdb)


Expected Results:
objdump should stop processing and report an error if the input is invalid,
rather than producing unbounded output.

Build & Platform:
binutils version: 2.44
component: objdump
OS: Ubuntu 18.04.6 LTS
arch: x86_64

Additional Information:
The PoC attachment contains the input file (Infinite_Loop_2) that triggers this
behavior.
The issue is fully reproducible using the command shown above.

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug binutils/33639] New: objdump enters non-terminating output loop on crafted input

Reply via email to