[Bug binutils/21633] New: SEGV on unknown address in ieee_archive_p
https://sourceware.org/bugzilla/show_bug.cgi?id=21633
Bug ID: 21633
Summary: SEGV on unknown address in ieee_archive_p
Product: binutils
Version: 2.29 (HEAD)
Status: UNCONFIRMED
Severity: critical
Priority: P2
Component: binutils
Assignee: unassigned at sourceware dot org
Reporter: aadamski at quarkslab dot com
Target Milestone: ---
> library = read_id (&(ieee->h));
> if (strcmp (library, "LIBRARY") != 0)
>goto got_wrong_format_error;
In some cases, read_id will return NULL. Passing NULL to strcmp is undefined
behavior, but will most likely result in NULL pointer dereferencing.
--
Hello there,
I have been fuzzing objdump with American Fuzzy Lop + ASAN/UBSAN.
Please find attached the minimized file causing the issue ("Input") and the
ASAN report log ("Output"). Below is the reduced stacktrace with links to the
corresponding source lines on a GitHub mirror.
The configuration settings used were `--enable-targets=all --disable-shared`.
The compilation flags used were `-g -O2 -fno-omit-frame-pointer
-fsanitize=address -fno-sanitize-recover=all`. The command used
was `objdump -afpxDSsgetTrR `.
Let me know if there is any additional information I can provide.
--
Input: 48434ef89a43c1c651f2ae1f119f66d5.ad838a36e394493801cb2b3c3b191dc2.min
Output: 48434ef89a43c1c651f2ae1f119f66d5.ad838a36e394493801cb2b3c3b191dc2.txt
Error in "ieee_archive_p": SEGV on unknown address 0x (pc
0x0048a7bd bp 0x7fffe0e0 sp 0x7fffd850 T0)
in ieee_archive_p at bfd/ieee.c:1398
(see
https://github.com/bminor/binutils-gdb/blob/a6cab9afd2c81465265c8d09569e3e6ef43d2954/bfd/ieee.c#L1398)
in bfd_check_format_matches at bfd/format.c:311
(see
https://github.com/bminor/binutils-gdb/blob/a6cab9afd2c81465265c8d09569e3e6ef43d2954/bfd/format.c#L311)
in display_any_bfd at binutils/objdump.c:3651
(see
https://github.com/bminor/binutils-gdb/blob/a6cab9afd2c81465265c8d09569e3e6ef43d2954/binutils/objdump.c#L3651)
in display_file at binutils/objdump.c:3720
(see
https://github.com/bminor/binutils-gdb/blob/a6cab9afd2c81465265c8d09569e3e6ef43d2954/binutils/objdump.c#L3720)
in main at binutils/objdump.c:4024
(see
https://github.com/bminor/binutils-gdb/blob/a6cab9afd2c81465265c8d09569e3e6ef43d2954/binutils/objdump.c#L4024)
--
You are receiving this mail because:
You are on the CC list for the bug.
___
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/21616] heap-buffer-overflow in _bfd_vms_save_sized_string
https://sourceware.org/bugzilla/show_bug.cgi?id=21616 Alexandre Adamski changed: What|Removed |Added Status|UNCONFIRMED |RESOLVED Resolution|--- |FIXED --- Comment #4 from Alexandre Adamski --- Sounds like it is fixed! Closing the PR. -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/21610] SEGV on unknown address in bfd_getl16
https://sourceware.org/bugzilla/show_bug.cgi?id=21610 Alexandre Adamski changed: What|Removed |Added Status|UNCONFIRMED |RESOLVED Resolution|--- |FIXED --- Comment #4 from Alexandre Adamski --- Sounds like it is fixed! Closing the PR. -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/21633] SEGV on unknown address in ieee_archive_p
https://sourceware.org/bugzilla/show_bug.cgi?id=21633 --- Comment #1 from Alexandre Adamski --- Created attachment 10177 --> https://sourceware.org/bugzilla/attachment.cgi?id=10177&action=edit 48434ef89a43c1c651f2ae1f119f66d5.ad838a36e394493801cb2b3c3b191dc2.min -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/21617] heap-buffer-overflow in add_symbol
https://sourceware.org/bugzilla/show_bug.cgi?id=21617 Alexandre Adamski changed: What|Removed |Added Status|UNCONFIRMED |RESOLVED Resolution|--- |FIXED --- Comment #6 from Alexandre Adamski --- Sounds like it is fixed! Closing the PR. -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/21633] SEGV on unknown address in ieee_archive_p
https://sourceware.org/bugzilla/show_bug.cgi?id=21633 --- Comment #2 from Alexandre Adamski --- Created attachment 10178 --> https://sourceware.org/bugzilla/attachment.cgi?id=10178&action=edit 48434ef89a43c1c651f2ae1f119f66d5.ad838a36e394493801cb2b3c3b191dc2.txt -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/21613] global-buffer-overflow in ieee_object_p
https://sourceware.org/bugzilla/show_bug.cgi?id=21613 Alexandre Adamski changed: What|Removed |Added Status|UNCONFIRMED |RESOLVED Resolution|--- |FIXED --- Comment #4 from Alexandre Adamski --- Sounds like it is fixed! Closing the PR. -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/21636] SEGV on unknown address in ieee_object_p
https://sourceware.org/bugzilla/show_bug.cgi?id=21636 --- Comment #1 from Alexandre Adamski --- Created attachment 10179 --> https://sourceware.org/bugzilla/attachment.cgi?id=10179&action=edit 61a82c2111d891a45b5706e8fde3101f.143a3670a8d5914311f1a11b093f4058.min -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/21636] New: SEGV on unknown address in ieee_object_p
https://sourceware.org/bugzilla/show_bug.cgi?id=21636
Bug ID: 21636
Summary: SEGV on unknown address in ieee_object_p
Product: binutils
Version: 2.29 (HEAD)
Status: UNCONFIRMED
Severity: critical
Priority: P2
Component: binutils
Assignee: unassigned at sourceware dot org
Reporter: aadamski at quarkslab dot com
Target Milestone: ---
Similar issue to PR 21633.
--
Hello there,
I have been fuzzing objdump with American Fuzzy Lop + ASAN/UBSAN.
Please find attached the minimized file causing the issue ("Input") and the
ASAN report log ("Output"). Below is the reduced stacktrace with links to the
corresponding source lines on a GitHub mirror.
The configuration settings used were `--enable-targets=all --disable-shared`.
The compilation flags used were `-g -O2 -fno-omit-frame-pointer
-fsanitize=address -fno-sanitize-recover=all`. The command used was `objdump
-afpxDSsgetTrR `.
Let me know if there is any additional information I can provide.
--
Input: 61a82c2111d891a45b5706e8fde3101f.143a3670a8d5914311f1a11b093f4058.min
Output: 61a82c2111d891a45b5706e8fde3101f.143a3670a8d5914311f1a11b093f4058.txt
Error in "ieee_object_p": SEGV on unknown address 0x (pc
0x0048a7bd bp 0x7fffe0b0 sp 0x7fffd820 T0)
in ieee_object_p at bfd/ieee.c:1925
(see
https://github.com/bminor/binutils-gdb/blob/a6cab9afd2c81465265c8d09569e3e6ef43d2954/bfd/ieee.c#L1925)
in bfd_check_format_matches at bfd/format.c:311
(see
https://github.com/bminor/binutils-gdb/blob/a6cab9afd2c81465265c8d09569e3e6ef43d2954/bfd/format.c#L311)
in display_object_bfd at binutils/objdump.c:3608
(see
https://github.com/bminor/binutils-gdb/blob/a6cab9afd2c81465265c8d09569e3e6ef43d2954/binutils/objdump.c#L3608)
in display_any_bfd at binutils/objdump.c:3699
(see
https://github.com/bminor/binutils-gdb/blob/a6cab9afd2c81465265c8d09569e3e6ef43d2954/binutils/objdump.c#L3699)
in display_file at binutils/objdump.c:3720
(see
https://github.com/bminor/binutils-gdb/blob/a6cab9afd2c81465265c8d09569e3e6ef43d2954/binutils/objdump.c#L3720)
in main at binutils/objdump.c:4024
(see
https://github.com/bminor/binutils-gdb/blob/a6cab9afd2c81465265c8d09569e3e6ef43d2954/binutils/objdump.c#L4024)
--
You are receiving this mail because:
You are on the CC list for the bug.
___
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/21636] SEGV on unknown address in ieee_object_p
https://sourceware.org/bugzilla/show_bug.cgi?id=21636 --- Comment #2 from Alexandre Adamski --- Created attachment 10180 --> https://sourceware.org/bugzilla/attachment.cgi?id=10180&action=edit 61a82c2111d891a45b5706e8fde3101f.143a3670a8d5914311f1a11b093f4058.txt -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/21637] New: SEGV on unknown address in _bfd_vms_slurp_egsd
https://sourceware.org/bugzilla/show_bug.cgi?id=21637
Bug ID: 21637
Summary: SEGV on unknown address in _bfd_vms_slurp_egsd
Product: binutils
Version: 2.29 (HEAD)
Status: UNCONFIRMED
Severity: critical
Priority: P2
Component: binutils
Assignee: unassigned at sourceware dot org
Reporter: aadamski at quarkslab dot com
Target Milestone: ---
Hello there,
I have been fuzzing objdump with American Fuzzy Lop + ASAN/UBSAN.
Please find attached the minimized file causing the issue ("Input") and the
ASAN report log ("Output"). Below is the reduced stacktrace with links to the
corresponding source lines on a GitHub mirror.
The configuration settings used were `--enable-targets=all --disable-shared`.
The compilation flags used were `-g -O2 -fno-omit-frame-pointer
-fsanitize=address -fno-sanitize-recover=all`. The command used was `objdump
-afpxDSsgetTrR `.
Let me know if there is any additional information I can provide.
--
Input: f28726c0707ffa603b2cfbec0ec09bdd.de631214c25a0beea8bb6c6672acd1dc.min
Output: f28726c0707ffa603b2cfbec0ec09bdd.de631214c25a0beea8bb6c6672acd1dc.txt
Error in "_bfd_vms_slurp_egsd": SEGV on unknown address 0x0030 (pc
0x00e65efc bp 0x7fffe130 sp 0x7fffe0a0 T0)
in _bfd_vms_slurp_egsd at bfd/vms-alpha.c:1285
(see
https://github.com/bminor/binutils-gdb/blob/a6cab9afd2c81465265c8d09569e3e6ef43d2954/bfd/vms-alpha.c#L1285)
in _bfd_vms_slurp_object_records at bfd/vms-alpha.c:2456
(see
https://github.com/bminor/binutils-gdb/blob/a6cab9afd2c81465265c8d09569e3e6ef43d2954/bfd/vms-alpha.c#L2456)
in alpha_vms_object_p at bfd/vms-alpha.c:2640
(see
https://github.com/bminor/binutils-gdb/blob/a6cab9afd2c81465265c8d09569e3e6ef43d2954/bfd/vms-alpha.c#L2640)
in bfd_check_format_matches at bfd/format.c:311
(see
https://github.com/bminor/binutils-gdb/blob/a6cab9afd2c81465265c8d09569e3e6ef43d2954/bfd/format.c#L311)
in display_object_bfd at binutils/objdump.c:3608
(see
https://github.com/bminor/binutils-gdb/blob/a6cab9afd2c81465265c8d09569e3e6ef43d2954/binutils/objdump.c#L3608)
in display_any_bfd at binutils/objdump.c:3699
(see
https://github.com/bminor/binutils-gdb/blob/a6cab9afd2c81465265c8d09569e3e6ef43d2954/binutils/objdump.c#L3699)
in display_file at binutils/objdump.c:3720
(see
https://github.com/bminor/binutils-gdb/blob/a6cab9afd2c81465265c8d09569e3e6ef43d2954/binutils/objdump.c#L3720)
in main at binutils/objdump.c:4024
(see
https://github.com/bminor/binutils-gdb/blob/a6cab9afd2c81465265c8d09569e3e6ef43d2954/binutils/objdump.c#L4024)
--
You are receiving this mail because:
You are on the CC list for the bug.
___
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/21637] SEGV on unknown address in _bfd_vms_slurp_egsd
https://sourceware.org/bugzilla/show_bug.cgi?id=21637 --- Comment #1 from Alexandre Adamski --- Created attachment 10181 --> https://sourceware.org/bugzilla/attachment.cgi?id=10181&action=edit f28726c0707ffa603b2cfbec0ec09bdd.de631214c25a0beea8bb6c6672acd1dc.min -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/21637] SEGV on unknown address in _bfd_vms_slurp_egsd
https://sourceware.org/bugzilla/show_bug.cgi?id=21637 --- Comment #2 from Alexandre Adamski --- Created attachment 10182 --> https://sourceware.org/bugzilla/attachment.cgi?id=10182&action=edit f28726c0707ffa603b2cfbec0ec09bdd.de631214c25a0beea8bb6c6672acd1dc.txt -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/21638] New: SEGV on unknown address in bfd_getl16
https://sourceware.org/bugzilla/show_bug.cgi?id=21638
Bug ID: 21638
Summary: SEGV on unknown address in bfd_getl16
Product: binutils
Version: 2.29 (HEAD)
Status: UNCONFIRMED
Severity: critical
Priority: P2
Component: binutils
Assignee: unassigned at sourceware dot org
Reporter: aadamski at quarkslab dot com
Target Milestone: ---
Hello there,
I have been fuzzing objdump with American Fuzzy Lop + ASAN/UBSAN.
Please find attached the minimized file causing the issue ("Input") and the
ASAN report log ("Output"). Below is the reduced stacktrace with links to the
corresponding source lines on a GitHub mirror.
The configuration settings used were `--enable-targets=all --disable-shared`.
The compilation flags used were `-g -O2 -fno-omit-frame-pointer
-fsanitize=address -fno-sanitize-recover=all`. The command used was `objdump
-afpxDSsgetTrR `.
Let me know if there is any additional information I can provide.
--
Input: 2e91b2c82b5c858c0674035a69812f07.e5eb290fbf40c2792c1d052660e8898e.min
Output: 2e91b2c82b5c858c0674035a69812f07.e5eb290fbf40c2792c1d052660e8898e.txt
Error in "bfd_getl16": SEGV on unknown address 0x60c102c8 (pc
0x0096d7a8 bp 0x7fffe090 sp 0x7fffe080 T0)
in bfd_getl16 at bfd/libbfd.c:505
(see
https://github.com/bminor/binutils-gdb/blob/a6cab9afd2c81465265c8d09569e3e6ef43d2954/bfd/libbfd.c#L505)
in _bfd_vms_slurp_egsd at bfd/vms-alpha.c:1156
(see
https://github.com/bminor/binutils-gdb/blob/a6cab9afd2c81465265c8d09569e3e6ef43d2954/bfd/vms-alpha.c#L1156)
in _bfd_vms_slurp_object_records at bfd/vms-alpha.c:2456
(see
https://github.com/bminor/binutils-gdb/blob/a6cab9afd2c81465265c8d09569e3e6ef43d2954/bfd/vms-alpha.c#L2456)
in alpha_vms_object_p at bfd/vms-alpha.c:2640
(see
https://github.com/bminor/binutils-gdb/blob/a6cab9afd2c81465265c8d09569e3e6ef43d2954/bfd/vms-alpha.c#L2640)
in bfd_check_format_matches at bfd/format.c:311
(see
https://github.com/bminor/binutils-gdb/blob/a6cab9afd2c81465265c8d09569e3e6ef43d2954/bfd/format.c#L311)
in display_object_bfd at binutils/objdump.c:3608
(see
https://github.com/bminor/binutils-gdb/blob/a6cab9afd2c81465265c8d09569e3e6ef43d2954/binutils/objdump.c#L3608)
in display_any_bfd at binutils/objdump.c:3699
(see
https://github.com/bminor/binutils-gdb/blob/a6cab9afd2c81465265c8d09569e3e6ef43d2954/binutils/objdump.c#L3699)
in display_file at binutils/objdump.c:3720
(see
https://github.com/bminor/binutils-gdb/blob/a6cab9afd2c81465265c8d09569e3e6ef43d2954/binutils/objdump.c#L3720)
in main at binutils/objdump.c:4024
(see
https://github.com/bminor/binutils-gdb/blob/a6cab9afd2c81465265c8d09569e3e6ef43d2954/binutils/objdump.c#L4024)
--
You are receiving this mail because:
You are on the CC list for the bug.
___
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/21638] SEGV on unknown address in bfd_getl16
https://sourceware.org/bugzilla/show_bug.cgi?id=21638 --- Comment #2 from Alexandre Adamski --- Created attachment 10184 --> https://sourceware.org/bugzilla/attachment.cgi?id=10184&action=edit 2e91b2c82b5c858c0674035a69812f07.e5eb290fbf40c2792c1d052660e8898e.txt -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/21638] SEGV on unknown address in bfd_getl16
https://sourceware.org/bugzilla/show_bug.cgi?id=21638 --- Comment #1 from Alexandre Adamski --- Created attachment 10183 --> https://sourceware.org/bugzilla/attachment.cgi?id=10183&action=edit 2e91b2c82b5c858c0674035a69812f07.e5eb290fbf40c2792c1d052660e8898e.min -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/21639] New: heap-buffer-overflow in _bfd_vms_save_sized_string
https://sourceware.org/bugzilla/show_bug.cgi?id=21639
Bug ID: 21639
Summary: heap-buffer-overflow in _bfd_vms_save_sized_string
Product: binutils
Version: 2.29 (HEAD)
Status: UNCONFIRMED
Severity: normal
Priority: P2
Component: binutils
Assignee: unassigned at sourceware dot org
Reporter: aadamski at quarkslab dot com
Target Milestone: ---
Hello there,
I have been fuzzing objdump with American Fuzzy Lop + ASAN/UBSAN.
Please find attached the minimized file causing the issue ("Input") and the
ASAN report log ("Output"). Below is the reduced stacktrace with links to the
corresponding source lines on a GitHub mirror.
The configuration settings used were `--enable-targets=all --disable-shared`.
The compilation flags used were `-g -O2 -fno-omit-frame-pointer
-fsanitize=address -fno-sanitize-recover=all`. The command used was `objdump
-afpxDSsgetTrR `.
Let me know if there is any additional information I can provide.
--
Input: bda85d7bd772513a188b7e436d9f1c9f.07157578655618c08644aa2600d66d54.min
Output: bda85d7bd772513a188b7e436d9f1c9f.07157578655618c08644aa2600d66d54.txt
Error in "_bfd_vms_save_sized_string": heap-buffer-overflow
in _bfd_vms_save_sized_string at bfd/vms-misc.c:148
(see
https://github.com/bminor/binutils-gdb/blob/a6cab9afd2c81465265c8d09569e3e6ef43d2954/bfd/vms-misc.c#L148)
in _bfd_vms_save_counted_string at bfd/vms-misc.c:162
(see
https://github.com/bminor/binutils-gdb/blob/a6cab9afd2c81465265c8d09569e3e6ef43d2954/bfd/vms-misc.c#L162)
in _bfd_vms_slurp_egsd at bfd/vms-alpha.c:1192
(see
https://github.com/bminor/binutils-gdb/blob/a6cab9afd2c81465265c8d09569e3e6ef43d2954/bfd/vms-alpha.c#L1192)
in _bfd_vms_slurp_object_records at bfd/vms-alpha.c:2456
(see
https://github.com/bminor/binutils-gdb/blob/a6cab9afd2c81465265c8d09569e3e6ef43d2954/bfd/vms-alpha.c#L2456)
in alpha_vms_object_p at bfd/vms-alpha.c:2640
(see
https://github.com/bminor/binutils-gdb/blob/a6cab9afd2c81465265c8d09569e3e6ef43d2954/bfd/vms-alpha.c#L2640)
in bfd_check_format_matches at bfd/format.c:311
(see
https://github.com/bminor/binutils-gdb/blob/a6cab9afd2c81465265c8d09569e3e6ef43d2954/bfd/format.c#L311)
in display_object_bfd at binutils/objdump.c:3608
(see
https://github.com/bminor/binutils-gdb/blob/a6cab9afd2c81465265c8d09569e3e6ef43d2954/binutils/objdump.c#L3608)
in display_any_bfd at binutils/objdump.c:3699
(see
https://github.com/bminor/binutils-gdb/blob/a6cab9afd2c81465265c8d09569e3e6ef43d2954/binutils/objdump.c#L3699)
in display_file at binutils/objdump.c:3720
(see
https://github.com/bminor/binutils-gdb/blob/a6cab9afd2c81465265c8d09569e3e6ef43d2954/binutils/objdump.c#L3720)
in main at binutils/objdump.c:4024
(see
https://github.com/bminor/binutils-gdb/blob/a6cab9afd2c81465265c8d09569e3e6ef43d2954/binutils/objdump.c#L4024)
--
You are receiving this mail because:
You are on the CC list for the bug.
___
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/21639] heap-buffer-overflow in _bfd_vms_save_sized_string
https://sourceware.org/bugzilla/show_bug.cgi?id=21639 --- Comment #1 from Alexandre Adamski --- Created attachment 10185 --> https://sourceware.org/bugzilla/attachment.cgi?id=10185&action=edit bda85d7bd772513a188b7e436d9f1c9f.07157578655618c08644aa2600d66d54.min -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/21639] heap-buffer-overflow in _bfd_vms_save_sized_string
https://sourceware.org/bugzilla/show_bug.cgi?id=21639 --- Comment #2 from Alexandre Adamski --- Created attachment 10186 --> https://sourceware.org/bugzilla/attachment.cgi?id=10186&action=edit bda85d7bd772513a188b7e436d9f1c9f.07157578655618c08644aa2600d66d54.txt -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/21640] New: SEGV on unknown address in setup_group
https://sourceware.org/bugzilla/show_bug.cgi?id=21640
Bug ID: 21640
Summary: SEGV on unknown address in setup_group
Product: binutils
Version: 2.29 (HEAD)
Status: UNCONFIRMED
Severity: critical
Priority: P2
Component: binutils
Assignee: unassigned at sourceware dot org
Reporter: aadamski at quarkslab dot com
Target Milestone: ---
Hello there,
I have been fuzzing objdump with American Fuzzy Lop + ASAN/UBSAN.
Please find attached the minimized file causing the issue ("Input") and the
ASAN report log ("Output"). Below is the reduced stacktrace with links to the
corresponding source lines on a GitHub mirror.
The configuration settings used were `--enable-targets=all --disable-shared`.
The compilation flags used were `-g -O2 -fno-omit-frame-pointer
-fsanitize=address -fno-sanitize-recover=all`. The command used was `objdump
-afpxDSsgetTrR `.
Let me know if there is any additional information I can provide.
--
Input: bddca5abe14ac55c0764707e15635a01.c60f2687454e8b2466a224beb0edcde4.min
Output: bddca5abe14ac55c0764707e15635a01.c60f2687454e8b2466a224beb0edcde4.txt
Error in "setup_group": SEGV on unknown address 0x (pc
0x009d2562 bp 0x7fffdae0 sp 0x7fffd820 T0)
in setup_group at bfd/elf.c:742
(see
https://github.com/bminor/binutils-gdb/blob/a6cab9afd2c81465265c8d09569e3e6ef43d2954/bfd/elf.c#L742)
in _bfd_elf_make_section_from_shdr at bfd/elf.c:1012
(see
https://github.com/bminor/binutils-gdb/blob/a6cab9afd2c81465265c8d09569e3e6ef43d2954/bfd/elf.c#L1012)
in bfd_section_from_shdr at bfd/elf.c:2426
(see
https://github.com/bminor/binutils-gdb/blob/a6cab9afd2c81465265c8d09569e3e6ef43d2954/bfd/elf.c#L2426)
in setup_group at bfd/elf.c:641
(see
https://github.com/bminor/binutils-gdb/blob/a6cab9afd2c81465265c8d09569e3e6ef43d2954/bfd/elf.c#L641)
in _bfd_elf_make_section_from_shdr at bfd/elf.c:1012
(see
https://github.com/bminor/binutils-gdb/blob/a6cab9afd2c81465265c8d09569e3e6ef43d2954/bfd/elf.c#L1012)
in bfd_section_from_shdr at bfd/elf.c:2443
(see
https://github.com/bminor/binutils-gdb/blob/a6cab9afd2c81465265c8d09569e3e6ef43d2954/bfd/elf.c#L2443)
in bfd_elf32_object_p at bfd/elfcode.h:805
(see
https://github.com/bminor/binutils-gdb/blob/a6cab9afd2c81465265c8d09569e3e6ef43d2954/bfd/elfcode.h#L805)
in bfd_check_format_matches at bfd/format.c:311
(see
https://github.com/bminor/binutils-gdb/blob/a6cab9afd2c81465265c8d09569e3e6ef43d2954/bfd/format.c#L311)
in display_object_bfd at binutils/objdump.c:3608
(see
https://github.com/bminor/binutils-gdb/blob/a6cab9afd2c81465265c8d09569e3e6ef43d2954/binutils/objdump.c#L3608)
in display_any_bfd at binutils/objdump.c:3699
(see
https://github.com/bminor/binutils-gdb/blob/a6cab9afd2c81465265c8d09569e3e6ef43d2954/binutils/objdump.c#L3699)
in display_file at binutils/objdump.c:3720
(see
https://github.com/bminor/binutils-gdb/blob/a6cab9afd2c81465265c8d09569e3e6ef43d2954/binutils/objdump.c#L3720)
in main at binutils/objdump.c:4024
(see
https://github.com/bminor/binutils-gdb/blob/a6cab9afd2c81465265c8d09569e3e6ef43d2954/binutils/objdump.c#L4024)
--
You are receiving this mail because:
You are on the CC list for the bug.
___
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/21640] SEGV on unknown address in setup_group
https://sourceware.org/bugzilla/show_bug.cgi?id=21640 --- Comment #1 from Alexandre Adamski --- Created attachment 10187 --> https://sourceware.org/bugzilla/attachment.cgi?id=10187&action=edit bddca5abe14ac55c0764707e15635a01.c60f2687454e8b2466a224beb0edcde4.min -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/21640] SEGV on unknown address in setup_group
https://sourceware.org/bugzilla/show_bug.cgi?id=21640 --- Comment #2 from Alexandre Adamski --- Created attachment 10188 --> https://sourceware.org/bugzilla/attachment.cgi?id=10188&action=edit https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/21641] New: SEGV on unknown address in setup_sections
https://sourceware.org/bugzilla/show_bug.cgi?id=21641
Bug ID: 21641
Summary: SEGV on unknown address in setup_sections
Product: binutils
Version: 2.29 (HEAD)
Status: UNCONFIRMED
Severity: critical
Priority: P2
Component: binutils
Assignee: unassigned at sourceware dot org
Reporter: aadamski at quarkslab dot com
Target Milestone: ---
Hello there,
I have been fuzzing objdump with American Fuzzy Lop + ASAN/UBSAN.
Please find attached the minimized file causing the issue ("Input") and the
ASAN report log ("Output"). Below is the reduced stacktrace with links to the
corresponding source lines on a GitHub mirror.
The configuration settings used were `--enable-targets=all --disable-shared`.
The compilation flags used were `-g -O2 -fno-omit-frame-pointer
-fsanitize=address -fno-sanitize-recover=all`. The command used was `objdump
-afpxDSsgetTrR `.
Let me know if there is any additional information I can provide.
--
Input: ad5b18e3ab2e99645d454bd218e7e425.4a145a99483654b79949d806705c075c.min
Output: ad5b18e3ab2e99645d454bd218e7e425.4a145a99483654b79949d806705c075c.txt
Error in "setup_sections": SEGV on unknown address 0x611002960648 (pc
0x76f72c3a bp 0x7fffdc90 sp 0x7fffd418 T0)
in setup_sections at bfd/som.c:2125
(see
https://github.com/bminor/binutils-gdb/blob/a6cab9afd2c81465265c8d09569e3e6ef43d2954/bfd/som.c#L2125)
in som_object_p at bfd/som.c:2511
(see
https://github.com/bminor/binutils-gdb/blob/a6cab9afd2c81465265c8d09569e3e6ef43d2954/bfd/som.c#L2511)
in bfd_check_format_matches at bfd/format.c:311
(see
https://github.com/bminor/binutils-gdb/blob/a6cab9afd2c81465265c8d09569e3e6ef43d2954/bfd/format.c#L311)
in display_object_bfd at binutils/objdump.c:3608
(see
https://github.com/bminor/binutils-gdb/blob/a6cab9afd2c81465265c8d09569e3e6ef43d2954/binutils/objdump.c#L3608)
in display_any_bfd at binutils/objdump.c:3699
(see
https://github.com/bminor/binutils-gdb/blob/a6cab9afd2c81465265c8d09569e3e6ef43d2954/binutils/objdump.c#L3699)
in display_file at binutils/objdump.c:3720
(see
https://github.com/bminor/binutils-gdb/blob/a6cab9afd2c81465265c8d09569e3e6ef43d2954/binutils/objdump.c#L3720)
in main at binutils/objdump.c:4024
(see
https://github.com/bminor/binutils-gdb/blob/a6cab9afd2c81465265c8d09569e3e6ef43d2954/binutils/objdump.c#L4024)
--
You are receiving this mail because:
You are on the CC list for the bug.
___
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/21641] SEGV on unknown address in setup_sections
https://sourceware.org/bugzilla/show_bug.cgi?id=21641 --- Comment #1 from Alexandre Adamski --- Created attachment 10189 --> https://sourceware.org/bugzilla/attachment.cgi?id=10189&action=edit ad5b18e3ab2e99645d454bd218e7e425.4a145a99483654b79949d806705c075c.min -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/21641] SEGV on unknown address in setup_sections
https://sourceware.org/bugzilla/show_bug.cgi?id=21641 --- Comment #2 from Alexandre Adamski --- Created attachment 10190 --> https://sourceware.org/bugzilla/attachment.cgi?id=10190&action=edit ad5b18e3ab2e99645d454bd218e7e425.4a145a99483654b79949d806705c075c.txt -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
