[Bug binutils/23142] objcopy: SIGSEGV in is_strip_section
https://sourceware.org/bugzilla/show_bug.cgi?id=23142 Alan Modra changed: What|Removed |Added Status|UNCONFIRMED |ASSIGNED Last reconfirmed||2018-05-07 CC||amodra at gmail dot com Assignee|unassigned at sourceware dot org |amodra at gmail dot com Ever confirmed|0 |1 -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/23141] objcopy: SIGSEGV in bfd_elf_set_group_contents
https://sourceware.org/bugzilla/show_bug.cgi?id=23141 Alan Modra changed: What|Removed |Added Status|UNCONFIRMED |ASSIGNED Last reconfirmed||2018-05-07 Assignee|unassigned at sourceware dot org |amodra at gmail dot com Ever confirmed|0 |1 -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/23142] objcopy: SIGSEGV in is_strip_section
https://sourceware.org/bugzilla/show_bug.cgi?id=23142 --- Comment #4 from cvs-commit at gcc dot gnu.org --- The master branch has been updated by Alan Modra : https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ce4ec1a9b6c442a9feefa18dd8734372a718665c commit ce4ec1a9b6c442a9feefa18dd8734372a718665c Author: Alan Modra Date: Mon May 7 22:41:47 2018 +0930 Bug 23142, SIGSEGV in is_strip_section PR 23142 * objcopy.c (group_signature): Don't accept groups that use a symbol table other than the one we've read. -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/23142] objcopy: SIGSEGV in is_strip_section
https://sourceware.org/bugzilla/show_bug.cgi?id=23142 Alan Modra changed: What|Removed |Added Status|ASSIGNED|RESOLVED CC|amodra at gmail dot com| Resolution|--- |FIXED --- Comment #5 from Alan Modra --- Fixed -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/23147] New: Heap buffer overflow in pe_print_idata
https://sourceware.org/bugzilla/show_bug.cgi?id=23147 Bug ID: 23147 Summary: Heap buffer overflow in pe_print_idata Product: binutils Version: 2.31 (HEAD) Status: UNCONFIRMED Severity: normal Priority: P2 Component: binutils Assignee: unassigned at sourceware dot org Reporter: mgcho.minic at gmail dot com Target Milestone: --- Created attachment 10998 --> https://sourceware.org/bugzilla/attachment.cgi?id=10998&action=edit POC to trigger bug Triggered by "./objdump -x -W $POC" Tested on Ubuntu 16.04 (x86) Heap buffer overread occurred when processing malformed PE file. The GDB debugging information is as follows: ASAN output: ==26446==ERROR: AddressSanitizer: heap-buffer-overflow on address 0xb5e0207f at pc 0x08293f7a bp 0xbfc8e458 sp 0xbfc8e44c READ of size 1 at 0xb5e0207f thread T0 #0 0x8293f79 in bfd_getl32 /home/min/fuzzing/src/binutils/binutils-gdb/bfd/libbfd.c:635:23 #1 0x852550a in pe_print_idata /home/min/fuzzing/src/binutils/binutils-gdb/bfd/peigen.c:1544:31 #2 0x8523579 in _bfd_pe_print_private_bfd_data_common /home/min/fuzzing/src/binutils/binutils-gdb/bfd/peigen.c:2905:3 #3 0x84ed8f4 in pe_print_private_bfd_data /home/min/fuzzing/src/binutils/binutils-gdb/bfd/./peicode.h:336:8 #4 0x814737f in dump_bfd_private_header /home/min/fuzzing/src/binutils/binutils-gdb/binutils/./objdump.c:2996:3 #5 0x8145d10 in dump_bfd /home/min/fuzzing/src/binutils/binutils-gdb/binutils/./objdump.c:3589:5 #6 0x8145539 in display_object_bfd /home/min/fuzzing/src/binutils/binutils-gdb/binutils/./objdump.c:3688:7 #7 0x8145425 in display_any_bfd /home/min/fuzzing/src/binutils/binutils-gdb/binutils/./objdump.c:3777:5 #8 0x8144e8b in display_file /home/min/fuzzing/src/binutils/binutils-gdb/binutils/./objdump.c:3798:3 #9 0x814457b in main /home/min/fuzzing/src/binutils/binutils-gdb/binutils/./objdump.c:4100:6 #10 0xb74f4636 in __libc_start_main /build/glibc-mUak1Y/glibc-2.23/csu/../csu/libc-start.c:291 #11 0x806ca37 in _start (/home/min/fuzzing/program/binutils-2.30-21432/bin/objdump+0x806ca37) Credits: Mingi Cho and Taekyoung Kwon of the Information Security Lab, Yonsei University. -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/23148] New: Heap buffer overflow in pe_print_edata
https://sourceware.org/bugzilla/show_bug.cgi?id=23148 Bug ID: 23148 Summary: Heap buffer overflow in pe_print_edata Product: binutils Version: 2.31 (HEAD) Status: UNCONFIRMED Severity: normal Priority: P2 Component: binutils Assignee: unassigned at sourceware dot org Reporter: mgcho.minic at gmail dot com Target Milestone: --- Created attachment 10999 --> https://sourceware.org/bugzilla/attachment.cgi?id=10999&action=edit POC to trigger bug Triggered by "./objdump -x -W $POC" Tested on Ubuntu 16.04 (x86) Heap buffer overread occurred when processing malformed PE file. The GDB debugging information is as follows: ASAN output: ==25616==ERROR: AddressSanitizer: heap-buffer-overflow on address 0xb5000a34 at pc 0x08293f7a bp 0xbf8c66f8 sp 0xbf8c66ec READ of size 1 at 0xb5000a34 thread T0 #0 0x8293f79 in bfd_getl32 /home/min/fuzzing/src/binutils/binutils-gdb/bfd/libbfd.c:635:23 #1 0x8527434 in pe_print_edata /home/min/fuzzing/src/binutils/binutils-gdb/bfd/peigen.c:1705:22 #2 0x852359a in _bfd_pe_print_private_bfd_data_common /home/min/fuzzing/src/binutils/binutils-gdb/bfd/peigen.c:2906:3 #3 0x84ed8f4 in pe_print_private_bfd_data /home/min/fuzzing/src/binutils/binutils-gdb/bfd/./peicode.h:336:8 #4 0x814737f in dump_bfd_private_header /home/min/fuzzing/src/binutils/binutils-gdb/binutils/./objdump.c:2996:3 #5 0x8145d10 in dump_bfd /home/min/fuzzing/src/binutils/binutils-gdb/binutils/./objdump.c:3589:5 #6 0x8145539 in display_object_bfd /home/min/fuzzing/src/binutils/binutils-gdb/binutils/./objdump.c:3688:7 #7 0x8145425 in display_any_bfd /home/min/fuzzing/src/binutils/binutils-gdb/binutils/./objdump.c:3777:5 #8 0x8144e8b in display_file /home/min/fuzzing/src/binutils/binutils-gdb/binutils/./objdump.c:3798:3 #9 0x814457b in main /home/min/fuzzing/src/binutils/binutils-gdb/binutils/./objdump.c:4100:6 #10 0xb74c3636 in __libc_start_main /build/glibc-mUak1Y/glibc-2.23/csu/../csu/libc-start.c:291 #11 0x806ca37 in _start (/home/min/fuzzing/program/binutils-2.30-21432/bin/objdump+0x806ca37) Credits: Mingi Cho and Taekyoung Kwon of the Information Security Lab, Yonsei University. -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/22809] Segmentation fault in bfd_section_from_shdr
https://sourceware.org/bugzilla/show_bug.cgi?id=22809 --- Comment #4 from Mingi Cho --- Hi Nick, I have tested the bug in x86 Ubuntu system. When hdr->sh_size is 0x then malloc(hdr->sh_size +1) returns a valid pointer with small size at _bfd_elf_parse_attributes function and the bug is occurred after that. The proposed patch works on my system and fixes the problem. However, I got an error in _bfd_error_handler function during compilation time. Best regards, Mingi -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/23142] objcopy: SIGSEGV in is_strip_section
https://sourceware.org/bugzilla/show_bug.cgi?id=23142 --- Comment #6 from paolo.montesel at gmail dot com --- Can you help me get a CVE for that? On Mon, May 7, 2018 at 6:28 AM, amodra at gmail dot com wrote: > https://sourceware.org/bugzilla/show_bug.cgi?id=23142 > > Alan Modra changed: > >What|Removed |Added > > Status|ASSIGNED|RESOLVED > CC|amodra at gmail dot com| > Resolution|--- |FIXED > > --- Comment #5 from Alan Modra --- > Fixed > > -- > You are receiving this mail because: > You reported the bug. -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug ld/21342] two member access within null pointer
https://sourceware.org/bugzilla/show_bug.cgi?id=21342 Alan Modra changed: What|Removed |Added CC||paolo.montesel+sourceware@g ||mail.com --- Comment #11 from Alan Modra --- *** Bug 23143 has been marked as a duplicate of this bug. *** -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/23143] objcopy: SIGSEGV in htab_hash_string
https://sourceware.org/bugzilla/show_bug.cgi?id=23143 Alan Modra changed: What|Removed |Added Status|UNCONFIRMED |RESOLVED CC||amodra at gmail dot com Resolution|--- |DUPLICATE --- Comment #1 from Alan Modra --- Doesn't crash for me after applying pr21342 fix *** This bug has been marked as a duplicate of bug 21342 *** -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/23143] objcopy: SIGSEGV in htab_hash_string
https://sourceware.org/bugzilla/show_bug.cgi?id=23143 --- Comment #2 from Alan Modra --- *** This bug has been marked as a duplicate of bug 23142 *** -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/23142] objcopy: SIGSEGV in is_strip_section
https://sourceware.org/bugzilla/show_bug.cgi?id=23142 --- Comment #7 from Alan Modra --- *** Bug 23143 has been marked as a duplicate of this bug. *** -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug ld/21342] two member access within null pointer
https://sourceware.org/bugzilla/show_bug.cgi?id=21342 Alan Modra changed: What|Removed |Added CC||amodra at gmail dot com --- Comment #12 from Alan Modra --- Ignore last comment, I typoed the bug number -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/23144] strip-new/objcopy: SIGSEGV in group_signature
https://sourceware.org/bugzilla/show_bug.cgi?id=23144 Alan Modra changed: What|Removed |Added Status|UNCONFIRMED |RESOLVED CC||amodra at gmail dot com Resolution|--- |DUPLICATE --- Comment #1 from Alan Modra --- Doesn't crash for me after applying 23142 fix. *** This bug has been marked as a duplicate of bug 23142 *** -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/23142] objcopy: SIGSEGV in is_strip_section
https://sourceware.org/bugzilla/show_bug.cgi?id=23142 --- Comment #8 from Alan Modra --- *** Bug 23144 has been marked as a duplicate of this bug. *** -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
