[Bug binutils/30310] New: null pointer dereference at binutils/opcodes/nfp-dis.c:2691 in init_nfp6000_priv function
https://sourceware.org/bugzilla/show_bug.cgi?id=30310 Bug ID: 30310 Summary: null pointer dereference at binutils/opcodes/nfp-dis.c:2691 in init_nfp6000_priv function Product: binutils Version: 2.40 Status: UNCONFIRMED Severity: normal Priority: P2 Component: binutils Assignee: unassigned at sourceware dot org Reporter: youngseok.main at gmail dot com Target Milestone: --- Created attachment 14801 --> https://sourceware.org/bugzilla/attachment.cgi?id=14801&action=edit poc_file used in command input Our fuzzer found a new SEGV bug in the latest objdump build. *Command Input* objdump poc_file -S -m nf poc_file is attached. *Command Output* /home/youngseok/data/230327/asan_inter_30_30_shrink5_1_230308/objdump/4_id:33/poc_file: file format coff-sh BFD: error: /home/youngseok/data/230327/asan_inter_30_30_shrink5_1_230308/objdump/4_id:33/poc_file() is too large (0x1100 bytes) /home/youngseok/subjects/latest_asan_install/binutils/bin/objdump: Reading section failed because: file truncated Disassembly of section : 9f0408e8 <>: ASAN:DEADLYSIGNAL *Sanitizer Dump* ==26815==ERROR: AddressSanitizer: SEGV on unknown address 0x (pc 0x566b3bf5 bp 0x7fffd280 sp 0x7fffcfd0 T0) ==26815==The signal is caused by a READ memory access. ==26815==Hint: address points to the zero page. #0 0x566b3bf4 in init_nfp6000_priv /home/youngseok/subjects/latest_asan_sources/binutils/opcodes/nfp-dis.c:2691 #1 0x566b4423 in init_nfp_priv /home/youngseok/subjects/latest_asan_sources/binutils/opcodes/nfp-dis.c:2784 #2 0x566b4524 in _print_instrs /home/youngseok/subjects/latest_asan_sources/binutils/opcodes/nfp-dis.c:2801 #3 0x566b5562 in print_insn_nfp /home/youngseok/subjects/latest_asan_sources/binutils/opcodes/nfp-dis.c:2971 #4 0x5635f7df in disassemble_bytes objdump.c:3433 #5 0x5636302e in disassemble_section objdump.c:4050 #6 0x56857786 in bfd_map_over_sections /home/youngseok/subjects/latest_asan_sources/binutils/bfd/section.c:1366 #7 0x56363fff in disassemble_data objdump.c:4199 #8 0x5636ba74 in dump_bfd objdump.c:5683 #9 0x5636bd31 in display_object_bfd objdump.c:5744 #10 0x5636c07a in display_any_bfd objdump.c:5831 #11 0x5636c0f0 in display_file objdump.c:5852 #12 0x5636da7c in main objdump.c:6263 #13 0x76844c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86) #14 0x56351ad9 in _start (/home/youngseok/subjects/latest_asan_install/binutils/bin/objdump+0xdfdad9) *Environment* - OS: Ubuntu 18.04 - gcc: 7.5.0 - binutils: 2.40.50.20230404 binutils is built it address sanitizer. Here is the build script: CFLAGS="-fsanitize=address -g -O0" CXXFLAGS="-fsanitize=address -g -O0" \ ./configure --enable-targets=all -- You are receiving this mail because: You are on the CC list for the bug.
[Bug binutils/30311] New: [readelf] memory allocation failure (load_specific_debug_section readelf.c:16063)
https://sourceware.org/bugzilla/show_bug.cgi?id=30311 Bug ID: 30311 Summary: [readelf] memory allocation failure (load_specific_debug_section readelf.c:16063) Product: binutils Version: 2.40 Status: UNCONFIRMED Severity: normal Priority: P2 Component: binutils Assignee: unassigned at sourceware dot org Reporter: youngseok.main at gmail dot com Target Milestone: --- Created attachment 14802 --> https://sourceware.org/bugzilla/attachment.cgi?id=14802&action=edit poc_file used in command input Hi, our fuzzer found a memory allocation failure error in the latest readelf executable. *Command Input* readelf poc_file -w poc_file is attached. *Sanitizer Dump* ==29708==WARNING: AddressSanitizer failed to allocate 0xfffe000b bytes ==29708==AddressSanitizer's allocator is terminating the process instead of returning 0 ==29708==If you don't like this behavior set allocator_may_return_null=1 ==29708==AddressSanitizer CHECK failed: ../../../../src/libsanitizer/sanitizer_common/sanitizer_allocator.cc:218 "((0)) != (0)" (0x0, 0x0) #0 0x76f01bf2 (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xe9bf2) #1 0x76f20575 in __sanitizer::CheckFailed(char const*, int, char const*, unsigned long long, unsigned long long) (/usr/lib/x86_64-linux-gnu/libasan.so.4+0x108575) #2 0x76f07332 (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xef332) #3 0x76e3fe46 (/usr/lib/x86_64-linux-gnu/libasan.so.4+0x27e46) #4 0x76ef6b0a in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdeb0a) #5 0x5578aaf3 in xmalloc xmalloc.c:149 #6 0x556705b1 in uncompress_section_contents readelf.c:15276 #7 0x55674fd0 in load_specific_debug_section readelf.c:16063 #8 0x55675dc8 in display_debug_section readelf.c:16369 #9 0x55676321 in process_section_contents readelf.c:16471 #10 0x55693871 in process_object readelf.c:22574 #11 0x55695b03 in process_file readelf.c:22997 #12 0x55695f62 in main readelf.c:23068 #13 0x76a48c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86) #14 0x5561d749 in _start (/home/youngseok/subjects/latest_asan_install/binutils/bin/readelf+0xc9749) *Environment* - OS: Ubuntu 18.04 - gcc: 7.5.0 - binutils: 2.40.50.20230404 binutils is built it address sanitizer. Here is the build script: CFLAGS="-fsanitize=address -g -O0" CXXFLAGS="-fsanitize=address -g -O0" \ ./configure --enable-targets=all -- You are receiving this mail because: You are on the CC list for the bug.
[Bug binutils/30312] New: readelf: heap overflow (end_cu_tu_entry dwarf.c:10760)
https://sourceware.org/bugzilla/show_bug.cgi?id=30312 Bug ID: 30312 Summary: readelf: heap overflow (end_cu_tu_entry dwarf.c:10760) Product: binutils Version: 2.40 Status: UNCONFIRMED Severity: normal Priority: P2 Component: binutils Assignee: unassigned at sourceware dot org Reporter: youngseok.main at gmail dot com Target Milestone: --- Created attachment 14803 --> https://sourceware.org/bugzilla/attachment.cgi?id=14803&action=edit poc_file used in command input Our fuzzer found a heap overflow bug in the latest readelf executable. **Command Input** readelf poc_file -w poc_file is attached. **Command Output** readelf: Warning: Section 13 has an out of range sh_link value of 402653184 readelf: Warning: Section 24 has an out of range sh_link value of 92168 readelf: Error: no .dynamic section in the dynamic segment readelf: Warning: could not find separate debug file '' readelf: Warning: tried: /lib/debug/ readelf: Warning: tried: /usr/lib/debug/usr/ readelf: Warning: tried: /usr/lib/debug//home/youngseok/data/230327/asan_inter_30_30_shrink5_1_230308/readelf/5_id:026647// readelf: Warning: tried: /usr/lib/debug/ readelf: Warning: tried: /home/youngseok/data/230327/asan_inter_30_30_shrink5_1_230308/readelf/5_id:026647/.debug/ readelf: Warning: tried: /home/youngseok/data/230327/asan_inter_30_30_shrink5_1_230308/readelf/5_id:026647/ readelf: Warning: tried: .debug/ readelf: Warning: tried: readelf: Warning: could not find separate debug file '' readelf: Warning: tried: /lib/debug/ readelf: Warning: tried: /usr/lib/debug/usr/ readelf: Warning: tried: /usr/lib/debug//home/youngseok/data/230327/asan_inter_30_30_shrink5_1_230308/readelf/5_id:026647// readelf: Warning: tried: /usr/lib/debug/ readelf: Warning: tried: /home/youngseok/data/230327/asan_inter_30_30_shrink5_1_230308/readelf/5_id:026647/.debug/ readelf: Warning: tried: /home/youngseok/data/230327/asan_inter_30_30_shrink5_1_230308/readelf/5_id:026647/ readelf: Warning: tried: .debug/ readelf: Warning: tried: readelf: Warning: unable to open file '/home/youngseok/data/230327/asan_inter_30_30_shrink5_1_230308/readelf/5_id:026647/' referenced from .debug_sup section readelf: Warning: .note.gnu.build-id data size is too big **Sanitizer Dump** ==32229==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x602000b0 at pc 0x556eb4e1 bp 0x7fffda20 sp 0x7fffda10 WRITE of size 4 at 0x602000b0 thread T0 #0 0x556eb4e0 in end_cu_tu_entry dwarf.c:10760 #1 0x556ebfc2 in process_cu_tu_index dwarf.c:10876 #2 0x556edbdf in load_cu_tu_indexes dwarf.c:11128 #3 0x556edc49 in find_cu_tu_set dwarf.c:11146 #4 0x55675de1 in display_debug_section readelf.c:16373 #5 0x55676321 in process_section_contents readelf.c:16471 #6 0x55693871 in process_object readelf.c:22574 #7 0x55695b03 in process_file readelf.c:22997 #8 0x55695f62 in main readelf.c:23068 #9 0x76a48c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86) #10 0x5561d749 in _start (/home/youngseok/subjects/latest_asan_install/binutils/bin/readelf+0xc9749) **Environment** - OS: Ubuntu 18.04 - gcc: 7.5.0 - binutils: 2.40.50.20230404 binutils is built it address sanitizer. Here is the build script: CFLAGS="-fsanitize=address -g -O0" CXXFLAGS="-fsanitize=address -g -O0" \ ./configure --enable-targets=all -- You are receiving this mail because: You are on the CC list for the bug.
[Bug binutils/30313] New: readelf: memory allocation failure (display_debug_lines_decoded dwarf.c:5075)
https://sourceware.org/bugzilla/show_bug.cgi?id=30313 Bug ID: 30313 Summary: readelf: memory allocation failure (display_debug_lines_decoded dwarf.c:5075) Product: binutils Version: 2.40 Status: UNCONFIRMED Severity: normal Priority: P2 Component: binutils Assignee: unassigned at sourceware dot org Reporter: youngseok.main at gmail dot com Target Milestone: --- Created attachment 14804 --> https://sourceware.org/bugzilla/attachment.cgi?id=14804&action=edit poc_file used in command input Our fuzzer found a large allocation of 89281220608 bytes in the latest readelf executable. **Command Input** --deb=decodedline poc_file poc_file is attached. **Command Output** readelf: Warning: Section 2 has an out of range sh_link value of 66 readelf: Warning: Section 4 has an out of range sh_info value of 134513376 readelf: Warning: Section 11 has an out of range sh_link value of 2188640256 readelf: Warning: Section 13 has an out of range sh_link value of 2191261696 readelf: Warning: Section 14 has an out of range sh_link value of 237 readelf: Warning: Section 15 has an out of range sh_link value of 251 readelf: Warning: Section 24 has an out of range sh_link value of 1616928864 readelf: Warning: Section 24 has an out of range sh_info value of 1616928864 readelf: Warning: Section 25 has an out of range sh_link value of 1616928864 readelf: Warning: Section 25 has an out of range sh_info value of 1616922976 readelf: Error: Unable to find program interpreter name readelf: Warning: Corrupt debuglink section: readelf: Warning: Corrupt debuglink section: readelf: Warning: .debug_sup section is corrupt/empty readelf: Warning: .note.gnu.build-id section is corrupt/empty readelf: Warning: Section is too small to contain a CU/TU header readelf: Warning: Section is too small to contain a CU/TU header Contents of the .debug_line section: readelf: Warning: Only DWARF version 2, 3, 4 and 5 line info is currently supported. Contents of the .debug_line section: readelf: Warning: The length field (0x20) in the debug_line header is wrong - the section is too small Contents of the .debug_line section: readelf: Warning: The length field (0x1c) in the debug_line header is wrong - the section is too small Section '.debug_line' has no debugging data. Contents of the .debug_line section: readelf: Warning: Only DWARF version 2, 3, 4 and 5 line info is currently supported. Contents of the .debug_line section: readelf: Warning: Line range of 0 is invalid, using 1 instead readelf: Error: read LEB value is too large to store in destination variable **Sanitizer Dump** ==2131==AddressSanitizer CHECK failed: ../../../../src/libsanitizer/sanitizer_common/sanitizer_common.cc:118 "((0 && "unable to mmap")) != (0)" (0x0, 0x0) #0 0x76f01bf2 (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xe9bf2) #1 0x76f20575 in __sanitizer::CheckFailed(char const*, int, char const*, unsigned long long, unsigned long long) (/usr/lib/x86_64-linux-gnu/libasan.so.4+0x108575) #2 0x76f0b482 (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xf3482) #3 0x76f17895 (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xff895) #4 0x76e448f1 (/usr/lib/x86_64-linux-gnu/libasan.so.4+0x2c8f1) #5 0x76e3f04b (/usr/lib/x86_64-linux-gnu/libasan.so.4+0x2704b) #6 0x76ef6cf0 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdecf0) #7 0x5578ab57 in xcalloc xmalloc.c:164 #8 0x556b8a65 in display_debug_lines_decoded dwarf.c:5075 #9 0x556bd140 in display_debug_lines dwarf.c:5712 #10 0x55675e25 in display_debug_section readelf.c:16375 #11 0x55676321 in process_section_contents readelf.c:16471 #12 0x55693871 in process_object readelf.c:22574 #13 0x55695b03 in process_file readelf.c:22997 #14 0x55695f62 in main readelf.c:23068 #15 0x76a48c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86) #16 0x5561d749 in _start (/home/youngseok/subjects/latest_asan_install/binutils/bin/readelf+0xc9749) **Environment** - OS: Ubuntu 18.04 - gcc: 7.5.0 - binutils: 2.40.50.20230404 binutils is built it address sanitizer. Here is the build script: CFLAGS="-fsanitize=address -g -O0" CXXFLAGS="-fsanitize=address -g -O0" \ ./configure --enable-targets=all -- You are receiving this mail because: You are on the CC list for the bug.
Issue 57678 in oss-fuzz: binutils:fuzz_objdump_safe: Heap-use-after-free in filename_cmp
Updates: Labels: -restrict-view-commit Comment #2 on issue 57678 by sheriffbot: binutils:fuzz_objdump_safe: Heap-use-after-free in filename_cmp https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=57678#c2 This bug has been fixed. It has been opened to the public. - Your friendly Sheriffbot -- You received this message because: 1. You were specifically CC'd on the issue You may adjust your notification preferences at: https://bugs.chromium.org/hosting/settings Reply to this email to add a comment.
Issue 57643 in oss-fuzz: binutils:fuzz_objdump: Use-of-uninitialized-value in floatformat_to_double
Updates: Labels: -restrict-view-commit Comment #3 on issue 57643 by sheriffbot: binutils:fuzz_objdump: Use-of-uninitialized-value in floatformat_to_double https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=57643#c3 This bug has been fixed. It has been opened to the public. - Your friendly Sheriffbot -- You received this message because: 1. You were specifically CC'd on the issue You may adjust your notification preferences at: https://bugs.chromium.org/hosting/settings Reply to this email to add a comment.
Issue 57668 in oss-fuzz: binutils:fuzz_objdump_safe: Heap-use-after-free in pr_start_compilation_unit
Updates: Labels: -restrict-view-commit Comment #2 on issue 57668 by sheriffbot: binutils:fuzz_objdump_safe: Heap-use-after-free in pr_start_compilation_unit https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=57668#c2 This bug has been fixed. It has been opened to the public. - Your friendly Sheriffbot -- You received this message because: 1. You were specifically CC'd on the issue You may adjust your notification preferences at: https://bugs.chromium.org/hosting/settings Reply to this email to add a comment.
